The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

hackcheck problem

Discussion in 'General Discussion' started by nameste, May 17, 2005.

  1. nameste

    nameste Registered

    Joined:
    May 17, 2005
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    In the daily update email I am getting the following message

    findutils fails checksum !!!
    send to CONTACTEMAIL (3) [3]
    warning: /var/tmp/rpm-xfer.lvcpwy: V3 DSA signature: NOKEY, key ID db42a60e
    Retrieving http://updates.cpanel.net/pub/hackcheck/redhat/9/findutils-4.1.7-9.i386.rpm
    Preparing... ##################################################
    findutils ##################################################
    error: unpacking of archive failed: cpio: lstat failed - Invalid argument

    and

    cvs: current version is 1.11.2-24.legacy, will be updated to 1.11.2-25.legacy.
    warning: /var/tmp/rpm-xfer.2Fz5Zq: V3 DSA signature: NOKEY, key ID 731002fa
    Retrieving http://updates.cpanel.net/redhat/updates/9/en/os/i386/cvs-1.11.2-25.legacy.i386.rpm
    Preparing... ##################################################
    cvs ##################################################
    error: unpacking of archive failed: cpio: lstat failed - Invalid argument

    then i get an email from hackcheck telling me some files are missing


    IMPORTANT: Do not ignore this email.
    This message is to inform you that the rpm
    package findutils did not match the expected checksum. This could mean that
    your system was compromised (OwN3D). The offending files have been removed
    and replaced with the OS default. To be safe you should verify that your
    system has not be compromised.

    Modified Files:
    missing /usr/share/doc/findutils-4.1.7
    missing d /usr/share/doc/findutils-4.1.7/NEWS
    missing d /usr/share/doc/findutils-4.1.7/README

    My host hasn't seen this errors before and pointed me here, can anyone shed any light please
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Presuming that you've checked that your server has indeed not suffered a root hack and has a rootkit installed, it would help to know what OS you are running. A starting point would be to reinstall the findutils rpm.
     
  3. Website Rob

    Website Rob Well-Known Member

    Joined:
    Mar 23, 2002
    Messages:
    1,506
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    Alberta, Canada
    cPanel Access Level:
    Root Administrator
    To be safe you should verify that your system has not be compromised.

    And that is exactly what you should do!

    Either yourself, your DC, or pay someone but at this point, I would say your Server has been compromised. The only question is to what extent.
     
  4. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    This error message has only one meaning, your server has been compromised. It is very likely that your server will go offline soon, if no immediate action is taken.
     
  5. cPanelBilly

    cPanelBilly Guest

    not quite true, it means that some base utilities are different from the RPM installs. This may happen if you chose to update them from source.
     
Loading...

Share This Page