How to stop the cPanel sending me "[hackcheck]" email for someone??

ttk_2k

Well-Known Member
Jan 22, 2005
45
0
156
Hello, recently I've set up a box, and the NOC has a root account for themselves called nocsysadmin, and I've verified this info with them.

However every night I recieve an email from CPanel telling me that : "[hackcheck] nocsysadmin has a uid 0 account". How may I stop it? Well I mean not to stop "hackcheck" emails at all, just for this specific user..

Any help is appreciated, thanks a lot! :)
 

dgbaker

Well-Known Member
PartnerNOC
Sep 20, 2002
2,540
9
343
Toronto, Ontario Canada
cPanel Access Level
DataCenter Provider
Incorrect.

There are two things here;

1. The noc should not be doing that they should use su - just like you should.

2. In order to change that e-mail from sending you need to edit /scripts/hackcheck and change
Code:
 if ($uid == 0 && $user ne "root" && $user ne "toor") {
to include their id.

Keep in mind that this file is cPanel's and it may get changed back.
 

ttk_2k

Well-Known Member
Jan 22, 2005
45
0
156
Thanks a lot, and by the way, how may I disable this user and I'd prefer to give root pwd to my NOC when I need assistence instead just have this root user in my system which may be a risk. Thanks!!
 

dgbaker

Well-Known Member
PartnerNOC
Sep 20, 2002
2,540
9
343
Toronto, Ontario Canada
cPanel Access Level
DataCenter Provider
You have two choices here as well.

Delete the account

userdel username

or comment out the user (will still trigger hackcheck if not modified)

Edit /etc/shadow as root
locate the username

insert !! after the first : after the userid

Example

userid:!!$1$LtMXqqsM$GPJstxfHYkgBlAM75/8QM0:12863:0:99999:7:::
 

ttk_2k

Well-Known Member
Jan 22, 2005
45
0
156
Thank you dgbaker, but could u pls kindly explain what does the second way (comment out) exactly do? It seems a great way, but is that just to disable the user to login or will entirely make the user unfunctioning at all and make that user NOT be a risk to our system?

Thanks for your help!
 

dgbaker

Well-Known Member
PartnerNOC
Sep 20, 2002
2,540
9
343
Toronto, Ontario Canada
cPanel Access Level
DataCenter Provider
It effectively disables the account. Only root can su to it still AFAIK. The only true way though of course is not have it at all, as it even being there with ID 0 is a potential risk.