Public bug reported: rkhunter incorrectly reports libkeyutils.so.1.9 as "Sniffer component" or (running_procs) as "Spam tool component".
Unfortunately, the libkeyutils1 package that recent releases of Debian (>=11) and Ubuntu (>=20.10) ship contains /lib/x86_64-linux- gnu/libkeyutils.so.1.9, see e.g. https://packages.ubuntu.com/hirsute/amd64/libkeyutils1/filelist This is a known issue, see https://sourceforge.net/p/rkhunter/bugs/170/. There's a patch in the 'develop' branch, see https://sourceforge.net/p/rkhunter/rkh_code/ci/6c0675385cafe64ba218b53202b031f616046fe6/ . But the fix doesn't seem to have been released yet. I am using rkhunter 1.4.6-2~ubuntu18.04.1 on Ubuntu 18.04.5, scanning docker images that are based on Debian 11 and recent Ubuntu releases. ** Affects: rkhunter (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1940851 Title: False positive: "running_procs" incorrectly reports libkeyutils.so.1.9 as "Spam tool component" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rkhunter/+bug/1940851/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs