File: /usr/local/cpanel/bin/jail_safe_passwd

[s2s]

Hi, could someone please verify that this file is safe?

Warning: The file properties have changed:
File: /usr/local/cpanel/bin/jail_safe_passwd
Current hash: fe51a88927eec1639019baa49bd4389cf833202f
Stored hash : 83607040e4db499abe3564eaa28f3b2a258bb145
Current file modification time: 1384907954 (20-Nov-2013 00:39:14)
Stored file modification time : 1383871010 (08-Nov-2013 00:36:50)

...or even better, would it be possible to have a section somewhere that records all current MD5 hashes of binaries so we can freely compare at will (it might help reduce the number of threads like this) ?

 

[cPanelMichael]

Hello

Yes, that is a legitimate file used by cPanel. Could you let us know the version of cPanel you have installed so we can provide a comparative md5sum? Here is the output from a test system running cPanel 11.40.0.24:

[~]# stat /usr/local/cpanel/bin/jail_safe_passwd
  File: `/usr/local/cpanel/bin/jail_safe_passwd'
  Size: 6445632   	Blocks: 12616      IO Block: 4096   regular file
Device: fd00h/64768d	Inode: 27001062    Links: 1
Access: (0755/-rwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2013-11-20 14:54:32.000000000 -0600
Modify: 2013-11-20 00:39:34.000000000 -0600
Change: 2013-11-20 00:41:00.000000000 -0600

[~]# md5sum /usr/local/cpanel/bin/jail_safe_passwd
30cc014c2ac073f02851b767edbe5038  /usr/local/cpanel/bin/jail_safe_passwd

Thank you.

 

[s2s]

Hi Michael,

Our cPanel version is 11.40.0 (build 24)

root@442248 [~]# /usr/local/cpanel/cpanel -V
11.40.0 (build 24)
root@442248 [~]# stat /usr/local/cpanel/bin/jail_safe_passwd
  File: `/usr/local/cpanel/bin/jail_safe_passwd'
  Size: 6445632   	Blocks: 12592      IO Block: 4096   regular file
Device: fc03h/64515d	Inode: 667622      Links: 1
Access: (0755/-rwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2013-11-22 02:00:17.497291953 +0000
Modify: 2013-11-20 00:39:14.080203017 +0000
Change: 2013-11-20 00:40:08.004452339 +0000
root@442248 [~]# md5sum /usr/local/cpanel/bin/jail_safe_passwd
30cc014c2ac073f02851b767edbe5038  /usr/local/cpanel/bin/jail_safe_passwd

Would it be possible to have a publicly available list of md5 hashes for 'critical' binaries? (su, passwd, gpasswd, etc...)

 

[cPanelKenneth]

Our updater validates all MD5 sums of files it installs, prior to installing them. On your local server you can find a list of MD5 sums in the .cpanelsync.md5s files throughout /usr/local/cpanel. find /usr/local/cpanel -name '.cpanelsync.md5s' should find all of them for you.

You can compare the MD5s on your local server with the MD5s on the mirror. On the mirrors the MD5s are stored in http://httpupdate.cpanel.net/cpanelsync/<buildnumber>/.version-md5-cache. The MD5 sum is the last entry on each line.

For example the MD5s for 11.40.0.24 are at http://httpupdate.cpanel.net/cpanelsync/11.40.0.24/.version-md5-cache

For extra precaution we sign our cpanelsync files. Each build has its own signed version at http://httpupdate.cpanel.net/cpanelsync/<buildnumber>/.cpanelsync.asc For 11.40.0.24 this file is http://httpupdate.cpanel.net/cpanelsync/11.40.0.24/.cpanelsync.asc. You can find our GPG key, for verification, at cPanel Security Team GNU Privacy Guard (GnuPG) | cPanel, Inc.

Note: we began signing the cpanelsync files (which are the master files for validating a build/installation) with 11.40. Prior versions are not signed.

 

[martin MHC]

It is worth noting that this reference information to remote checking of MD5sum values of CPanel releases no longer appears valid; these URLs are no longer valid links.