Operating System & Version
CENTOS 7.8
cPanel & WHM Version
v90.0.15

martin MHC

Well-Known Member
Sep 14, 2016
189
32
28
UK
cPanel Access Level
Root Administrator
I have a rootkit hunter (rkhunter) installed on my server.
This morning it has come up with a notice that two files have changed from their originals:

Code:
 /usr/bin/locate
issue:
"The file permissions have changed"
"The file group has changed"

and

Code:
 /usr/bin/su
Issue:
"The file permissions have changed"

***

Due to the nature of what 'su' does, and to some extent the same for 'locate', I want to double check reasons for this noted change.


So I am now trying to tick off options for what causes these changes to narrow down the results (and hopefully whitelist these changes on future rkhunter runs) . Does WHM make these changes and did WHM make these changes in the last couple of days (ie from 12th October 2020). No WHM system updates have been recently noted.

Cheers
 
Last edited:

ffeingol

Well-Known Member
PartnerNOC
Nov 9, 2001
404
93
328
cPanel Access Level
DataCenter Provider
In general, the answer will be 'yes', but it depends on your configuration. The daily upcp process will apply cPanel/WHM updates and also perform a yum update to apply any OS level updates. You can check /var/log/yum.log to see if packages that contain those binaries were updated recently.