Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 694346 - app-forensics/rkhunter-1.4.6-r1 with sys-apps/keyutils-1.6.1 - rkhunter: Found file '/lib64/libkeyutils.so.1.9'. Possible rootkit: Sniffer component
Summary: app-forensics/rkhunter-1.4.6-r1 with sys-apps/keyutils-1.6.1 - rkhunter: Foun...
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Michael Palimaka (kensington)
URL:
Whiteboard:
Keywords: UPSTREAM
Depends on:
Blocks:
 
Reported: 2019-09-14 08:58 UTC by Alex Efros
Modified: 2021-07-22 16:49 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Efros 2019-09-14 08:58:58 UTC
After updating from sys-apps/keyutils-1.5.9-r4 to 1.6.1:

# cat /var/log/rkhunter.log
...
[08:42:37]     Checking for file '/lib64/libkeyutils.so.1.9' [ Warning ]
...
[08:42:41] Warning: Checking for possible rootkit files and directories [ Warning ]
[08:42:41]          Found file '/lib64/libkeyutils.so.1.9'. Possible rootkit: Sniffer component
...

Virustotal says file clean, so may be false positive.
Comment 1 Todd Walter 2021-07-22 13:35:47 UTC
Rkhunter bug 170 - marked as fixed in next release.(Feb 7, 2021) but 1.4.6 still appears to be current.