port-i386: Chkrootkit 0.44

Subject: Chkrootkit 0.44
To: None <port-i386@netbsd.org>
From: Richard Ibbotson <richard@sheflug.co.uk>
List: port-i386
Date: 09/14/2004 15:10:32

Hi

Don't know if this is the right place to ask but thought I might try 
anyway.

I ran chkrootkit 0.44 on my i386 based NetBSD 1.62 machine today and 
found the following in the resulting logs...

Checking `init' ... not infected
Checking `killall' ... not found
Checking `ldsopreload' ... not tested
Checking `login' ... INFECTED
Checking `ls' ... not infected
Checking `lsof' ... not found


I think the question night be something like this.  Is this something 
that chkrootkit does with NetBSD 1.6.2 or is login really infected ? 
This is a net facing firewall box.  What to do if it really is infected 
?

Regards




Richard