HOW TO FIND OUT IF YOU HAVE BEEN ROOTED:
ls -la /lib64/libkeyutils.so.1.9
rpm -qf /lib64/libkeyutils.so.1.9
ls -la /lib/libkeyutils.so.1.9
rpm -qf /lib/libkeyutils.so.1.9
If you find the file and RPM shows “is not owned by any package” you have been rooted.
Currently known affected OSes: RHEL-based servers
Currently known effected control panels: cPanel, DirectAdmin, and Plesk
we do not know if controls panels are the reason or not.
Servers with ksplice have been exploited