Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

rkhunter says __stack_chk_fail

Discussion in 'General Discussion' started by audrey, Oct 22, 2018.

  1. audrey

    audrey Well-Known Member

    Joined:
    Oct 18, 2006
    Messages:
    84
    Likes Received:
    2
    Trophy Points:
    158
    Hi

    Just downloaded rkhunter on all of my servers

    rkhunter results say

    Checking `passwd'... INFECTED

    I am assuming that it is a false positive based on the results from the following commands

    # md5sum /usr/local/cpanel/bin/jail_safe_passwd
    57f916dd384d2e5bd502c55881bd2711 /usr/local/cpanel/bin/jail_safe_passwd

    # md5sum /bin/passwd
    792964343f6f916d8025bf9b1eb1e839 /bin/passwd
    >>>>>>>>>>>>>>>>>>>

    rkhunter results also say

    Checking `bindshell'... INFECTED PORTS: ( 465)

    I am thinking this is a false positive.
    Is there a command to check if this is a false positive?

    >>>>>>>>>>>>>>>>>>>>>

    when I run this command
    /root/chkrootkit-0.52/chkrootkit -x | more
    rkhunter results say

    __stack_chk_fail

    any thoughts on what this means?

    >>>>>>>>>>>>>>>>>>>>>>>>>

    Is there another root kit script that can detect other/newer viruses and root kits?

    Is there another anti virus software other than maldet?

    Thanks for your help!

    Take Care
    Audrey
     
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,447
    Likes Received:
    503
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @audrey

    I'm not sure what happened here but I will say that it may be best to err on the side of caution in this respect. There are other antimalware softwares like ClamAV and I believe Sucuri has something. Either way, can you please open a ticket using the link in my signature. Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved.


    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. audrey

    audrey Well-Known Member

    Joined:
    Oct 18, 2006
    Messages:
    84
    Likes Received:
    2
    Trophy Points:
    158
    Hi Lauren

    Thanks for your help.

    I just submit a ticket
    Your Support Request ID is: 10561521

    Take Care
    Audrey
     
  4. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,447
    Likes Received:
    503
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Thanks Audrey,

    I'm following that ticket and I'll update here when more information is available.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,447
    Likes Received:
    503
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @audrey

    I checked in on the ticket and it was confirmed that the output is not something you need to be alarmed over the warnings you did get are known false positives.


    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice