On 8/20/19 5:58 AM, Oliver Jaksch via arch-general wrote: > On Tuesday, 20 August 2019, 10:15:58 CEST you wrote: >> Am 20.08.19 um 10:00 schrieb Filipe Laíns via arch-general: >>> On Tue, 2019-08-20 at 08:33 +0200, Oliver Jaksch via arch-general wrote: >>>> I let rkhunter running around once a week. There were nothing since many >>>> months. But today it's report complains about */lib64/libkeyutils.so.1.9* >>>> and therefore other tools they're (seems to be) using this SO. >> >> ... >> >>> No, those libraries are used for key manipulation, that's why rkhunter >>> thinks that they might be sniffer. >> >> In this particular case the filename was apparently used by a rootkit in >> 2013 and it was blacklisted. Now the legitimate owner of the >> libkeyutils filenames has reached the blacklisted version number. I >> don't know which of the two possibilities it is in your case. >> >> https://bugs.archlinux.org/task/63369 >> https://www.webhostingtalk.com/showthread.php?t=1235797 > > Thanks to all. I think the URLs Filipe has posted are the most expressive > part. Let's hope that this really is a false alarm coming from the past. > - > Oliver > If you're in doubt, you can also try chkrootkit. When dealing with potential false positives, it sometimes helps to try more than one tool. -- brent saner https://square-r00t.net/ GPG info: https://square-r00t.net/gpg-info
Attachment:
signature.asc
Description: OpenPGP digital signature
