HOW TO FIND OUT IF YOU HAVE BEEN ROOTED:

ls -la /lib64/libkeyutils.so.1.9

rpm -qf /lib64/libkeyutils.so.1.9

ls -la /lib/libkeyutils.so.1.9

rpm -qf /lib/libkeyutils.so.1.9

If you find the file and RPM shows “is not owned by any package” you have been rooted.

Currently known affected OSes:  RHEL-based servers

Currently known effected control panels:  cPanel, DirectAdmin, and Plesk

we do not know if controls panels are the reason or not.

Servers with ksplice have been exploited

via 0day Linux/CentOS SSHd Spam Exploit — libkeyutils.so.1.9 | Security, Server Tweaking, IT Management Blog By SolidShellSecurity.

Skip to content