Re: serious rkhunter warnings not seen before (by me). [SOLVED]

[not replying to any specific post] I patched my F32 work station several minutes ago.  The patching included rkhunter.  After the patching, the warnings about "libkeyutils.so.1.9" no longer occur. I consider this thread SOLVED. My thanks to the rkhunter and Fedora teams for the fix. Bill.

Re: serious rkhunter warnings not seen before (by me). [CLOSED]

On 22/1/21 22:53, Ed Greshko wrote: On 22/01/2021 19:40, George N. White III wrote: On Thu, 21 Jan 2021 at 21:04, Samuel Sieb > wrote:     On 1/21/21 5:00 PM, Stephen Morris wrote:     > On 22/1/21 10:18, Ed Greshko wrote:     >> FWIW, rkhunter has a history of occasiona

Re: serious rkhunter warnings not seen before (by me).

On Fri, Jan 22, 2021 at 03:41:07PM +1030, Tim via users wrote: > On Thu, 2021-01-21 at 15:37 -0500, Jonathan Billings wrote: > > Apparently at some point in the past, there was a rootkit that > > installed a libkeyutils.so in the past. I whitelisted it in my > > config, but I suspect that the rkhu

Re: serious rkhunter warnings not seen before (by me). [CLOSED]

On Fri, 22 Jan 2021 at 02:33, Stephen Morris wrote: > > Just on the topic of rkhunter, I've run the command rkhunter --check and > gotten a number of warnings. Among them were warnings about > /usr/bin/egrep, /usr/bin/fgrep, /usr/libexec/nm-ifdown and > /usr/libexec/nm-ifup having been replaced b

Re: serious rkhunter warnings not seen before (by me). [CLOSED]

On 22/01/2021 19:40, George N. White III wrote: On Thu, 21 Jan 2021 at 21:04, Samuel Sieb mailto:sam...@sieb.net>> wrote: On 1/21/21 5:00 PM, Stephen Morris wrote: > On 22/1/21 10:18, Ed Greshko wrote: >> FWIW, rkhunter has a history of occasional "false positives" as >> changes

Re: serious rkhunter warnings not seen before (by me). [CLOSED]

On Thu, 21 Jan 2021 at 21:04, Samuel Sieb wrote: > On 1/21/21 5:00 PM, Stephen Morris wrote: > > On 22/1/21 10:18, Ed Greshko wrote: > >> FWIW, rkhunter has a history of occasional "false positives" as > >> changes occur. > >> > >> A google search of the form > >> > >> rkhunter libkeyutils.so.1.9

Re: serious rkhunter warnings not seen before (by me). [CLOSED]

On 22/1/21 12:04, Samuel Sieb wrote: On 1/21/21 5:00 PM, Stephen Morris wrote: On 22/1/21 10:18, Ed Greshko wrote: FWIW, rkhunter has a history of occasional "false positives" as changes occur. A google search of the form rkhunter libkeyutils.so.1.9 site:bugzilla.redhat.com Hi Ed, I just ins

Re: serious rkhunter warnings not seen before (by me).

On Thu, 2021-01-21 at 15:37 -0500, Jonathan Billings wrote: > Apparently at some point in the past, there was a rootkit that > installed a libkeyutils.so in the past. I whitelisted it in my > config, but I suspect that the rkhunter upstream needs to fix their > detection, You "whitelisted" a know

Re: serious rkhunter warnings not seen before (by me). [CLOSED]

On 1/21/21 4:18 PM, Ed Greshko wrote: On 22/01/2021 04:51, home user wrote: On 1/21/21 1:32 PM, Colin J Thomson wrote: On Thursday, 21 January 2021 20:24:14 GMT home user wrote: > [... snip ...] Nothing serious, the bug report can be found here and a new rkhunter is in updates-testing for F

Re: serious rkhunter warnings not seen before (by me). [CLOSED]

On 1/21/21 5:00 PM, Stephen Morris wrote: On 22/1/21 10:18, Ed Greshko wrote: FWIW, rkhunter has a history of occasional "false positives" as changes occur. A google search of the form rkhunter libkeyutils.so.1.9 site:bugzilla.redhat.com Hi Ed, I just installed rkhunter and issued the command

Re: serious rkhunter warnings not seen before (by me). [CLOSED]

On 22/1/21 10:18, Ed Greshko wrote: On 22/01/2021 04:51, home user wrote: On 1/21/21 1:32 PM, Colin J Thomson wrote: On Thursday, 21 January 2021 20:24:14 GMT home user wrote: > [... snip ...] Nothing serious, the bug report can be found here and a new rkhunter is in updates-testing for F32

Re: serious rkhunter warnings not seen before (by me). [CLOSED]

On 22/01/2021 04:51, home user wrote: On 1/21/21 1:32 PM, Colin J Thomson wrote: On Thursday, 21 January 2021 20:24:14 GMT home user wrote: > [... snip ...] Nothing serious, the bug report can be found here and a new rkhunter is in updates-testing for F32/33/34 and fixes the warnings.. https:

Re: serious rkhunter warnings not seen before (by me). [CLOSED]

On 1/21/21 1:32 PM, Colin J Thomson wrote: On Thursday, 21 January 2021 20:24:14 GMT home user wrote: > [... snip ...] Nothing serious, the bug report can be found here and a new rkhunter is in updates-testing for F32/33/34 and fixes the warnings.. https://bugzilla.redhat.com/show_bug.cgi?id=1

Re: serious rkhunter warnings not seen before (by me).

On Thu, Jan 21, 2021 at 01:24:14PM -0700, home user wrote: > The first warning of concern is line #1470: > "[12:33:02] Checking for file '/lib/libkeyutils.so.1.9' [ Warning ] > [12:33:02] Checking for file '/lib64/libkeyutils.so.1.9' [ Warning ] > [12:33:02] Checking for file '/usr/li

Re: serious rkhunter warnings not seen before (by me).

Hi, On Thursday, 21 January 2021 20:24:14 GMT home user wrote: > I just finished doing my weekly patches for my F32 workstation. The > sequence (done as root): > 1. rkhunter --check > (clean) > 2. dnf --refresh upgrade dnf > (nothing to do) > 3. dnf upgrade > (no hint of trouble) > 4. reboot > (

serious rkhunter warnings not seen before (by me).

I just finished doing my weekly patches for my F32 workstation. The sequence (done as root): 1. rkhunter --check (clean) 2. dnf --refresh upgrade dnf (nothing to do) 3. dnf upgrade (no hint of trouble) 4. reboot (no hint of trouble) 5. rkhunter --check (trouble!) I put the rkhunter log file on