Hacking attempt or cPanel update

[debug]

Feb 19 06:00:26 server lfd[32413]:

*System Integrity* has detected modified file(s):

/usr/bin/lchfn /usr/bin/lchsh /usr/sbin/lchage /usr/sbin/lgroupadd /usr/sbin/lgroupdel /usr/sbin/lgroupmod /usr/sbin/lid /usr/sbin/lnewusers /usr/sbin/lpasswd /usr/sbin/luseradd /usr/sbin/luserdel /usr/sbin/lusermod

[Infopro]

See this part in bold?

Feb 19 06:00:26 server lfd[32413]:

LFD is a part of Configserver Firewall. You can find many threads on this topic on the CSF forums, like this one:

*System Integrity* has detected modified file(s):

HTH!