Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 694346

Summary: app-forensics/rkhunter-1.4.6-r1 with sys-apps/keyutils-1.6.1 - rkhunter: Found file '/lib64/libkeyutils.so.1.9'. Possible rootkit: Sniffer component
Product: Gentoo Linux Reporter: Alex Efros <powerman-asdf>
Component: Current packagesAssignee: No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it <maintainer-needed>
Status: UNCONFIRMED ---    
Severity: normal CC: sam, todd
Priority: Normal Keywords: UPSTREAM
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Alex Efros 2019-09-14 08:58:58 UTC
After updating from sys-apps/keyutils-1.5.9-r4 to 1.6.1:

# cat /var/log/rkhunter.log
...
[08:42:37]     Checking for file '/lib64/libkeyutils.so.1.9' [ Warning ]
...
[08:42:41] Warning: Checking for possible rootkit files and directories [ Warning ]
[08:42:41]          Found file '/lib64/libkeyutils.so.1.9'. Possible rootkit: Sniffer component
...

Virustotal says file clean, so may be false positive.
Comment 1 Todd Walter 2021-07-22 13:35:47 UTC
Rkhunter bug 170 - marked as fixed in next release.(Feb 7, 2021) but 1.4.6 still appears to be current.