Subject: ports chkrootkit wrongly says login is INFECTED
To: None <>
From: None <>
List: netbsd-users
Date: 02/18/2005 15:37:27
I'm relatively sure it's not.

Someone mind sanity checking this?

SHA1 (/usr/bin/login) = 227f69df03ad128d16caf811a85824fe65c29588

NetBSD genus 2.0 NetBSD 2.0 (GENERIC) #0: Wed Dec  1 10:58:25 UTC 2004 

A couple of quick questions on that note.

Any recommended ways of running chkrootkit? I'm thinking of putting

 if [ -x /usr/pkg/bin/chkrootkit ]; then
         /usr/pkg/bin/chkrootkit -q

in /etc/security.local ala audit-packages.

Clearly it'd be better to put a CDROM (live netbsd cd maybe) in there and
run from there but this is better than nothing.

Barring that, how much added security could I get from using chflags to
add schg to all the chkrootkit files?

I'm pretty new to NetBSD, so does this a  sound like reasonable approach?