The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

delete the libkeyutils.so.1.3

Discussion in 'Security' started by mehrdadali14, Jun 25, 2016.

  1. mehrdadali14

    mehrdadali14 Member

    Joined:
    Jun 16, 2016
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Islamabad
    cPanel Access Level:
    Root Administrator
    i received the warring in my cpanel security adviser regarding libkeyutils.so.1.3 and libkeyutils.so.1 so
    i removed that file with help of same website now as like this
    Softaculous.com/blog/checking-for-sshd-rootkit-hack/

    after rebooting the server
    same of services like apache not work and i can only access to server via vnc
    the give the following error
    error while loading shared libraries : libkeytuilis .so.i. conn't open shared object file

    My os is centos 6.6

    kindly help me to resolve it
     
    #1 mehrdadali14, Jun 25, 2016
    Last edited by a moderator: Jun 25, 2016
  2. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    that was absolutely stupid advice how not to clean up a hack

    This may get you working again and temporarily lock the hackers out

    # rm -rf /root/.ssh/*
    # service sshd stop
    # wget http://mirror.centos.org/centos-6/6.8/os/x86_64/Packages/keyutils-libs-1.4-5.el6.x86_64.rpm

    #rpm -ivh --replacefiles --replacepkgs keyutils-libs-1.4-5.el6.x86_64.rpm
    #yum reinstall openssh* -y
    #yum reinstall libssh2* -y
    #ldconfig
    #service sshd restart


    If it works then proceed to reload your OS as your server has been root compromised and you can no longer trust it.
     
  3. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    and PS change your root password
    and when restoring from the compromised server only pull data from the compromised server do not push data as you will reinfect your Fresh OS install
     
    quizknows likes this.
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    650
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page