The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

rkhunter warnings after upgrade to 11.50.0.12

Discussion in 'Security' started by Mads Nordholm, Jun 22, 2015.

  1. Mads Nordholm

    Mads Nordholm Member

    Joined:
    Jun 7, 2015
    Messages:
    20
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Thailand
    cPanel Access Level:
    Root Administrator
    I may be worrying about nothing, but I'm a bit paranoid about the security of my server. After updating to 10.50.0.12 last nigh, I am seeing this in my rkhunter log file this morning:

    [rkhunter] Warnings found for ${HOST_NAME}"'
    [07:07:12] /bin/passwd [ Warning ]
    [07:07:12] Warning: The file properties have changed:
    [07:08:39] /usr/local/cpanel/bin/jail_safe_passwd [ Warning ]
    [07:08:39] Warning: The file properties have changed:
    [07:13:04] Checking for passwd file changes [ Warning ]
    [07:13:04] Warning: User 'cpanelconnecttrack' has been added to the passwd file.
    [07:13:05] Checking for group file changes [ Warning ]
    [07:13:05] Warning: Group 'cpanelconnecttrack' has been added to the group file.


    The cpannelconnecttrack user is aparently a new addition. I assume it's added by the update, but I would like to make sure.

    I also checked permissions on /usr/local/cpanel/bin/jail_safe_passwd and found this:

    -rwxr-xr-x 1 root root 16M Jun 21 23:23 jail_safe_passwd*

    Does that file really need to be world executable?
    I see that a lot of files in /usr/local/cpanel/bin/ are indeed world executable. What's the reason for this?

    Any input greatly appreciated.

    I meant version 11.50.0.12

    Tried to updated that in my original post, but got a warning that I was trying to post spam...
     
    #1 Mads Nordholm, Jun 22, 2015
    Last edited by a moderator: Jun 22, 2015
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    1. Yes, the "cpanelconnecttrack" user is added to /etc/passwd and /etc/group by design. This is part of the new Passive OS Fingerprinting feature.

    2. 0755 permissions are standard for the files within the /usr/local/cpanel/bin directory or Perl/CGI files in general. It's required based on how the files interact with the system. Ownership is set to "root".

    Thank you.
     
  3. Mads Nordholm

    Mads Nordholm Member

    Joined:
    Jun 7, 2015
    Messages:
    20
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Thailand
    cPanel Access Level:
    Root Administrator
    Thanks a lot for your reply. All my questions answered :)
     
Loading...

Share This Page