The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Security] MD5 and Size check

Discussion in 'Security' started by Radio_Head, May 9, 2003.

  1. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    I wrote a script to make MD5 checksums and Size checks
    on my red hat packages .

    I found some checksum problem on some package
    (using rpm -V util-linux net-tools procps [package)

    frontpage-5.0-0
    SM5...GT /usr/local/frontpage/version5.0/apache-fp/_vti_bin/fpexe
    S.5....T /usr/local/frontpage/version5.0/apache-fp/fpexe.c S.5....T /usr/local/frontpage/we80.cnf

    and
    gd-devel-1.8.4-4

    S.5....T /usr/include/gd.h S.5....T /usr/include/gd_io.h S.5....T /usr/include/gdcache.h S.5....T /usr/include/gdfontg.h S.5....T /usr/include/gdfontl.h S.5....T /usr/include/gdfontmb.h S.5....T /usr/include/gdfonts.h S.5....T /usr/include/gdfontt.h S.5....T /usr/lib/libgd.a

    and
    gd-progs-1.8.4-4

    S.5....T /usr/bin/gd2copypal S.5....T /usr/bin/gd2topng S.5....T /usr/bin/gdparttopng S.5....T /usr/bin/gdtopng S.5....T /usr/bin/pngtogd S.5....T /usr/bin/pngtogd2 S.5....T /usr/bin/webpng

    and
    imap-2001a-10
    S.5....T /usr/sbin/imapd

    and

    pam-0.75-46.7.3
    S.5....T c /etc/pam.d/system-auth

    and

    perl-5.6.1-34.99.6

    S.5....T /usr/bin/a2p S.5....T /usr/bin/perl S.5....T /usr/bin/perl5.6.1 S.5....T /usr/bin/perlbug S.5....T /usr/lib/perl5/5.6.1/ExtUtils/MM_Unix.pm S.5....T /usr/lib/perl5/5.6.1/ExtUtils/MakeMaker.pm S.5....T /usr/lib/perl5/5.6.1/Getopt/Long.pm S.5....T /usr/lib/perl5/5.6.1/Test/Harness.pm S.5....T /usr/lib/perl5/5.6.1/newgetopt.pl


    Is it a good idea to reinstall above package or they were
    modified by WHM/Cpanel ?
     
    #1 Radio_Head, May 9, 2003
    Last edited: May 9, 2003
  2. vishal

    vishal Well-Known Member

    Joined:
    Jan 28, 2003
    Messages:
    340
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    Did u run Chkrootkit !!!

    Regards,
     
  3. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    Radiohead, I saw in another thread you mentioned tripwire.
    Why did you decide not to use tripwire and write your own scripts?
     
  4. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    Because to do the checksum above are enough
    about 10 php rows (surely you can do that also with a small bash script) . I don't know what does exactly tripwire , I don't think it's only a checksum software . I think that tripwire when find something wrong deny the usage of some program and other things .
     
  5. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    Re: Re: [Security] MD5 and Size check

    Yes I run chkrootkit very often . However , I repeat you ,
    those packages should be modified by cpanel ,
    try to execute ( version packages are for a red hat 7.2 box)

    rpm -V util-linux net-tools procps frontpage
    rpm -V util-linux net-tools procps gd-devel
    rpm -V util-linux net-tools procps gd-progs
    rpm -V util-linux net-tools procps imap
    rpm -V util-linux net-tools procps pam
    rpm -V util-linux net-tools procps per

    and tell me if you have some S.5 error .
    Probably yes , and I think because these files are modified by cpanel .
     
  6. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    bump
     
  7. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    bump
     
  8. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    I received this reply from darkorb ..

    Yes, cpanel does modify some rpm's so this is something you should not worry about... :)
     
  9. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    they told me also that it's not a good idea to force installation of rpm to remove the checksum error , because the file were modified by Cpanel .

    The problem is that I have a list of rpm with checksum errors and I don't which are the rpm that are modified by cpanel and if I have some rpm modified for example from an hacker .

    I think we should know exactly which are the rpm modified
    by cpanel/whm and the new Cpanel/WHM checksum .
     
  10. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    I opened a ticket and darkorb provided me an ftp cpanel link
    where for every linux distrubution are listed all the rpm modified my Cpanel/WHM . Good ! In this way I can exactly know which are the rpms which could have md5 size checksum errors and rpm which should NOT have md5 size checksum errors .
     
  11. howard

    howard Well-Known Member

    Joined:
    Apr 20, 2003
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    yep i like the fact that they provide the src rpms as well so you can roll your own if your parnoid lol (or for ease of use)
     

Share This Page