The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Reinstall compromised SSHD via ssh

Discussion in 'Security' started by sozotech, May 15, 2014.

  1. sozotech

    sozotech Well-Known Member

    Joined:
    Jul 26, 2013
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I got an email that the md5 checksum failed for ssh and sshd on one of my servers so I am assuming it has been compromised as I see no recent package updates for it. I want to start moving accounts off this server but I would like to re-install the original ssh/sshd before I begin.

    I have an ssh session prior to the compromise still open. How can I re-install ssh/sshd without locking myself out of the server. Unfortunately, I cannot easily get console access. This is a Centos 6.5 server.

    Thanks,
    Eric
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    You should be able to safely "yum reinstall openssh-server" while logged in. Then I would log out, restart SSH via WHM, and change the root password via WHM as well.

    I'm only advising this because you stated you're moving accounts off of the server; obviously if sshd was tampered with you'll want to re-image or retire the system. Always good to check your local machines for any malware as well.
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,446
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I think I'd like to see more of the email, TBH.
     
  4. sozotech

    sozotech Well-Known Member

    Joined:
    Jul 26, 2013
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Here is what the email said.

     
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,446
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I thought so. This email means your system was updated. ConfigServer/LFD as the title of that email should show, is alerting you to the fact that these files were changed in some way. If your system was freshly updated, manually or automatically, and you have no other reason to suspect compromise other than this email, you should be fine.

    Restarting CSF/LFD is suggested.
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,446
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Here's a similar email for an extreme example:

    Code:
    The following list of files have FAILED the md5sum comparison test. This means that the file has been changed in some way. This could be a result of an OS update or application upgrade. If the change is unexpected it should be investigated:
    
    /usr/bin/addr2line: FAILED
    /usr/bin/afs5log: FAILED
    /usr/bin/ar: FAILED
    /usr/bin/as: FAILED
    /usr/bin/aulastlog: FAILED
    /usr/bin/ausyscall: FAILED
    /usr/bin/c++: FAILED
    /usr/bin/cal: FAILED
    /usr/bin/cancel: FAILED
    /usr/bin/cancel.cups: FAILED
    /usr/bin/cc: FAILED
    /usr/bin/certutil: FAILED
    /usr/bin/c++filt: FAILED
    /usr/bin/chage: FAILED
    /usr/bin/chfn: FAILED
    /usr/bin/chrt: FAILED
    /usr/bin/chsh: FAILED
    /usr/bin/cmsutil: FAILED
    /usr/bin/col: FAILED
    /usr/bin/colcrt: FAILED
    /usr/bin/colrm: FAILED
    /usr/bin/column: FAILED
    /usr/bin/cpp: FAILED
    /usr/bin/crash: FAILED
    /usr/bin/crlutil: FAILED
    /usr/bin/crontab: FAILED
    /usr/bin/cupstestdsc: FAILED
    /usr/bin/cupstestppd: FAILED
    /usr/bin/curl: FAILED
    /usr/bin/cvs: FAILED
    /usr/bin/cytune: FAILED
    /usr/bin/ddate: FAILED
    /usr/bin/dig: FAILED
    /usr/bin/esd: FAILED
    /usr/bin/esdcat: FAILED
    /usr/bin/esdctl: FAILED
    /usr/bin/esdfilt: FAILED
    /usr/bin/esdloop: FAILED
    /usr/bin/esdmon: FAILED
    /usr/bin/esdplay: FAILED
    /usr/bin/esdrec: FAILED
    /usr/bin/esdsample: FAILED
    /usr/bin/faillog: FAILED
    /usr/bin/fastjar: FAILED
    /usr/bin/fdformat: FAILED
    /usr/bin/file: FAILED
    /usr/bin/flock: FAILED
    /usr/bin/floppy: FAILED
    /usr/bin/g++: FAILED
    /usr/bin/gcc: FAILED
    /usr/bin/gcj-dbtool: FAILED
    /usr/bin/gcov: FAILED
    /usr/bin/gencat: FAILED
    /usr/bin/getconf: FAILED
    /usr/bin/getent: FAILED
    /usr/bin/gethostip: FAILED
    /usr/bin/getopt: FAILED
    /usr/bin/ghostscript: FAILED
    /usr/bin/gij: FAILED
    /usr/bin/gjarsigner: FAILED
    /usr/bin/gkeytool: FAILED
    /usr/bin/gpasswd: FAILED
    /usr/bin/gprof: FAILED
    /usr/bin/grepjar: FAILED
    /usr/bin/grmic: FAILED
    /usr/bin/grmiregistry: FAILED
    /usr/bin/gs: FAILED
    /usr/bin/hexdump: FAILED
    /usr/bin/host: FAILED
    /usr/bin/i386-redhat-linux-c++: FAILED
    /usr/bin/i386-redhat-linux-g++: FAILED
    /usr/bin/i386-redhat-linux-gcc: FAILED
    /usr/bin/iconv: FAILED
    /usr/bin/ionice: FAILED
    /usr/bin/ipcrm: FAILED
    /usr/bin/ipcs: FAILED
    /usr/bin/isc-config.sh: FAILED
    /usr/bin/isosize: FAILED
    /usr/bin/jv-convert: FAILED
    /usr/bin/kill: FAILED
    /usr/bin/ksh: FAILED
    /usr/bin/lastlog: FAILED
    /usr/bin/ld: FAILED
    /usr/bin/lddlibc4: FAILED
    /usr/bin/locale: FAILED
    /usr/bin/localedef: FAILED
    /usr/bin/logger: FAILED
    /usr/bin/look: FAILED
    /usr/bin/lp: FAILED
    /usr/bin/lp.cups: FAILED
    /usr/bin/lpoptions: FAILED
    /usr/bin/lppasswd: FAILED
    /usr/bin/lpq: FAILED
    /usr/bin/lpq.cups: FAILED
    /usr/bin/lpr: FAILED
    /usr/bin/lpr.cups: FAILED
    /usr/bin/lprm: FAILED
    /usr/bin/lprm.cups: FAILED
    /usr/bin/lpstat: FAILED
    /usr/bin/lpstat.cups: FAILED
    /usr/bin/mcookie: FAILED
    /usr/bin/modutil: FAILED
    /usr/bin/namei: FAILED
    /usr/bin/newgrp: FAILED
    /usr/bin/nm: FAILED
    /usr/bin/nslookup: FAILED
    /usr/bin/nsupdate: FAILED
    /usr/bin/objcopy: FAILED
    /usr/bin/objdump: FAILED
    /usr/bin/openssl: FAILED
    /usr/bin/pdffonts: FAILED
    /usr/bin/pdfimages: FAILED
    /usr/bin/pdfinfo: FAILED
    /usr/bin/pdftohtml: FAILED
    /usr/bin/pdftops: FAILED
    /usr/bin/pdftotext: FAILED
    /usr/bin/pk12util: FAILED
    /usr/bin/pkcs11_eventmgr: FAILED
    /usr/bin/pkcs11_inspect: FAILED
    /usr/bin/pkcs11_setup: FAILED
    /usr/bin/pklogin_finder: FAILED
    /usr/bin/protoize: FAILED
    /usr/bin/python: FAILED
    /usr/bin/python2: FAILED
    /usr/bin/python2.4: FAILED
    /usr/bin/ranlib: FAILED
    /usr/bin/readelf: FAILED
    /usr/bin/rename: FAILED
    /usr/bin/renice: FAILED
    /usr/bin/rev: FAILED
    /usr/bin/rngtest: FAILED
    /usr/bin/rpcgen: FAILED
    /usr/bin/rpm2cpio: FAILED
    /usr/bin/rpmbuild: FAILED
    /usr/bin/rpmdb: FAILED
    /usr/bin/rpmquery: FAILED
    /usr/bin/rpmsign: FAILED
    /usr/bin/rpmverify: FAILED
    /usr/bin/scp: FAILED
    /usr/bin/script: FAILED
    /usr/bin/setsid: FAILED
    /usr/bin/setterm: FAILED
    /usr/bin/sftp: FAILED
    /usr/bin/sg: FAILED
    /usr/bin/signtool: FAILED
    /usr/bin/signver: FAILED
    /usr/bin/size: FAILED
    /usr/bin/slogin: FAILED
    /usr/bin/smtpd.pyc: FAILED
    /usr/bin/smtpd.pyo: FAILED
    /usr/bin/sprof: FAILED
    /usr/bin/ssh: FAILED
    /usr/bin/ssh-add: FAILED
    /usr/bin/ssh-agent: FAILED
    /usr/bin/ssh-copy-id: FAILED
    /usr/bin/ssh-keygen: FAILED
    /usr/bin/ssh-keyscan: FAILED
    /usr/bin/ssltap: FAILED
    /usr/bin/strace: FAILED
    /usr/bin/strings: FAILED
    /usr/bin/strip: FAILED
    /usr/bin/sudo: FAILED
    /usr/bin/sudoedit: FAILED
    /usr/bin/syslinux: FAILED
    /usr/bin/tailf: FAILED
    /usr/bin/ul: FAILED
    /usr/bin/unprotoize: FAILED
    /usr/bin/whereis: FAILED
    /usr/bin/write: FAILED
    /usr/bin/xmlcatalog: FAILED
    /usr/bin/xmllint: FAILED
    /usr/bin/ypcat: FAILED
    /usr/bin/ypchfn: FAILED
    /usr/bin/ypchsh: FAILED
    /usr/bin/ypmatch: FAILED
    /usr/bin/yppasswd: FAILED
    /usr/bin/ypwhich: FAILED
    /usr/sbin/accept: FAILED
    /usr/sbin/adduser: FAILED
    /usr/sbin/automount: FAILED
    /usr/sbin/bind-chroot-admin: FAILED
    /usr/sbin/build-locale-archive: FAILED
    /usr/sbin/chpasswd: FAILED
    /usr/sbin/crond: FAILED
    /usr/sbin/cupsaddsmb: FAILED
    /usr/sbin/cupsctl: FAILED
    /usr/sbin/cupsd: FAILED
    /usr/sbin/cupsdisable: FAILED
    /usr/sbin/cupsenable: FAILED
    /usr/sbin/cupsfilter: FAILED
    /usr/sbin/dns-keygen: FAILED
    /usr/sbin/dnssec-keygen: FAILED
    /usr/sbin/dnssec-signzone: FAILED
    /usr/sbin/exportfs: FAILED
    /usr/sbin/firstboot: FAILED
    /usr/sbin/fsadm: FAILED
    /usr/sbin/glibc_post_upgrade.i686: FAILED
    /usr/sbin/groupadd: FAILED
    /usr/sbin/groupdel: FAILED
    /usr/sbin/groupmod: FAILED
    /usr/sbin/grpck: FAILED
    /usr/sbin/grpconv: FAILED
    /usr/sbin/grpunconv: FAILED
    /usr/sbin/gss_clnt_send_err: FAILED
    /usr/sbin/hwclock: FAILED
    /usr/sbin/iconvconfig: FAILED
    /usr/sbin/iconvconfig.i686: FAILED
    /usr/sbin/kudzu: FAILED
    /usr/sbin/lpadmin: FAILED
    /usr/sbin/lpc: FAILED
    /usr/sbin/lpc.cups: FAILED
    /usr/sbin/lpinfo: FAILED
    /usr/sbin/lpmove: FAILED
    /usr/sbin/lsof: FAILED
    /usr/sbin/lvchange: FAILED
    /usr/sbin/lvconvert: FAILED
    /usr/sbin/lvcreate: FAILED
    /usr/sbin/lvdisplay: FAILED
    /usr/sbin/lvextend: FAILED
    /usr/sbin/lvm: FAILED
    /usr/sbin/lvmchange: FAILED
    /usr/sbin/lvmdiskscan: FAILED
    /usr/sbin/lvmsadc: FAILED
    /usr/sbin/lvmsar: FAILED
    /usr/sbin/lvreduce: FAILED
    /usr/sbin/lvremove: FAILED
    /usr/sbin/lvrename: FAILED
    /usr/sbin/lvresize: FAILED
    /usr/sbin/lvs: FAILED
    /usr/sbin/lvscan: FAILED
    /usr/sbin/lwresd: FAILED
    /usr/sbin/named: FAILED
    /usr/sbin/named-checkconf: FAILED
    /usr/sbin/named-checkzone: FAILED
    /usr/sbin/ndc: FAILED
    /usr/sbin/newusers: FAILED
    /usr/sbin/nfsstat: FAILED
    /usr/sbin/nhfsstone: FAILED
    /usr/sbin/nscd: FAILED
    /usr/sbin/pvchange: FAILED
    /usr/sbin/pvck: FAILED
    /usr/sbin/pvcreate: FAILED
    /usr/sbin/pvdisplay: FAILED
    /usr/sbin/pvmove: FAILED
    /usr/sbin/pvremove: FAILED
    /usr/sbin/pvresize: FAILED
    /usr/sbin/pvs: FAILED
    /usr/sbin/pvscan: FAILED
    /usr/sbin/pwck: FAILED
    /usr/sbin/pwconv: FAILED
    /usr/sbin/pwunconv: FAILED
    /usr/sbin/ramsize: FAILED
    /usr/sbin/rdev: FAILED
    /usr/sbin/readprofile: FAILED
    /usr/sbin/reject: FAILED
    /usr/sbin/rndc: FAILED
    /usr/sbin/rndc-confgen: FAILED
    /usr/sbin/rootflags: FAILED
    /usr/sbin/rpc.gssd: FAILED
    /usr/sbin/rpc.idmapd: FAILED
    /usr/sbin/rpcinfo: FAILED
    /usr/sbin/rpc.mountd: FAILED
    /usr/sbin/rpc.nfsd: FAILED
    /usr/sbin/rpc.svcgssd: FAILED
    /usr/sbin/showmount: FAILED
    /usr/sbin/sosreport: FAILED
    /usr/sbin/sshd: FAILED
    /usr/sbin/sysreport: FAILED
    /usr/sbin/tunelp: FAILED
    /usr/sbin/tzdata-update: FAILED
    /usr/sbin/useradd: FAILED
    /usr/sbin/userdel: FAILED
    /usr/sbin/usermod: FAILED
    /usr/sbin/usernetctl: FAILED
    /usr/sbin/vgcfgbackup: FAILED
    /usr/sbin/vgcfgrestore: FAILED
    /usr/sbin/vgchange: FAILED
    /usr/sbin/vgck: FAILED
    /usr/sbin/vgconvert: FAILED
    /usr/sbin/vgcreate: FAILED
    /usr/sbin/vgdisplay: FAILED
    /usr/sbin/vgexport: FAILED
    /usr/sbin/vgextend: FAILED
    /usr/sbin/vgimport: FAILED
    /usr/sbin/vgmerge: FAILED
    /usr/sbin/vgmknodes: FAILED
    /usr/sbin/vgreduce: FAILED
    /usr/sbin/vgremove: FAILED
    /usr/sbin/vgrename: FAILED
    /usr/sbin/vgs: FAILED
    /usr/sbin/vgscan: FAILED
    /usr/sbin/vgsplit: FAILED
    /usr/sbin/vidmode: FAILED
    /usr/sbin/vigr: FAILED
    /usr/sbin/vipw: FAILED
    /usr/sbin/visudo: FAILED
    /usr/sbin/yppoll: FAILED
    /usr/sbin/ypserv_test: FAILED
    /usr/sbin/ypset: FAILED
    /usr/sbin/yptest: FAILED
    /usr/sbin/zdump: FAILED
    /usr/sbin/zic: FAILED
    /bin/arch: FAILED
    /bin/dmesg: FAILED
    /bin/dnsdomainname: FAILED
    /bin/doexec: FAILED
    /bin/domainname: FAILED
    /bin/hostname: FAILED
    /bin/ipcalc: FAILED
    /bin/kill: FAILED
    /bin/ksh: FAILED
    /bin/ksh93: FAILED
    /bin/logger: FAILED
    /bin/login: FAILED
    /bin/more: FAILED
    /bin/mount: FAILED
    /bin/netstat: FAILED
    /bin/nisdomainname: FAILED
    /bin/raw: FAILED
    /bin/rpm: FAILED
    /bin/taskset: FAILED
    /bin/umount: FAILED
    /bin/usleep: FAILED
    /bin/ypdomainname: FAILED
    /sbin/addpart: FAILED
    /sbin/agetty: FAILED
    /sbin/arp: FAILED
    /sbin/audispd: FAILED
    /sbin/auditctl: FAILED
    /sbin/auditd: FAILED
    /sbin/aureport: FAILED
    /sbin/ausearch: FAILED
    /sbin/autrace: FAILED
    /sbin/blockdev: FAILED
    /sbin/brcm_iscsiuio: FAILED open or read
    /sbin/cciss_id: FAILED
    /sbin/clock: FAILED
    /sbin/consoletype: FAILED
    /sbin/ctrlaltdel: FAILED
    /sbin/delpart: FAILED
    /sbin/dhclient: FAILED
    /sbin/dmeventd: FAILED
    /sbin/dmsetup: FAILED
    /sbin/dmsetup.static: FAILED
    /sbin/ether-wake: FAILED
    /sbin/extlinux: FAILED
    /sbin/fdisk: FAILED
    /sbin/fsck.cramfs: FAILED
    /sbin/fstab-decode: FAILED
    /sbin/genhostid: FAILED
    /sbin/getkey: FAILED
    /sbin/grubby: FAILED
    /sbin/hwclock: FAILED
    /sbin/ifconfig: FAILED
    /sbin/initlog: FAILED
    /sbin/ip6tables: FAILED
    /sbin/ip6tables-restore: FAILED
    /sbin/ip6tables-save: FAILED
    /sbin/ipmaddr: FAILED
    /sbin/iptables: FAILED
    /sbin/iptables-restore: FAILED
    /sbin/iptables-save: FAILED
    /sbin/iptunnel: FAILED
    /sbin/iscsiadm: FAILED
    /sbin/iscsid: FAILED
    /sbin/iscsi-iname: FAILED
    /sbin/iscsistart: FAILED
    /sbin/kpartx: FAILED
    /sbin/kpartx.static: FAILED
    /sbin/kudzu: FAILED
    /sbin/ldconfig: FAILED
    /sbin/losetup: FAILED
    /sbin/lspci: FAILED
    /sbin/lvm: FAILED
    /sbin/lvm.static: FAILED
    /sbin/microcode_ctl: FAILED
    /sbin/mii-diag: FAILED
    /sbin/mii-tool: FAILED
    /sbin/mkfs: FAILED
    /sbin/mkfs.cramfs: FAILED
    /sbin/mkinitrd: FAILED
    /sbin/mkswap: FAILED
    /sbin/mount.nfs: FAILED
    /sbin/mount.nfs4: FAILED
    /sbin/mpath_ctl: FAILED
    /sbin/mpath_prio_alua: FAILED
    /sbin/mpath_prio_alua.static: FAILED
    /sbin/mpath_prio_emc: FAILED
    /sbin/mpath_prio_emc.static: FAILED
    /sbin/mpath_prio_hds_modular: FAILED
    /sbin/mpath_prio_hds_modular.static: FAILED
    /sbin/mpath_prio_hp_sw: FAILED
    /sbin/mpath_prio_hp_sw.static: FAILED
    /sbin/mpath_prio_intel: FAILED
    /sbin/mpath_prio_intel.static: FAILED
    /sbin/mpath_prio_netapp: FAILED
    /sbin/mpath_prio_netapp.static: FAILED
    /sbin/mpath_prio_ontap: FAILED
    /sbin/mpath_prio_ontap.static: FAILED
    /sbin/mpath_prio_rdac: FAILED
    /sbin/mpath_prio_rdac.static: FAILED
    /sbin/mpath_prio_tpc: FAILED
    /sbin/mpath_prio_tpc.static: FAILED
    /sbin/mpath_prio_weighted: FAILED
    /sbin/mpath_prio_weighted.static: FAILED
    /sbin/multipath: FAILED
    /sbin/multipathd: FAILED
    /sbin/multipath.static: FAILED
    /sbin/nameif: FAILED
    /sbin/nash: FAILED
    /sbin/netplugd: FAILED
    /sbin/netreport: FAILED
    /sbin/nologin: FAILED
    /sbin/parted: FAILED
    /sbin/partprobe: FAILED
    /sbin/partx: FAILED
    /sbin/pivot_root: FAILED
    /sbin/plipconfig: FAILED
    /sbin/ppp-watch: FAILED
    /sbin/pvscan: FAILED
    /sbin/rngd: FAILED
    /sbin/route: FAILED
    /sbin/rpc.lockd: FAILED
    /sbin/rpc.statd: FAILED
    /sbin/setpci: FAILED
    /sbin/sfdisk: FAILED
    /sbin/slattach: FAILED
    /sbin/sln: FAILED
    /sbin/swapoff: FAILED
    /sbin/swapon: FAILED
    /sbin/umount.nfs: FAILED
    /sbin/umount.nfs4: FAILED
    /sbin/vgchange: FAILED
    /sbin/vgscan: FAILED
    /etc/init.d/crond: FAILED
    /etc/init.d/ip6tables: FAILED
    /etc/init.d/iptables: FAILED
    /etc/init.d/iscsid: FAILED
    /etc/init.d/lvm2-monitor: FAILED
    /etc/init.d/microcode_ctl: FAILED
    /etc/init.d/netconsole: FAILED
    /etc/init.d/nfs: FAILED
    /etc/init.d/nfslock: FAILED
    /etc/init.d/rpcgssd: FAILED
    /etc/init.d/rpcidmapd: FAILED
    /etc/init.d/rpcsvcgssd: FAILED
     
  7. sozotech

    sozotech Well-Known Member

    Joined:
    Jul 26, 2013
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Well, I could not find a log of ssh/sshd being updated in /var/log/yum.log or anything in the previous mornings upcp log which made me suspect the compromise.

    Eric
     
  8. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    As you should. If yum / upcp had updated the RPM then the CSF email is expected and wouldn't be cause for concern. However, if there's no record of sshd being updated by yum or upcp, then you're probably right to assume root-level compromise.

    If you haven't already reinstalled, try "rpmverify -v openssh-server". If you see a '5' next to /usr/sbin/sshd, then it's compromised. If it's just a row of dots, then the MD5 matches the RPM. Verify the RPM has a valid signature using "rpm -qi openssh-server" If it's signed, match the signature to another package like coreutils. If those match you're good. If they don't, or openssh-server is unsigned, then it's compromised even if it passes rpmverify.

    If you're NOT hacked, your verify and -qi should look like this:

    Code:
    [root@new ~]# rpmverify -v openssh-server
    .........  c /etc/pam.d/ssh-keycat
    S.5....T.  c /etc/pam.d/sshd
    .........    /etc/rc.d/init.d/sshd
    SM5....T.  c /etc/ssh/sshd_config
    .........  c /etc/sysconfig/sshd
    .........    /usr/libexec/openssh/sftp-server
    .........    /usr/libexec/openssh/ssh-keycat
    .........    /usr/sbin/.sshd.hmac
    .........    /usr/sbin/sshd
    .........    /usr/share/doc/openssh-server-5.3p1
    .........  d /usr/share/doc/openssh-server-5.3p1/HOWTO.ssh-keycat
    .........  d /usr/share/man/man5/moduli.5.gz
    .........  d /usr/share/man/man5/sshd_config.5.gz
    .........  d /usr/share/man/man8/sftp-server.8.gz
    .........  d /usr/share/man/man8/sshd.8.gz
    .........    /var/empty/sshd
    [root@new ~]# rpm -qi openssh-server
    Name        : openssh-server               Relocations: (not relocatable)
    Version     : 5.3p1                             Vendor: CentOS
    Release     : 94.el6                        Build Date: Fri 22 Nov 2013 05:40:05 PM EST
    Install Date: Thu 15 May 2014 04:39:41 PM EDT      Build Host: c6b8.bsys.dev.centos.org
    Group       : System Environment/Daemons    Source RPM: openssh-5.3p1-94.el6.src.rpm
    Size        : 689757                           License: BSD
    Signature   : RSA/SHA1, Sun 24 Nov 2013 02:32:56 PM EST, Key ID 0946fca2c105b9de
    Packager    : CentOS BuildSystem <http://bugs.centos.org>
    URL         : http://www.openssh.com/portable.html
    Summary     : An open source SSH server daemon
    Description :
    OpenSSH is a free version of SSH (Secure SHell), a program for logging
    into and executing commands on a remote machine. This package contains
    the secure shell daemon (sshd). The sshd daemon allows SSH clients to
    securely connect to your SSH server.
    
    
     
    #8 quizknows, May 16, 2014
    Last edited: May 16, 2014
  9. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,446
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Excellent post, quizknows.
     
  10. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Thanks :)

    Partly due to the numerous ebury variants, I have plenty of practice verifying openssh-server and keyutils-libs RPMs >_<
     
  11. ThinIce

    ThinIce Well-Known Member

    Joined:
    Apr 27, 2006
    Messages:
    346
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Disillusioned in England
    cPanel Access Level:
    Root Administrator
    If I recall correctly, depending on your OS / whether it is set to run in cron, it's also worth checking your prelink log to see if this has modified things after an update to a library (i.e. glibc) - while rpm is prelink aware if memory serves, CSF isn't
     
Loading...

Share This Page