Re: rkhunter found possible rootkit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tuesday, 20 August 2019, 10:15:58 CEST you wrote:
> Am 20.08.19 um 10:00 schrieb Filipe Laíns via arch-general:
> > On Tue, 2019-08-20 at 08:33 +0200, Oliver Jaksch via arch-general wrote:
> >> I let rkhunter running around once a week. There were nothing since many
> >> months. But today it's report complains about */lib64/libkeyutils.so.1.9*
> >> and therefore other tools they're (seems to be) using this SO.
> 
> ...
> 
> > No, those libraries are used for key manipulation, that's why rkhunter
> > thinks that they might be sniffer.
> 
> In this particular case the filename was apparently used by a rootkit in
>  2013 and it was blacklisted. Now the legitimate owner of the
> libkeyutils filenames has reached the blacklisted version number. I
> don't know which of the two possibilities it is in your case.
> 
> https://bugs.archlinux.org/task/63369
> https://www.webhostingtalk.com/showthread.php?t=1235797

Thanks to all. I think the URLs Filipe has posted are the most expressive 
part. Let's hope that this really is a false alarm coming from the past.
-
Oliver




[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux