The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Failed Checksum

Discussion in 'Security' started by nagyosha, Mar 12, 2014.

  1. nagyosha

    nagyosha Member

    Joined:
    Mar 9, 2014
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    i have a 7 days old install..
    had a message yesterday as i have CSF installed

    The following list of files have FAILED the md5sum comparison test. This means that the file has been changed in some way. This could be a result of an OS update or application upgrade. If the change is unexpected it should be investigated:
    /bin/crontab: FAILED
    /bin/passwd: FAILED

    both are symlinks i think to
    crontab - /bin/crontab: symbolic link to `../usr/local/cpanel/bin/jail_safe_crontab'
    passed - /bin/passwd: symbolic link to `../usr/local/cpanel/bin/jail_safe_passwd'

    my concern is that this was not flagged up until a few days after install


    so installed RKhunter.. and heres what it says ..

    FREE A-AST RKHunter cPanel Plugin v2.0
    Please wait, this may take sometime...
    Warning: Package manager verification has failed:
    File: /bin/mount
    The file permissions have changed
    Warning: Package manager verification has failed:
    File: /bin/ping
    The file permissions have changed
    Warning: Package manager verification has failed:
    File: /bin/su
    The file permissions have changed
    The file group has changed
    Warning: Package manager verification has failed:
    File: /usr/bin/locate
    The file permissions have changed
    Warning: Package manager verification has failed:
    File: /usr/bin/newgrp
    The file permissions have changed
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Those warnings look like false positives, but keep in mind that those are not applications developed by cPanel. If you are concerned about server security, it's highly recommended that you consult with a qualified system administrator or security specialist. Or, you may want to post those warnings on the support forums of those applications to see if the developers can provide more insight.

    Thank you.
     
  3. popeye

    popeye Well-Known Member

    Joined:
    May 23, 2013
    Messages:
    313
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Texas
    cPanel Access Level:
    Root Administrator
    You get these mostly after a cpanel update i had this tonight
     
  4. nowhere

    nowhere Member

    Joined:
    Sep 21, 2012
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi, same thing happened to me.
    The server is one week old and rkhunter reports as well:

    ---------------------- Start Rootkit Hunter Scan ----------------------
    Warning: Package manager verification has failed:
    File: /bin/mount
    The file permissions have changed
    Warning: Package manager verification has failed:
    File: /bin/ping
    The file permissions have changed
    Warning: Package manager verification has failed:
    File: /bin/su
    The file permissions have changed
    The file group has changed
    Warning: Package manager verification has failed:
    File: /usr/bin/locate
    The file permissions have changed
    Warning: Package manager verification has failed:
    File: /usr/bin/newgrp
    The file permissions have changed
    ---------------------- Start Rootkit Hunter Scan ----------------------

    I've searched around for solution, I've tried to remove and install again rkhunter and I've updated rkhunter --propupd but the problem is still there.

    Of course I could tell rkhunter to ignore them but it's not so safe.
    Has anyone the same problem?

    Thanks
     
Loading...

Share This Page