Page 1 of 1

/lib/libkeyutils.so.1.9 is not an exploit

Posted: 22 Sep 2019, 14:23
by petteyg359
lfd wrote:Possible root compromise: File /lib64/libkeyutils.so.1.9 exists and /lib/libkeyutils.so.1.9 exists.

For more information see: http://www.webhostingtalk.com/showthread.php?t=1235797
This file is part of keyutils, part of the Linux kernel. If lfd is not checking the hash of the file matches a compromised version (it doesn't), then don't report it. This library has been around and been installed for years. Only when I updated to the 1.9 so version of keyutils yesterday did lfd start spamming me with emails about it. I hate to ignore a file that I might actually want to notice if it changes without me upgrading a package.