Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

libkeyutils.so.1.3.1 trojan false positive?

Discussion in 'Security' started by nightownl, Apr 9, 2017.

  1. nightownl

    nightownl Registered

    Joined:
    Apr 9, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    us
    cPanel Access Level:
    Website Owner
    Hello,

    I have been researching this the last two days and have not gotten very far. I have contacted my hosting provider and they ran a malware scan that came back clean as well as other commands to run and try to determine if I indeed have a trojan on my server.

    This is the error I have in the Security Adviser in WHM:

    Libkeyutils check: “/lib64/libkeyutils.so.1.3.1” is not owned by any system packages. This indicates a possible server compromise. (NOTE: Corrupted RPM databases can report this as a false positive).

    I do have a libkeyutils1.3.1 and libkeyutils1.3 with the symlink going to the 1.3.1

    However, every other commands I enter to try and substantiate the flag turns up nothing.

    ssh -G 2>&1 | grep -e illegal -e unknown > /dev/null && echo "System clean" || echo "System infected" -> this returns System Clean
    netstat -nap | grep proc/udevd" --> no results
    ipcs -m returns shared memory segments with the largest being 1200712 bytes (documents show a compromised system has over 3MB)

    So, not really sure where to go from here. Is WHM reporting a false positive? or is my RPM database corrupt?

    Thanks for the help!
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,309
    Likes Received:
    393
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. nightownl

    nightownl Registered

    Joined:
    Apr 9, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    us
    cPanel Access Level:
    Website Owner
    Thank you for the link. I will run through those commands and see what I can find
     
Loading...
Similar Threads - libkeyutils trojan false
  1. alexweb
    Replies:
    4
    Views:
    444

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice