rkhunter warnings after upgrade to 11.50.0.12

Mads Nordholm

Active Member
Jun 7, 2015
26
2
3
Thailand
cPanel Access Level
Root Administrator
I may be worrying about nothing, but I'm a bit paranoid about the security of my server. After updating to 10.50.0.12 last nigh, I am seeing this in my rkhunter log file this morning:

[rkhunter] Warnings found for ${HOST_NAME}"'
[07:07:12] /bin/passwd [ Warning ]
[07:07:12] Warning: The file properties have changed:
[07:08:39] /usr/local/cpanel/bin/jail_safe_passwd [ Warning ]
[07:08:39] Warning: The file properties have changed:
[07:13:04] Checking for passwd file changes [ Warning ]
[07:13:04] Warning: User 'cpanelconnecttrack' has been added to the passwd file.
[07:13:05] Checking for group file changes [ Warning ]
[07:13:05] Warning: Group 'cpanelconnecttrack' has been added to the group file.


The cpannelconnecttrack user is aparently a new addition. I assume it's added by the update, but I would like to make sure.

I also checked permissions on /usr/local/cpanel/bin/jail_safe_passwd and found this:

-rwxr-xr-x 1 root root 16M Jun 21 23:23 jail_safe_passwd*

Does that file really need to be world executable?
I see that a lot of files in /usr/local/cpanel/bin/ are indeed world executable. What's the reason for this?

Any input greatly appreciated.

I meant version 11.50.0.12

Tried to updated that in my original post, but got a warning that I was trying to post spam...
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,216
463
Hello :)

1. Yes, the "cpanelconnecttrack" user is added to /etc/passwd and /etc/group by design. This is part of the new Passive OS Fingerprinting feature.

2. 0755 permissions are standard for the files within the /usr/local/cpanel/bin directory or Perl/CGI files in general. It's required based on how the files interact with the system. Ownership is set to "root".

Thank you.