Are these rkhunter warnings serious?

["Lester M Petrie" <lmpetri@xxxxxxxxxxx>]

Hi,

I am running KDE in Fedora 33. With some fairly recent update, I have started seeing the following warnings from rkhunter. They mostly seem tied to kde components.

[13:19:12] Warning: Checking for possible rootkit files and directories [ Warning ]
[13:19:12]          Found file '/lib/libkeyutils.so.1.9'. Possible rootkit: Sniffer component
[13:19:12]          Found file '/lib64/libkeyutils.so.1.9'. Possible rootkit: Sniffer component
[13:19:12]          Found file '/usr/lib/libkeyutils.so.1.9'. Possible rootkit: Sniffer component
[13:19:12]          Found file '/usr/lib64/libkeyutils.so.1.9'. Possible rootkit: Sniffer component
[13:19:12]

Warning: The following processes are using suspicious files:
         Command: abrt-applet
           UID: 1000    PID: 2505
           Pathname: 
           Possible Rootkit: Spam tool component
         Command: abrt-applet
           UID: 2610    PID: 2505
           Pathname: 3604249
           Possible Rootkit: Spam tool component
         Command: abrt-applet
           UID: 2611    PID: 2505
           Pathname: 3604249
           Possible Rootkit: Spam tool component
         Command: abrt-applet
           UID: 2620    PID: 2505
           Pathname: 3604249
           Possible Rootkit: Spam tool component
         Command: abrtd
           UID: 0    PID: 958
           Pathname: 
           Possible Rootkit: Spam tool component
         Command: abrtd
           UID: 990    PID: 958
           Pathname: 3604249
           Possible Rootkit: Spam tool component
         Command: abrtd
           UID: 992    PID: 958
           Pathname: 3604249
           Possible Rootkit: Spam tool component
         Command: abrt-dbus
           UID: 0    PID: 2614
           Pathname: 
           Possible Rootkit: Spam tool component
         Command: abrt-dbus
           UID: 2617    PID: 2614
           Pathname: 3604249
           Possible Rootkit: Spam tool component
         Command: abrt-dbus
           UID: 2618    PID: 2614
           Pathname: 3604249
           Possible Rootkit: Spam tool component
         Command: abrt-dump-journ
           UID: 0    PID: 993
           Pathname: 
           Possible Rootkit: Spam tool component
         Command: abrt-dump-journ
           UID: 0    PID: 994
           Pathname: 
           Possible Rootkit: Spam tool component
         Command: abrt-dump-journ
           UID: 0    PID: 995
           Pathname: 
           Possible Rootkit: Spam tool component
         Command: akonadi_akonote
           UID: 1000    PID: 2915
           Pathname: 
           Possible Rootkit: Spam tool component
         Command: akonadi_akonote
           UID: 2929    PID: 2915
           Pathname: 3604249
           Possible Rootkit: Spam tool component

            ...   many,many more entries

         Command: sssd
           UID: 0    PID: 924
           Pathname: 
           Possible Rootkit: Spam tool component
         Command: sssd_be
           UID: 0    PID: 1015
           Pathname: 
           Possible Rootkit: Spam tool component
         Command: sssd_nss
           UID: 0    PID: 1058
           Pathname: 
           Possible Rootkit: Spam tool component
         Command: trivial-rewrite
           UID: 89    PID: 402543
           Pathname: 
           Possible Rootkit: Spam tool component

This seems to have been introduced sometime between Jan 3 and Jan 8.

-- 
Lester
_______________________________________________
kde mailing list -- kde@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to kde-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/kde@xxxxxxxxxxxxxxxxxxxxxxx