nagyosha

Member
Mar 9, 2014
19
0
1
cPanel Access Level
Root Administrator
i have a 7 days old install..
had a message yesterday as i have CSF installed

The following list of files have FAILED the md5sum comparison test. This means that the file has been changed in some way. This could be a result of an OS update or application upgrade. If the change is unexpected it should be investigated:
/bin/crontab: FAILED
/bin/passwd: FAILED

both are symlinks i think to
crontab - /bin/crontab: symbolic link to `../usr/local/cpanel/bin/jail_safe_crontab'
passed - /bin/passwd: symbolic link to `../usr/local/cpanel/bin/jail_safe_passwd'

my concern is that this was not flagged up until a few days after install


so installed RKhunter.. and heres what it says ..

FREE A-AST RKHunter cPanel Plugin v2.0
Please wait, this may take sometime...
Warning: Package manager verification has failed:
File: /bin/mount
The file permissions have changed
Warning: Package manager verification has failed:
File: /bin/ping
The file permissions have changed
Warning: Package manager verification has failed:
File: /bin/su
The file permissions have changed
The file group has changed
Warning: Package manager verification has failed:
File: /usr/bin/locate
The file permissions have changed
Warning: Package manager verification has failed:
File: /usr/bin/newgrp
The file permissions have changed
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
Hello :)

Those warnings look like false positives, but keep in mind that those are not applications developed by cPanel. If you are concerned about server security, it's highly recommended that you consult with a qualified system administrator or security specialist. Or, you may want to post those warnings on the support forums of those applications to see if the developers can provide more insight.

Thank you.
 

nowhere

Member
Sep 21, 2012
14
0
1
cPanel Access Level
Root Administrator
Hi, same thing happened to me.
The server is one week old and rkhunter reports as well:

---------------------- Start Rootkit Hunter Scan ----------------------
Warning: Package manager verification has failed:
File: /bin/mount
The file permissions have changed
Warning: Package manager verification has failed:
File: /bin/ping
The file permissions have changed
Warning: Package manager verification has failed:
File: /bin/su
The file permissions have changed
The file group has changed
Warning: Package manager verification has failed:
File: /usr/bin/locate
The file permissions have changed
Warning: Package manager verification has failed:
File: /usr/bin/newgrp
The file permissions have changed
---------------------- Start Rootkit Hunter Scan ----------------------

I've searched around for solution, I've tried to remove and install again rkhunter and I've updated rkhunter --propupd but the problem is still there.

Of course I could tell rkhunter to ignore them but it's not so safe.
Has anyone the same problem?

Thanks