lfd /bin/passwd: FAILED

epanagio · Oct 22, 2015

I received an email where it tells me that the /bin/passwd failed the md5sum comparison test.

This is alarming because I did not make any changes to cause this message.

Could this be generated because of a cpanel/WHM update?

David P. Levey Jr. · Oct 23, 2015

epanagio said:
Could this be generated because of a cpanel/WHM update?

It in fact may be. Check the location of /bin/passwd, it should be a symlink to a cPanel file:

Code:

lrwxrwxrwx 1 root root 38 Oct 14 08:13 passwd -> /usr/local/cpanel/bin/jail_safe_passwd*

In this case, the jail_safe_passwd bin file was updated for me on 10-22-2015:

Code:

update.1445491741.log:[2015-10-22 01:31:52 -0400]   Retrieving and staging /cpanelsync/11.52.0.18/binaries/linux-c7-x86_64/bin/jail_safe_passwd.xz
update.1445491741.log:[2015-10-22 01:31:52 -0400]   Set permissions on /usr/local/cpanel/bin/jail_safe_passwd-cpanelsync to 0755

I highly recommend that you review your update logs to ensure it's the same for you and not take "my word" for it, that it's safe. Also, the md5sum that I'm showing for my jail_safe_passwd file is:

Code:

# md5sum /usr/local/cpanel/bin/jail_safe_passwd
af790d8a13befd4eceabbc604fd62e20  /usr/local/cpanel/bin/jail_safe_passwd

cPanelMichael · Nov 10, 2015

Hello

Yes, the previous post is accurate. You can post the md5sum for the file on your system if you are concerned it's not legitimate.

Thank you.

W_Hosting · Apr 15, 2016

Is 65307aaf777e38b3993007407505f8f5 passwd a valid MD5 for 54 Build 21?

cPanelMichael · Apr 21, 2016

W_Hosting said:
Is 65307aaf777e38b3993007407505f8f5 passwd a valid MD5 for 54 Build 21?

Yes, that matches for the CentOS 6 x86_64 environment.

Thank you.

s37n · Mar 21, 2017

I received this message recently as well. Can someone please verify the MD5 for my 56.0 (Build 46) installation?

d41d8cd98f00b204e9800998ecf8427e /usr/local/cpanel/bin/jail_safe_passwd

cPanelMichael · Mar 22, 2017

s37n said:
I received this message recently as well. Can someone please verify the MD5 for my 56.0 (Build 46) installation?

d41d8cd98f00b204e9800998ecf8427e /usr/local/cpanel/bin/jail_safe_passwd

Hello @s37n,

Could you let u know your OS version and architecture? You can determine this with the following commands:

Code:

cat /etc/redhat-release
arch

Keep in mind that functionality is included to ensure files downloaded from cPanel update servers are authentic. You can read more about how this works on the following document:

Download Security - cPanel Knowledge Base - cPanel Documentation

Thank you.

Thread starter	Similar threads	Forum	Replies	Date
G	LFD keeps failing, now I see that /usr/sbin/csf and lfd have been modified	Security	4	Oct 21, 2020
J	lfd suspicious process /usr/bin/php	Security	2	Aug 27, 2016
6	LFD Suspicious process messages - (deleted) /usr/bin/php	Security	7	Aug 27, 2013
M	/usr/sbin/lfd: FAILED	Security	5	Dec 8, 2010
B	lfd: Suspicious process running under user bintanne	Security	3	May 8, 2007

Search

Search

lfd /bin/passwd: FAILED

epanagio

Well-Known Member

David P. Levey Jr.

Member

cPanelMichael

Administrator

W_Hosting

Registered

cPanelMichael

Administrator

s37n

Active Member

cPanelMichael

Administrator