Package: rkhunter Version: 1.4.6-7 Severity: important Hello and thanks for maintaining rkhunter in Debian!
After upgrading [UPGRADE] libkeyutils1:amd64 1.6-6 -> 1.6.1-2 I get the following warning with # rkhunter --sk -c in /var/log/rkhunter.log: Info: Starting test name 'running_procs' Checking running processes for suspicious files [ Warning ] Warning: The following processes are using suspicious files: Command: sshd UID: 0 PID: 7331 Pathname: /lib/x86_64-linux-gnu/libkeyutils.so.1.9 Possible Rootkit: Spam tool component As explained in [bug #951338], this looks like a false positive triggered by just the filename. [bug #951338]: <https://bugs.debian.org/951338> Please fix this false positive, since getting a daily alert from rkhunter for this is annoying. Thanks for your time! Bye. -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (800, 'testing'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 5.4.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages rkhunter depends on: ii binutils 2.34-2 ii debconf [debconf-2.0] 1.5.73 ii file 1:5.38-4 ii lsof 4.93.2+dfsg-1 ii net-tools 1.60+git20180626.aebd88e-1 ii perl 5.30.0-9 ii ucf 3.0038+nmu1 Versions of packages rkhunter recommends: ii curl 7.67.0-2 ii e2fsprogs 1.45.5-2 ii exim4-daemon-light [mail-transport-agent] 4.93-10 ii iproute2 5.4.0-1 ii mailutils [mailx] 1:3.7-2 ii unhide 20130526-4 ii unhide.rb 22-4 ii wget 1.20.3-1+b2 Versions of packages rkhunter suggests: ii liburi-perl 1.76-2 ii libwww-perl 6.43-1 pn powermgmt-base <none> -- Configuration Files: /etc/rkhunter.conf changed [not included] -- debconf information: rkhunter/apt_autogen: yes rkhunter/cron_db_update: yes rkhunter/cron_daily_run: yes