El 28/1/21 a las 11:44, François Patte escribió:
Bonjour,
Since the last update of f32, rkhunter send a lot of warning (in spite
of the --propupd I run after each update...):
Warning: Checking for possible rootkit files and directories [ Warning ]
Found file '/lib/libkeyutils.so.1.9'. Possible rootkit:
Sniffer component
Found file '/lib64/libkeyutils.so.1.9'. Possible rootkit:
Sniffer component
Found file '/usr/lib/libkeyutils.so.1.9'. Possible rootkit:
Sniffer component
Found file '/usr/lib64/libkeyutils.so.1.9'. Possible rootkit:
Sniffer component
Warning: The following processes are using suspicious files:
Command: abrt-applet
UID: 2995 PID: 2663
Pathname: 24376
Possible Rootkit: Spam tool component
Command: abrtd
UID: 0 PID: 1580
Pathname: /usr/lib64/libkeyutils.so.1.9
Possible Rootkit: Spam tool component
---- TRIMMED
A simple google search shows:
https://bbs.archlinux.org/viewtopic.php?id=248420
and
https://bugs.archlinux.org/task/63369
It seems a problem against the name of libkeyutils.so.1.9. Perhaps must
report to rkhunter / fedora developers team.