File: /usr/local/cpanel/bin/jail_safe_passwd

s2s

Member
Nov 21, 2013
20
0
1
cPanel Access Level
Root Administrator
Hi, could someone please verify that this file is safe?

Warning: The file properties have changed:
File: /usr/local/cpanel/bin/jail_safe_passwd
Current hash: fe51a88927eec1639019baa49bd4389cf833202f
Stored hash : 83607040e4db499abe3564eaa28f3b2a258bb145
Current file modification time: 1384907954 (20-Nov-2013 00:39:14)
Stored file modification time : 1383871010 (08-Nov-2013 00:36:50)

...or even better, would it be possible to have a section somewhere that records all current MD5 hashes of binaries so we can freely compare at will (it might help reduce the number of threads like this) ?
 

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,911
2,233
363
cPanel Access Level
DataCenter Provider
Twitter
Hello :)

Yes, that is a legitimate file used by cPanel. Could you let us know the version of cPanel you have installed so we can provide a comparative md5sum? Here is the output from a test system running cPanel 11.40.0.24:

Code:
[~]# stat /usr/local/cpanel/bin/jail_safe_passwd
  File: `/usr/local/cpanel/bin/jail_safe_passwd'
  Size: 6445632   	Blocks: 12616      IO Block: 4096   regular file
Device: fd00h/64768d	Inode: 27001062    Links: 1
Access: (0755/-rwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2013-11-20 14:54:32.000000000 -0600
Modify: 2013-11-20 00:39:34.000000000 -0600
Change: 2013-11-20 00:41:00.000000000 -0600

[~]# md5sum /usr/local/cpanel/bin/jail_safe_passwd
30cc014c2ac073f02851b767edbe5038  /usr/local/cpanel/bin/jail_safe_passwd
Thank you.
 

s2s

Member
Nov 21, 2013
20
0
1
cPanel Access Level
Root Administrator
Hi Michael,

Our cPanel version is 11.40.0 (build 24)

Code:
[email protected] [~]# /usr/local/cpanel/cpanel -V
11.40.0 (build 24)
[email protected] [~]# stat /usr/local/cpanel/bin/jail_safe_passwd
  File: `/usr/local/cpanel/bin/jail_safe_passwd'
  Size: 6445632   	Blocks: 12592      IO Block: 4096   regular file
Device: fc03h/64515d	Inode: 667622      Links: 1
Access: (0755/-rwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2013-11-22 02:00:17.497291953 +0000
Modify: 2013-11-20 00:39:14.080203017 +0000
Change: 2013-11-20 00:40:08.004452339 +0000
[email protected] [~]# md5sum /usr/local/cpanel/bin/jail_safe_passwd
30cc014c2ac073f02851b767edbe5038  /usr/local/cpanel/bin/jail_safe_passwd
Would it be possible to have a publicly available list of md5 hashes for 'critical' binaries? (su, passwd, gpasswd, etc...)
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,578
52
308
cPanel Access Level
Root Administrator
Our updater validates all MD5 sums of files it installs, prior to installing them. On your local server you can find a list of MD5 sums in the .cpanelsync.md5s files throughout /usr/local/cpanel. find /usr/local/cpanel -name '.cpanelsync.md5s' should find all of them for you.

You can compare the MD5s on your local server with the MD5s on the mirror. On the mirrors the MD5s are stored in http://httpupdate.cpanel.net/cpanelsync/<buildnumber>/.version-md5-cache. The MD5 sum is the last entry on each line.

For example the MD5s for 11.40.0.24 are at http://httpupdate.cpanel.net/cpanelsync/11.40.0.24/.version-md5-cache

For extra precaution we sign our cpanelsync files. Each build has its own signed version at http://httpupdate.cpanel.net/cpanelsync/<buildnumber>/.cpanelsync.asc For 11.40.0.24 this file is http://httpupdate.cpanel.net/cpanelsync/11.40.0.24/.cpanelsync.asc. You can find our GPG key, for verification, at cPanel Security Team GNU Privacy Guard (GnuPG) | cPanel, Inc.

Note: we began signing the cpanelsync files (which are the master files for validating a build/installation) with 11.40. Prior versions are not signed.