« MySQL Log File | Main | No. 1 Keyword Referrer "phpBB Hack" »
October 30, 2005
Chkrootkit 0.46 Problem
Cordeiro posted the following message on the FreeBSD security list. I didn't test it (I don't have testing server).
...don't use chkrootkit 0.46 on production machines. The "chkproc" process sends a SIGXFSZ (25) signal to init, that interprets this signal as a "disaster" and reboots after a 30s sleep.
I tested chkrootkit(0.45) and Rootkit Hunter before. I prefer Rootkit Hunter.
Category : Security
Posted by FreeBSD Newbie at October 30, 2005 09:22 PM
Comments
Just thought I'd mention that this problem does not appear to affect FreeBSD 6, as I used this version of chkrootkit before reading this -- the system did not restart. :)
rkhunter does seem nicer, though. I don't think it can hurt to check with both if you're able.
Posted by Jason at December 29, 2005 10:06 AM
Thanks for the info, Jason.
I agree with you, no rootkit program covers all checking of anther one, it's only better to use both.
Posted by FreeBSD Newbie at December 29, 2005 01:57 PM