this is from the infected server root@server1 [/var/log]# stat /lib/libkeyutils.so.1.9 File: `/lib/libkeyutils.so.1.9' Size: *26904* Blocks: 56 IO Block: 4096 regular file Device: 6ah/106d Inode: 357728408 Links: 1 Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2013-02-18 07:28:21.000000000 -0500 Modify: 2007-01-06 02:57:38.000000000 -0500 Change: 2013-02-18 07:28:06.000000000 -0500
the file libkeyutils.so* are part of the sys-apps/keyutils package the file is slightly smaller stat /lib/libkeyutils.so.1.4 File: ‘/lib/libkeyutils.so.1.4’ Size: *9560* Blocks: 24 IO Block: 4096 regular file Device: 801h/2049d Inode: 33101 Links: 1 Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2013-03-22 12:19:56.674851171 +0100 Modify: 2012-12-02 23:16:09.000000000 +0100 Change: 2013-02-19 02:01:18.301392129 +0100 Birth: - you can also check the files using the equery k keyutils command, or using the sabayons build-in check in equo (I don't know the name of it as I don't use sabayon anymore) On Fri, Mar 22, 2013 at 12:23 PM, Andre Jaenisch < [email protected]> wrote: > 2013/3/22 Joost Ruis <[email protected]>: > > I checked my system here ( amd64 ) and it seems we are not affected by > this. > > > > On this page you can find some tests you can perform. > > http://docs.cpanel.net/twiki/bin/view/AllDocumentation/CompSystem > > Can you attend it to http://bugs.sabayon.org/show_bug.cgi?id=4108 ? > The thread is broken somehow ... > >
