How to stop the cPanel sending me "[hackcheck]" email for someone??

[ttk_2k]

Hello, recently I've set up a box, and the NOC has a root account for themselves called nocsysadmin, and I've verified this info with them.

However every night I recieve an email from CPanel telling me that : "[hackcheck] nocsysadmin has a uid 0 account". How may I stop it? Well I mean not to stop "hackcheck" emails at all, just for this specific user..

Any help is appreciated, thanks a lot!

[dalem]

pico /etc/passwd and add nocsysadmin to it

[dgbaker]

Incorrect.

There are two things here;

1. The noc should not be doing that they should use su - just like you should.

2. In order to change that e-mail from sending you need to edit /scripts/hackcheck and change

Code:

 if ($uid == 0 && $user ne "root" && $user ne "toor") {

to include their id.

Keep in mind that this file is cPanel's and it may get changed back.

[ttk_2k]

Thanks a lot, and by the way, how may I disable this user and I'd prefer to give root pwd to my NOC when I need assistence instead just have this root user in my system which may be a risk. Thanks!!

[dgbaker]

You have two choices here as well.

Delete the account

userdel username

or comment out the user (will still trigger hackcheck if not modified)

Edit /etc/shadow as root
locate the username

insert !! after the first : after the userid

Example

userid:!!$1$LtMXqqsM$GPJstxfHYkgBlAM75/8QM0:12863:0:99999:7:::

[ttk_2k]

Thank you dgbaker, but could u pls kindly explain what does the second way (comment out) exactly do? It seems a great way, but is that just to disable the user to login or will entirely make the user unfunctioning at all and make that user NOT be a risk to our system?

Thanks for your help!

[dgbaker]

It effectively disables the account. Only root can su to it still AFAIK. The only true way though of course is not have it at all, as it even being there with ID 0 is a potential risk.