The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to stop the cPanel sending me "[hackcheck]" email for someone??

Discussion in 'E-mail Discussions' started by ttk_2k, Mar 21, 2005.

  1. ttk_2k

    ttk_2k Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Hello, recently I've set up a box, and the NOC has a root account for themselves called nocsysadmin, and I've verified this info with them.

    However every night I recieve an email from CPanel telling me that : "[hackcheck] nocsysadmin has a uid 0 account". How may I stop it? Well I mean not to stop "hackcheck" emails at all, just for this specific user..

    Any help is appreciated, thanks a lot! :)
     
  2. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    pico /etc/passwd and add nocsysadmin to it
     
  3. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    Incorrect.

    There are two things here;

    1. The noc should not be doing that they should use su - just like you should.

    2. In order to change that e-mail from sending you need to edit /scripts/hackcheck and change
    Code:
     if ($uid == 0 && $user ne "root" && $user ne "toor") {
    to include their id.

    Keep in mind that this file is cPanel's and it may get changed back.
     
  4. ttk_2k

    ttk_2k Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Thanks a lot, and by the way, how may I disable this user and I'd prefer to give root pwd to my NOC when I need assistence instead just have this root user in my system which may be a risk. Thanks!!
     
  5. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    You have two choices here as well.

    Delete the account

    userdel username

    or comment out the user (will still trigger hackcheck if not modified)

    Edit /etc/shadow as root
    locate the username

    insert !! after the first : after the userid

    Example

    userid:!!$1$LtMXqqsM$GPJstxfHYkgBlAM75/8QM0:12863:0:99999:7:::
     
  6. ttk_2k

    ttk_2k Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    6
    Thank you dgbaker, but could u pls kindly explain what does the second way (comment out) exactly do? It seems a great way, but is that just to disable the user to login or will entirely make the user unfunctioning at all and make that user NOT be a risk to our system?

    Thanks for your help!
     
  7. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,578
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    It effectively disables the account. Only root can su to it still AFAIK. The only true way though of course is not have it at all, as it even being there with ID 0 is a potential risk.
     
Loading...

Share This Page