Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

How to stop the cPanel sending me "[hackcheck]" email for someone??

Discussion in 'E-mail Discussion' started by ttk_2k, Mar 21, 2005.

  1. ttk_2k

    ttk_2k Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    156
    Hello, recently I've set up a box, and the NOC has a root account for themselves called nocsysadmin, and I've verified this info with them.

    However every night I recieve an email from CPanel telling me that : "[hackcheck] nocsysadmin has a uid 0 account". How may I stop it? Well I mean not to stop "hackcheck" emails at all, just for this specific user..

    Any help is appreciated, thanks a lot! :)
     
  2. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,664
    Likes Received:
    69
    Trophy Points:
    203
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    pico /etc/passwd and add nocsysadmin to it
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,574
    Likes Received:
    3
    Trophy Points:
    193
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    Incorrect.

    There are two things here;

    1. The noc should not be doing that they should use su - just like you should.

    2. In order to change that e-mail from sending you need to edit /scripts/hackcheck and change
    Code:
     if ($uid == 0 && $user ne "root" && $user ne "toor") {
    to include their id.

    Keep in mind that this file is cPanel's and it may get changed back.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. ttk_2k

    ttk_2k Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    156
    Thanks a lot, and by the way, how may I disable this user and I'd prefer to give root pwd to my NOC when I need assistence instead just have this root user in my system which may be a risk. Thanks!!
     
  5. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,574
    Likes Received:
    3
    Trophy Points:
    193
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    You have two choices here as well.

    Delete the account

    userdel username

    or comment out the user (will still trigger hackcheck if not modified)

    Edit /etc/shadow as root
    locate the username

    insert !! after the first : after the userid

    Example

    userid:!!$1$LtMXqqsM$GPJstxfHYkgBlAM75/8QM0:12863:0:99999:7:::
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. ttk_2k

    ttk_2k Well-Known Member

    Joined:
    Jan 22, 2005
    Messages:
    45
    Likes Received:
    0
    Trophy Points:
    156
    Thank you dgbaker, but could u pls kindly explain what does the second way (comment out) exactly do? It seems a great way, but is that just to disable the user to login or will entirely make the user unfunctioning at all and make that user NOT be a risk to our system?

    Thanks for your help!
     
  7. dgbaker

    dgbaker Well-Known Member
    PartnerNOC

    Joined:
    Sep 20, 2002
    Messages:
    2,574
    Likes Received:
    3
    Trophy Points:
    193
    Location:
    Toronto, Ontario Canada
    cPanel Access Level:
    DataCenter Provider
    It effectively disables the account. Only root can su to it still AFAIK. The only true way though of course is not have it at all, as it even being there with ID 0 is a potential risk.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice