Chkrootkit 0.46 Problem
October 30, 2005 Posted by KP
Cordeiro posted the following message on the FreeBSD security list. I didn’t test it (I don’t have testing server).
…don’t use chkrootkit 0.46 on production machines.
The “chkproc” process sends a SIGXFSZ (25) signal to init,
that interprets this signal as a “disaster” and reboots
after a 30s sleep.
I tested chkrootkit(0.45) and Rootkit Hunter before. I prefer Rootkit Hunter.
Related Posts:
Filed Under: Security
December 29th, 2005 at 10:06 am
Just thought I’d mention that this problem does not appear to affect FreeBSD 6, as I used this version of chkrootkit before reading this — the system did not restart.
rkhunter does seem nicer, though. I don’t think it can hurt to check with both if you’re able.
December 29th, 2005 at 1:57 pm
Thanks for the info, Jason.
I agree with you, no rootkit program covers all checking of anther one, it’s only better to use both.