Is it a false alarm - /usr/sbin/sshd被篡改 ?

Question

Is it a false alarm - /usr/sbin/sshd被篡改 ?

greendow opened this issue 2 years ago · 1 comments

I tried to run GScan on the desktop version of Ubuntu 20.04 and 22.04, the instruction is:
sudo python3 GScan.py
The result both includes:
[1][风险] 黑客在未知时间，进行了SSHwrapper 后门植入,/usr/sbin/sshd被篡改,文件非可执行文件
But sshd file does not exist. See below:
ls -al /usr/sbin/sshd
ls: cannot access '/usr/sbin/sshd': No such file or directory
Is it a false alarm?

Answer 1 · 2022-09-09T02:09:53.000Z

感谢，我没在这个系统上测试过，应该是个系统bug，我抽时间修改下。