Bonjour,Since the last update of f32, rkhunter send a lot of warning (in spite of the --propupd I run after each update...):
Warning: Checking for possible rootkit files and directories [ Warning ]Found file '/lib/libkeyutils.so.1.9'. Possible rootkit: Sniffer component Found file '/lib64/libkeyutils.so.1.9'. Possible rootkit: Sniffer component Found file '/usr/lib/libkeyutils.so.1.9'. Possible rootkit: Sniffer component Found file '/usr/lib64/libkeyutils.so.1.9'. Possible rootkit: Sniffer component
Warning: The following processes are using suspicious files: Command: abrt-applet UID: 2995 PID: 2663 Pathname: 24376 Possible Rootkit: Spam tool component Command: abrtd UID: 0 PID: 1580 Pathname: /usr/lib64/libkeyutils.so.1.9 Possible Rootkit: Spam tool component Command: abrt-dbus UID: 0 PID: 3087 Pathname: /usr/lib64/libkeyutils.so.1.9 Possible Rootkit: Spam tool component Command: abrt-dump-journ UID: 0 PID: 1629 Pathname: /usr/lib64/libkeyutils.so.1.9 Possible Rootkit: Spam tool component Command: auditd UID: 0 PID: 1386 Pathname: /usr/lib64/libkeyutils.so.1.9 Possible Rootkit: Spam tool componentCommand: chrome<-----------------this one repeated several times--------->
UID: 11750 PID: 11749 Pathname: 24376 Possible Rootkit: Spam tool component Command: cleanupd UID: 0 PID: 2062 Pathname: /usr/lib64/libkeyutils.so.1.9 Possible Rootkit: Spam tool component Command: cupsd UID: 0 PID: 1525 Pathname: /usr/lib64/libkeyutils.so.1.9 Possible Rootkit: Spam tool component Command: dnfdragora-upda UID: 3025 PID: 2621 Pathname: /usr/lib64/libkeyutils.so.1.9 Possible Rootkit: Spam tool component Command: evolution-addre UID: 3025 PID: 3168 Pathname: /usr/lib64/libkeyutils.so.1.9 Possible Rootkit: Spam tool component Command: evolution-alarm UID: 3007 PID: 2571 Pathname: 24376 Possible Rootkit: Spam tool component etc. etc. chkrootkit does not teturn any problem... What is the problem? Thank you. -- François Patte UFR de mathématiques et informatique Laboratoire CNRS MAP5, UMR 8145 Université Paris Descartes 45, rue des Saints Pères F-75270 Paris Cedex 06 Tél. +33 (0)6 7892 5822 http://www.math-info.univ-paris5.fr/~patte FSF https://www.fsf.org/blogs/community/presenting-shoetool-happy-holidays-from-the-fsf
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx