PeteS

Well-Known Member
Jun 8, 2017
237
48
28
Oregon
cPanel Access Level
Root Administrator
1- The download for jail_safe_passwd.bz2 is now a .xz, correct?

2- Downloaded:
Code:
wget http://httpupdate.cpanel.net/cpanelsync/11.68.0.21/binaries/linux-c7-x86_64/bin/jail_safe_passwd.xz
Based on:
CentOS 7.4, WHM 68.0.21
# arch
x86_64

Correct?

---------------

Then I checked these:
Code:
# md5sum /root/test/jail_safe_passwd
77d6231844a183b7e44234f42e6b636f  jail_safe_passwd

# md5sum /usr/local/cpanel/bin/jail_safe_passwd
77d6231844a183b7e44234f42e6b636f  /usr/local/cpanel/bin/jail_safe_passwd

# md5sum /bin/passwd
792964343f6f916d8025bf9b1eb1e839  /bin/passwd
Contrary to what I read on this forum in older posts /bin/passwd is NOT a symlink to /usr/local/cpanel/bin/jail_safe_passwd Has this changed, or else what might be the cause?

(This is all prompted by chkrootkit-0.52 reporting "Checking `passwd'... INFECTED" which is a know common false positive, but now I'm concerned. Today is the first time it has reported this, and the only thing I know of that changed was updating rkhunter from 1.4.2 to 1.4.4)
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello,

Yes, that's the correct archive location for that file from our download mirrors. The MD5 checksums you provided match a test system running CentOS 7.4 and cPanel 68.0.21:

Code:
# md5sum /bin/passwd
792964343f6f916d8025bf9b1eb1e839  /bin/passwd

# md5sum /usr/local/cpanel/bin/jail_safe_passwd
77d6231844a183b7e44234f42e6b636f  /usr/local/cpanel/bin/jail_safe_passwd
These are two separate files.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello Pete,

It's the case with CentOS 6.x, but it's not applicable to CentOS 7.x. I've updated that post to reflect that information.

Thank you.