The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

File: /usr/local/cpanel/bin/jail_safe_passwd

Discussion in 'Security' started by s2s, Nov 21, 2013.

  1. s2s

    s2s Member

    Joined:
    Nov 21, 2013
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi, could someone please verify that this file is safe?

    Warning: The file properties have changed:
    File: /usr/local/cpanel/bin/jail_safe_passwd
    Current hash: fe51a88927eec1639019baa49bd4389cf833202f
    Stored hash : 83607040e4db499abe3564eaa28f3b2a258bb145
    Current file modification time: 1384907954 (20-Nov-2013 00:39:14)
    Stored file modification time : 1383871010 (08-Nov-2013 00:36:50)

    ...or even better, would it be possible to have a section somewhere that records all current MD5 hashes of binaries so we can freely compare at will (it might help reduce the number of threads like this) ?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Yes, that is a legitimate file used by cPanel. Could you let us know the version of cPanel you have installed so we can provide a comparative md5sum? Here is the output from a test system running cPanel 11.40.0.24:

    Code:
    [~]# stat /usr/local/cpanel/bin/jail_safe_passwd
      File: `/usr/local/cpanel/bin/jail_safe_passwd'
      Size: 6445632   	Blocks: 12616      IO Block: 4096   regular file
    Device: fd00h/64768d	Inode: 27001062    Links: 1
    Access: (0755/-rwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
    Access: 2013-11-20 14:54:32.000000000 -0600
    Modify: 2013-11-20 00:39:34.000000000 -0600
    Change: 2013-11-20 00:41:00.000000000 -0600
    
    [~]# md5sum /usr/local/cpanel/bin/jail_safe_passwd
    30cc014c2ac073f02851b767edbe5038  /usr/local/cpanel/bin/jail_safe_passwd
    Thank you.
     
  3. s2s

    s2s Member

    Joined:
    Nov 21, 2013
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi Michael,

    Our cPanel version is 11.40.0 (build 24)

    Code:
    root@442248 [~]# /usr/local/cpanel/cpanel -V
    11.40.0 (build 24)
    root@442248 [~]# stat /usr/local/cpanel/bin/jail_safe_passwd
      File: `/usr/local/cpanel/bin/jail_safe_passwd'
      Size: 6445632   	Blocks: 12592      IO Block: 4096   regular file
    Device: fc03h/64515d	Inode: 667622      Links: 1
    Access: (0755/-rwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
    Access: 2013-11-22 02:00:17.497291953 +0000
    Modify: 2013-11-20 00:39:14.080203017 +0000
    Change: 2013-11-20 00:40:08.004452339 +0000
    root@442248 [~]# md5sum /usr/local/cpanel/bin/jail_safe_passwd
    30cc014c2ac073f02851b767edbe5038  /usr/local/cpanel/bin/jail_safe_passwd
    
    Would it be possible to have a publicly available list of md5 hashes for 'critical' binaries? (su, passwd, gpasswd, etc...)
     
  4. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,460
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Our updater validates all MD5 sums of files it installs, prior to installing them. On your local server you can find a list of MD5 sums in the .cpanelsync.md5s files throughout /usr/local/cpanel. find /usr/local/cpanel -name '.cpanelsync.md5s' should find all of them for you.

    You can compare the MD5s on your local server with the MD5s on the mirror. On the mirrors the MD5s are stored in http://httpupdate.cpanel.net/cpanelsync/<buildnumber>/.version-md5-cache. The MD5 sum is the last entry on each line.

    For example the MD5s for 11.40.0.24 are at http://httpupdate.cpanel.net/cpanelsync/11.40.0.24/.version-md5-cache

    For extra precaution we sign our cpanelsync files. Each build has its own signed version at http://httpupdate.cpanel.net/cpanelsync/<buildnumber>/.cpanelsync.asc For 11.40.0.24 this file is http://httpupdate.cpanel.net/cpanelsync/11.40.0.24/.cpanelsync.asc. You can find our GPG key, for verification, at cPanel Security Team GNU Privacy Guard (GnuPG) | cPanel, Inc.

    Note: we began signing the cpanelsync files (which are the master files for validating a build/installation) with 11.40. Prior versions are not signed.
     
Loading...

Share This Page