Subject: ports chkrootkit wrongly says login is INFECTED
To: None <email@example.com>
From: None <firstname.lastname@example.org>
Date: 02/18/2005 15:37:27
I'm relatively sure it's not.
Someone mind sanity checking this?
SHA1 (/usr/bin/login) = 227f69df03ad128d16caf811a85824fe65c29588
NetBSD genus 2.0 NetBSD 2.0 (GENERIC) #0: Wed Dec 1 10:58:25 UTC 2004
A couple of quick questions on that note.
Any recommended ways of running chkrootkit? I'm thinking of putting
if [ -x /usr/pkg/bin/chkrootkit ]; then
in /etc/security.local ala audit-packages.
Clearly it'd be better to put a CDROM (live netbsd cd maybe) in there and
run from there but this is better than nothing.
Barring that, how much added security could I get from using chflags to
add schg to all the chkrootkit files?
I'm pretty new to NetBSD, so does this a sound like reasonable approach?