netbsd-users: ports chkrootkit wrongly says login is INFECTED

Subject: ports chkrootkit wrongly says login is INFECTED
To: None <netbsd-users@netbsd.org>
From: None <buce@denebx.net>
List: netbsd-users
Date: 02/18/2005 15:37:27

I'm relatively sure it's not.

Someone mind sanity checking this?

SHA1 (/usr/bin/login) = 227f69df03ad128d16caf811a85824fe65c29588

NetBSD genus 2.0 NetBSD 2.0 (GENERIC) #0: Wed Dec  1 10:58:25 UTC 2004 
builds@build:/big/builds/ab/netbsd-2-0-RELEASE/i386/200411300000Z-obj/big/builds/ab/netbsd-2-0-RELEASE/src/sys/arch/i386/compile/GENERIC
i386

A couple of quick questions on that note.

Any recommended ways of running chkrootkit? I'm thinking of putting

 if [ -x /usr/pkg/bin/chkrootkit ]; then
         /usr/pkg/bin/chkrootkit -q
 fi

in /etc/security.local ala audit-packages.

Clearly it'd be better to put a CDROM (live netbsd cd maybe) in there and
run from there but this is better than nothing.

Barring that, how much added security could I get from using chflags to
add schg to all the chkrootkit files?

I'm pretty new to NetBSD, so does this a  sound like reasonable approach?

Thanks,

Nate