On Thu, Jan 21, 2021 at 01:24:14PM -0700, home user wrote: > The first warning of concern is line #1470: > "[12:33:02] Checking for file '/lib/libkeyutils.so.1.9' [ Warning ] > [12:33:02] Checking for file '/lib64/libkeyutils.so.1.9' [ Warning ] > [12:33:02] Checking for file '/usr/lib/libkeyutils.so.1.9' [ Warning ] > [12:33:02] Checking for file '/usr/lib64/libkeyutils.so.1.9' [ Warning > ]".
I saw this as well. Those are part of the 'keyutils-libs' package. I certainly panicked when I saw this too, but as far as I could tell, the files themselves were all ok and part of a Fedora package. Apparently at some point in the past, there was a rootkit that installed a libkeyutils.so in the past. I whitelisted it in my config, but I suspect that the rkhunter upstream needs to fix their detection, I think the keyutils libraries are included in a lot of modern projects so I expect more people are going to see it. It seems to trigger off just the existence and not some sort of hash of the file. -- Jonathan Billings <billi...@negate.org> _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
