Hackcheck

[lloyd_tennison]

OK, so it does not like "has a uid 0 account," I get it. But why does it change the password and how do I stop it! (Lfd tells me the password was changed, and it was, seconds after the alert.) I created that account for a reason. The password is changed seconds after hackcheck is run. I want that account and see no where does any doc say that hackcheck will change the password. That could cause all kinds of problems for servers.

It sure is for me. I have it so support can login to fix a R1soft error and I do not want some offshore tech guy having my root password. So, every night, they get locked out.

How would I disable that "feature?"

Thanks in advance.

 

[alphawolf50]

uid 0 is root. To restate that, a user with uid 0 has unlimited access to your system. They don't need your root password if you're giving them an account with root privileges.

It would be a better idea to set up sudo/wheel group for users who need elevated priveleges:
Configuring sudo and adding users to Wheel group | Linux Poison

Doing the above will allow you to limit which specific programs they can run, and will also log any actions they take.

 

[lloyd_tennison]

I know that is unlimited access. Support usually NEEDS unlimited access. I would go crazy if every script, every tool, everything I tried to do would not work. Not to mention how much more they could screw something up by not being root and having permissions, etc. wrong.

Sudo is NOT the same thing. It does not work the same, it does not access the same by the very nature you need to add another word to every command!

However, that is/was not my question. My question is how and why is the script changing the password? It should never do so, and none of the other scripts do such a thing. They all only give warnings. Why is this different?

 

[alphawolf50]

Hi Lloyd,

I didn't answer your question regarding hackcheck both because I don't know the answer and because I think creating an additional uid 0 account is a bad idea. However, if you're only worried about protecting your root password, you could have them log in with a public key:

WHM >> Security Center >> Manage root’s SSH Keys

I realize that may not be the answer you're looking for -- just trying to come up with a more "standard" solution than creating a superuser account who isn't the superuser. Others are free to chime in if they know how to make hackcheck behave differently.

 

[Infopro]

A simple search for the word hackcheck on these very forums gave me this thread:
http://forums.cpanel.net/f185/uid-0-whitelist-207252.html#post851802

BE SURE TO READ THE THREAD PLEASE!

HTH!