rkhunter warnings
by François Patte
Bonjour,
Since the last update of f32, rkhunter send a lot of warning (in spite
of the --propupd I run after each update...):
Warning: Checking for possible rootkit files and directories [ Warning ]
Found file '/lib/libkeyutils.so.1.9'. Possible rootkit:
Sniffer component
Found file '/lib64/libkeyutils.so.1.9'. Possible rootkit:
Sniffer component
Found file '/usr/lib/libkeyutils.so.1.9'. Possible rootkit:
Sniffer component
Found file '/usr/lib64/libkeyutils.so.1.9'. Possible rootkit:
Sniffer component
Warning: The following processes are using suspicious files:
Command: abrt-applet
UID: 2995 PID: 2663
Pathname: 24376
Possible Rootkit: Spam tool component
Command: abrtd
UID: 0 PID: 1580
Pathname: /usr/lib64/libkeyutils.so.1.9
Possible Rootkit: Spam tool component
Command: abrt-dbus
UID: 0 PID: 3087
Pathname: /usr/lib64/libkeyutils.so.1.9
Possible Rootkit: Spam tool component
Command: abrt-dump-journ
UID: 0 PID: 1629
Pathname: /usr/lib64/libkeyutils.so.1.9
Possible Rootkit: Spam tool component
Command: auditd
UID: 0 PID: 1386
Pathname: /usr/lib64/libkeyutils.so.1.9
Possible Rootkit: Spam tool component
Command: chrome<-----------------this one repeated several
times--------->
UID: 11750 PID: 11749
Pathname: 24376
Possible Rootkit: Spam tool component
Command: cleanupd
UID: 0 PID: 2062
Pathname: /usr/lib64/libkeyutils.so.1.9
Possible Rootkit: Spam tool component
Command: cupsd
UID: 0 PID: 1525
Pathname: /usr/lib64/libkeyutils.so.1.9
Possible Rootkit: Spam tool component
Command: dnfdragora-upda
UID: 3025 PID: 2621
Pathname: /usr/lib64/libkeyutils.so.1.9
Possible Rootkit: Spam tool component
Command: evolution-addre
UID: 3025 PID: 3168
Pathname: /usr/lib64/libkeyutils.so.1.9
Possible Rootkit: Spam tool component
Command: evolution-alarm
UID: 3007 PID: 2571
Pathname: 24376
Possible Rootkit: Spam tool component
etc. etc.
chkrootkit does not teturn any problem...
What is the problem?
Thank you.
--
François Patte
UFR de mathématiques et informatique
Laboratoire CNRS MAP5, UMR 8145
Université Paris Descartes
45, rue des Saints Pères
F-75270 Paris Cedex 06
Tél. +33 (0)6 7892 5822
http://www.math-info.univ-paris5.fr/~patte
FSF
https://www.fsf.org/blogs/community/presenting-shoetool-happy-holidays-fr...
2 hours, 5 minutes
Mail Reader -
by Bob Goodwin
I have Mail Reader listed in the menu on this computer. Can someone
tell me what the procedure is to make it read/speak some text?
It does not respond to the same number pad keys as Orca. Orca might
work if I could adjust the voice to something intelligible, the
default;;t seems to lose syllables from each word.
As it is I have to use an iPad and ask Siri to read messages. Not a good
system for me.
Bob
--
Bob Goodwin - Zuni, Virginia, USA
FEDORA-32/64bit LINUX XFCE Fastmail POP3
8 hours, 13 minutes
highest time to have Signal - no?
by lejeczek
hi everybody.
I see some good folks prepped Signal in "copr" but I'd say -
if any maintainer/developer is reading - it's the highest
time we had Fedora's official build of "Signal" available - no?
regards, L.
18 hours, 11 minutes
auditd log processing tools?
by Alex
Hi,
I have a fedora33 system and would like to get more involved with
auditd. I understand the basics, but are there any tools to process
the audit.log file, to make it easier to process, read and display?
How about acting on specific events? What if I wanted to be alerted
somehow when sudo was run more than five times in some period? Perhaps
logwatch?
I've seen references to using it with splunk but are there open source
alternatives?
I'm also aware of aureport, which appears to be great for producing
summary reports, and maybe an event report, but what do people do with
this information to make it useful?
How do admins normally act on the information in the logs? Are they
just using it to investigate a specific event, such as when privileges
are escalated for some reason or ssh is being used?
It's otherwise just too much information - who cares that ssh is being
used or sudo was run, unless you thought that functionality was
disabled, for example.
Thanks,
Alex
20 hours, 26 minutes
Plasma on Xorg Fails to Start After Last System Update
by Stephen Morris
Hi,
Three days ago I did a dnf system upgrade to apply all available
Fedora updates. I have now tried to start Plasma under Xorg, but it now
refuses to start with a crash in ksplashqml, and if I press
ctrl-alt-delete to try to logout the ksmserver-greeter also crashes.
Plasma under Wayland runs quite happily albeit without resolution
scaling. Gnome under Wayland runs fine without scaling and Gnome under
Xorg also runs fine. How do I determine why the apps are failing with
Plasma under Xorg now?
regards,
Steve
21 hours, 37 minutes
F32 not booting
by GianPiero Puccioni
Hi,
yesterday my laptop with F32 didn't boot.
It goes in emergency mode and creates a rdsosreport file
I usually don't do this but this time when I installed F I let the system create
the partitions and I think it's LVM with XFS but I'm not sure of the latter and
I am not familiar with this method.
Is there something to do to try to recover something about this, like the
files from /home as of course the USB stick I used for backups went crazy too
and I could recover only a fraction of it. It doesn't seem that it was the HD
that want all bad as the Win10 partition still works.
If I run lvm_scan I get this:
Scanning devices sda7 for LVM logical volumes fedora_shure/root fedora_shure/swap
ACTIVE '/dev/fedora_shure/root' [50.00 GiB] inherit
ACTIVE '/dev/fedora_shure/swap' [<3.88 GiB] inherit
inactive '/dev/fedora_shure/home' [<166.95 GiB] inherit
and in /dev/fedora_shure there is only root and swap
I'll attach both the rdsosreport and output of journalctl(as suggested by the
error message)
Thanks for any help
GiP
P.S. I sent this before but it went into "moderation" as it exceeded the 60K
limit, I gzipped the attachments and it should be fine now.
G
22 hours, 57 minutes
Mail Reader -
by Bob Goodwin
I have Mil Reader listed in the menu on this computer. Can someone tell
me what the procedure is to make it read some text? Bob
--
Bob Goodwin - Zuni, Virginia, USA
FEDORA-32/64bit LINUX XFCE Fastmail POP3
23 hours, 50 minutes
rdma-core-32.0-1.fc33.i686 has inferior architecture
by ToddAndMargo
Hi All,
Anyone know what this is `dnf upgrade` error is
all about?
Problem: cannot install both rdma-core-33.0-1.fc33.x86_64 and
rdma-core-32.0-1.fc33.x86_64
- rdma-core-32.0-1.fc33.i686 has inferior architecture
- cannot install the best update candidate for package
rdma-core-32.0-1.fc33.x86_64
- problem with installed package rdma-core-32.0-1.fc33.i686
Many thanks,
-T
1 day, 17 hours
What does this smartd nonsense mean?
by Tom Horsley
In my logwatch this morning (for the first time that I remember):
--------------------- Smartd Begin ------------------------
**Unmatched Entries**
Device: /dev/nvme0, --capabilites is set, mail will be suppressed. : 2 time(s)
Device: /dev/nvme1, --capabilites is set, mail will be suppressed. : 2 time(s)
Device: /dev/nvme2, --capabilites is set, mail will be suppressed. : 2 time(s)
What on earth does that mean? Google didn't seem to find any
examples of that message.
1 day, 21 hours
Trying to see if Firefox pem/certs can be used for the "curl" cmd
by bruce
Hi.
This is a bit off-topic. But I thought I might throw it out here.
Curl has the ability to use certs from the Browser. Trying to research
and figure out how to accomplish this.
Various sites discuss, but haven't seen a step by step process. So
before I start testing thought I'd ask here
thanks!
1 day, 21 hours