:: Re: [devuan-dev] Devuan 6 Excalibur…
Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMArcady Ivanov at <-
MRalph Ronnquist at ->
Delete this message
Reply to this message
Author: Lorenzo
Date:  
To: Arcady Ivanov
CC: devuan developers internal list
Subject: Re: [devuan-dev] Devuan 6 Excalibur is virused?
Hi Arcady,

On Wed, 26 Nov 2025 09:57:28 +1200 (PETT)
Arcady Ivanov <it.chief@???> wrote:

> I have Wazuh in my network. Wazuh informs that on each of this
> computers
>
> I have:
>
> Trojaned version of file '/usr/bin/chsh' detected. Signature used:
> 'bash|file\.h|proc\.h|/dev/ttyo|/dev/[A-Z]|/dev/[a-s,uvxz]' (Generic).
>
> Trojaned version of file '/bin/passwd' detected. Signature used:
> 'bash|file\.h|proc\.h|/dev/ttyo|/dev/[A-Z]|/dev/[b-s,uvxz]' (Generic).
>

likely a false positive

see https://github.com/wazuh/wazuh/issues/20363#issuecomment-3450739212

and

https://github.com/wazuh/wazuh/issues/32142

In any case is not Devuan specific, it affects Debian and other
derivatives (Ubuntu) as well.

Best,
Lorenzo

>
>
>
> IKIR IT Chief. Arcady Ivanov.
>
> phone: +7(914)024-4191
>
> mailto: arc@???
>

This message was posted to the following mailing lists:
devuan-dev
Mailing List Info | Nearby Messages		<-[devuan-dev] Devuan 6 Excalibur is virused?Re: [devuan-dev] Devuan 6 Excalibur is virused?->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)