On Fri, Jan 22, 2021 at 03:41:07PM +1030, Tim via users wrote: > On Thu, 2021-01-21 at 15:37 -0500, Jonathan Billings wrote: > > Apparently at some point in the past, there was a rootkit that > > installed a libkeyutils.so in the past. I whitelisted it in my > > config, but I suspect that the rkhunter upstream needs to fix their > > detection, > > You "whitelisted" a known problem file?! Surely that's the opposite of > what you'd want to do? (Examine it carefully, not ignore it.) I didn't do it right away, obviously. I made sure the package that owned the files was fine (reinstalling from upstream, checking GPG and RPM verification) and then went to look for others who had had the problem. I actually spoke on IRC with the author of the software too, who said it has happened in the past. (I have met him a couple times at conferences and collaborated with him on patches, so I believe him.) I agree that it is bad practice to just whitelist issues without research. In this case, I saw enough evidence that it was a false positive that I felt ok with whitelisting it. -- Jonathan Billings <billings@xxxxxxxxxx> _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
