Re: rkhunter warnings

> On Thursday, 28 January 2021 10:44:09 GMT François Patte wrote: > > > > https://bugzilla.redhat.com/show_bug.cgi?id=1914662 > > rkhunter-1.4.6-10 fixes this and according to bodhi it should be in the > stable > repo now for F32 I confirm this. I patched my F32 work station several minutes

Re: serious rkhunter warnings not seen before (by me). [SOLVED]

[not replying to any specific post] I patched my F32 work station several minutes ago.  The patching included rkhunter.  After the patching, the warnings about "libkeyutils.so.1.9" no longer occur. I consider this thread SOLVED. My thanks to the rkhunter and Fedora teams for the fix. Bill.

Re: rkhunter warnings

On Thu, 28 Jan 2021 at 06:44, François Patte < francois.pa...@mi.parisdescartes.fr> wrote: > Bonjour, > > Since the last update of f32, rkhunter send a lot of warning (in spite > of the --propupd I run after each update...): > > Warning: Checking for possible rootkit files and directories [ Warnin

Re: rkhunter warnings

On Thursday, 28 January 2021 10:44:09 GMT François Patte wrote: > Bonjour, > > Since the last update of f32, rkhunter send a lot of warning (in spite > of the --propupd I run after each update...): > > Warning: Checking for possible rootkit files and directories [ Warning ] > Found file

Re: rkhunter warnings

El 28/1/21 a las 11:44, François Patte escribió: Bonjour, Since the last update of f32, rkhunter send a lot of warning (in spite of the --propupd I run after each update...): Warning: Checking for possible rootkit files and directories [ Warning ] Found file '/lib/libkeyutils.so.1.9'

rkhunter warnings

Bonjour, Since the last update of f32, rkhunter send a lot of warning (in spite of the --propupd I run after each update...): Warning: Checking for possible rootkit files and directories [ Warning ] Found file '/lib/libkeyutils.so.1.9'. Possible rootkit: Sniffer component Fo

Re: serious rkhunter warnings not seen before (by me). [CLOSED]

On 22/1/21 22:53, Ed Greshko wrote: On 22/01/2021 19:40, George N. White III wrote: On Thu, 21 Jan 2021 at 21:04, Samuel Sieb > wrote:     On 1/21/21 5:00 PM, Stephen Morris wrote:     > On 22/1/21 10:18, Ed Greshko wrote:     >> FWIW, rkhunter has a history of occasiona

Re: serious rkhunter warnings not seen before (by me).

On Fri, Jan 22, 2021 at 03:41:07PM +1030, Tim via users wrote: > On Thu, 2021-01-21 at 15:37 -0500, Jonathan Billings wrote: > > Apparently at some point in the past, there was a rootkit that > > installed a libkeyutils.so in the past. I whitelisted it in my > > config, but I suspect that the rkhu

Re: serious rkhunter warnings not seen before (by me). [CLOSED]

On Fri, 22 Jan 2021 at 02:33, Stephen Morris wrote: > > Just on the topic of rkhunter, I've run the command rkhunter --check and > gotten a number of warnings. Among them were warnings about > /usr/bin/egrep, /usr/bin/fgrep, /usr/libexec/nm-ifdown and > /usr/libexec/nm-ifup having been replaced b

Re: serious rkhunter warnings not seen before (by me). [CLOSED]

On 22/01/2021 19:40, George N. White III wrote: On Thu, 21 Jan 2021 at 21:04, Samuel Sieb mailto:sam...@sieb.net>> wrote: On 1/21/21 5:00 PM, Stephen Morris wrote: > On 22/1/21 10:18, Ed Greshko wrote: >> FWIW, rkhunter has a history of occasional "false positives" as >> changes

Re: serious rkhunter warnings not seen before (by me). [CLOSED]

On Thu, 21 Jan 2021 at 21:04, Samuel Sieb wrote: > On 1/21/21 5:00 PM, Stephen Morris wrote: > > On 22/1/21 10:18, Ed Greshko wrote: > >> FWIW, rkhunter has a history of occasional "false positives" as > >> changes occur. > >> > >> A google search of the form > >> > >> rkhunter libkeyutils.so.1.9

Re: serious rkhunter warnings not seen before (by me). [CLOSED]

On 22/1/21 12:04, Samuel Sieb wrote: On 1/21/21 5:00 PM, Stephen Morris wrote: On 22/1/21 10:18, Ed Greshko wrote: FWIW, rkhunter has a history of occasional "false positives" as changes occur. A google search of the form rkhunter libkeyutils.so.1.9 site:bugzilla.redhat.com Hi Ed, I just ins

Re: serious rkhunter warnings not seen before (by me).

On Thu, 2021-01-21 at 15:37 -0500, Jonathan Billings wrote: > Apparently at some point in the past, there was a rootkit that > installed a libkeyutils.so in the past. I whitelisted it in my > config, but I suspect that the rkhunter upstream needs to fix their > detection, You "whitelisted" a know

Re: serious rkhunter warnings not seen before (by me). [CLOSED]

On 1/21/21 4:18 PM, Ed Greshko wrote: On 22/01/2021 04:51, home user wrote: On 1/21/21 1:32 PM, Colin J Thomson wrote: On Thursday, 21 January 2021 20:24:14 GMT home user wrote: > [... snip ...] Nothing serious, the bug report can be found here and a new rkhunter is in updates-testing for F

Re: serious rkhunter warnings not seen before (by me). [CLOSED]

On 1/21/21 5:00 PM, Stephen Morris wrote: On 22/1/21 10:18, Ed Greshko wrote: FWIW, rkhunter has a history of occasional "false positives" as changes occur. A google search of the form rkhunter libkeyutils.so.1.9 site:bugzilla.redhat.com Hi Ed, I just installed rkhunter and issued the command

Re: serious rkhunter warnings not seen before (by me). [CLOSED]

On 22/1/21 10:18, Ed Greshko wrote: On 22/01/2021 04:51, home user wrote: On 1/21/21 1:32 PM, Colin J Thomson wrote: On Thursday, 21 January 2021 20:24:14 GMT home user wrote: > [... snip ...] Nothing serious, the bug report can be found here and a new rkhunter is in updates-testing for F32

Re: serious rkhunter warnings not seen before (by me). [CLOSED]

On 22/01/2021 04:51, home user wrote: On 1/21/21 1:32 PM, Colin J Thomson wrote: On Thursday, 21 January 2021 20:24:14 GMT home user wrote: > [... snip ...] Nothing serious, the bug report can be found here and a new rkhunter is in updates-testing for F32/33/34 and fixes the warnings.. https:

Re: serious rkhunter warnings not seen before (by me). [CLOSED]

On 1/21/21 1:32 PM, Colin J Thomson wrote: On Thursday, 21 January 2021 20:24:14 GMT home user wrote: > [... snip ...] Nothing serious, the bug report can be found here and a new rkhunter is in updates-testing for F32/33/34 and fixes the warnings.. https://bugzilla.redhat.com/show_bug.cgi?id=1

Re: serious rkhunter warnings not seen before (by me).

On Thu, Jan 21, 2021 at 01:24:14PM -0700, home user wrote: > The first warning of concern is line #1470: > "[12:33:02] Checking for file '/lib/libkeyutils.so.1.9' [ Warning ] > [12:33:02] Checking for file '/lib64/libkeyutils.so.1.9' [ Warning ] > [12:33:02] Checking for file '/usr/li

Re: serious rkhunter warnings not seen before (by me).

Hi, On Thursday, 21 January 2021 20:24:14 GMT home user wrote: > I just finished doing my weekly patches for my F32 workstation. The > sequence (done as root): > 1. rkhunter --check > (clean) > 2. dnf --refresh upgrade dnf > (nothing to do) > 3. dnf upgrade > (no hint of trouble) > 4. reboot > (

serious rkhunter warnings not seen before (by me).

I just finished doing my weekly patches for my F32 workstation. The sequence (done as root): 1. rkhunter --check (clean) 2. dnf --refresh upgrade dnf (nothing to do) 3. dnf upgrade (no hint of trouble) 4. reboot (no hint of trouble) 5. rkhunter --check (trouble!) I put the rkhunter log file on

Re: rkhunter warnings, maybe yum issues? [CLOSED]

> Good evening, > > I don't know if these are properly rkhunter questions, yum questions, or F-20 questions, > so I'm posting to both lists. > > Last Monday, I updated my 64-bit system from Fedora-19 to Fedora-20. Several minutes ago, > I updated Fedora-20 by doing "yum update". I then did "r

Re: rkhunter warnings, maybe yum issues?

It's been one of those weeks; my apologies for the long delay in answering. > > Michael asks: > > > > > Could you give an example showing the queries you've performed? > > > > > > "whereis" looks for files available on the file-system in various paths. > > > "rpm" only covers files included

Re: rkhunter warnings, maybe yum issues?

On Sun, 02 Feb 2014 20:27:43 -0500, William wrote: > Michael asks: > > > Could you give an example showing the queries you've performed? > > > > "whereis" looks for files available on the file-system in various paths. > > "rpm" only covers files included in installed RPM packages as tracked b

Re: rkhunter warnings, maybe yum issues?

Michael asks: > Could you give an example showing the queries you've performed? > > "whereis" looks for files available on the file-system in various paths. > "rpm" only covers files included in installed RPM packages as tracked by > the local RPM database. I'll show rkhunter log entries, "rpm -

Re: rkhunter warnings, maybe yum issues?

On Sat, 2014-02-01 at 22:11 -0500, William wrote: > > John asks: > > So what happened when you ran 'rpm -V ...'? It will probably show that > > the package has changed in some way. > > I checked several. In every case, it says "package [whatever] is not > installed"! (But I checked, and the p

Re: rkhunter warnings, maybe yum issues?

On Sat, 01 Feb 2014 22:11:41 -0500, William wrote: > But I remain > puzzled that rpm doesn't find packages that "whereis" finds in the > places that rkhunter has rpm looking. Could you give an example showing the queries you've performed? "whereis" looks for files available on the file-system

Re: rkhunter warnings, maybe yum issues?

Frank asks: > What is your yum update schedule? I run "yum update" manually every Wednesday evening. Ed says: > See... > http://www.freedesktop.org/software/systemd/man/systemd-readahead-replay.service.html ok. Thank-you, Ed. But "/" seems like a strange place to put that file. It can s

Re: rkhunter warnings, maybe yum issues?

On Wed, 29 Jan 2014 20:17:06 -0500, William wrote: > 3. Since updating to F-20, I'm seeing this warning: > > [18:56:18] > [18:56:18] Checking for GasKit Rootkit... > [18:56:18] Checking for file '/dev/dev/gaskit/sshd/sshdd' [ Not found ] > [18:56:18] Checking for directory '/dev/dev'

Re: rkhunter warnings, maybe yum issues?

On Thu, 2014-01-30 at 17:11 -0800, William Mattison wrote: > > John says (regarding "rpm -qf --queryformat..." error codes) > > This means that when rkhunter (RKH) uses the 'rpm' command to check a > > package it is getting an error back. All it can do is log the problem. > > If you run something l

Re: rkhunter warnings, maybe yum issues?

On Thu, 30 Jan 2014 17:11:40 -0800 (PST) William Mattison wrote: > "prelink -qa" fixes things only until the next yum update.  Should > yum do a "prelink -qa" at the end of each update? but if you cd /etc/cron.daily/ you will see prelink is above rkhunter which means (in theory) rkhunter should

Re: rkhunter warnings, maybe yum issues?

On 01/31/14 09:11, William Mattison wrote: > Joe says: > >> If it helps, I don't have either a /dev/dev or a /root/.readahead. >> However, I'm running F19 on my desktop, with Xfce, although I never use >> a GUI as root. I also don't have rkhunter installed, so that might be >> significant. > Th

Re: rkhunter warnings, maybe yum issues?

Joe says: > If it helps, I don't have either a /dev/dev or a /root/.readahead. > However, I'm running F19 on my desktop, with Xfce, although I never use > a GUI as root.  I also don't have rkhunter installed, so that might be > significant. The file is not "/root/.readahead".  The mystery file

Re: rkhunter warnings, maybe yum issues?

On Wed, 2014-01-29 at 20:17 -0500, William wrote: > > I don't know if these are properly rkhunter questions, yum questions, or > F-20 questions, so I'm posting to both lists. > > Last Monday, I updated my 64-bit system from Fedora-19 to Fedora-20. > Several minutes ago, I updated Fedora-20 by

Re: rkhunter warnings, maybe yum issues?

On Wed, 29 Jan 2014 20:17:06 -0500 William wrote: > Good evening, > > I don't know if these are properly rkhunter questions, yum questions, > or F-20 questions, so I'm posting to both lists. > > Last Monday, I updated my 64-bit system from Fedora-19 to Fedora-20. > Several minutes ago, I update

Re: rkhunter warnings, maybe yum issues?

On 01/29/2014 05:17 PM, William wrote: Do I have a security problem? What are "/dev/dev/resume" and "/.readahead"? If it helps, I don't have either a /dev/dev or a /root/.readahead. However, I'm running F19 on my desktop, with Xfce, although I never use a GUI as root. I also don't have rkh

rkhunter warnings, maybe yum issues?

Good evening, I don't know if these are properly rkhunter questions, yum questions, or F-20 questions, so I'm posting to both lists. Last Monday, I updated my 64-bit system from Fedora-19 to Fedora-20. Several minutes ago, I updated Fedora-20 by doing "yum update". I then did "rkhunter --u