Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

[Security] MD5 and Size check

Discussion in 'Security' started by Radio_Head, May 9, 2003.

  1. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    343
    I wrote a script to make MD5 checksums and Size checks
    on my red hat packages .

    I found some checksum problem on some package
    (using rpm -V util-linux net-tools procps [package)

    frontpage-5.0-0
    SM5...GT /usr/local/frontpage/version5.0/apache-fp/_vti_bin/fpexe
    S.5....T /usr/local/frontpage/version5.0/apache-fp/fpexe.c S.5....T /usr/local/frontpage/we80.cnf

    and
    gd-devel-1.8.4-4

    S.5....T /usr/include/gd.h S.5....T /usr/include/gd_io.h S.5....T /usr/include/gdcache.h S.5....T /usr/include/gdfontg.h S.5....T /usr/include/gdfontl.h S.5....T /usr/include/gdfontmb.h S.5....T /usr/include/gdfonts.h S.5....T /usr/include/gdfontt.h S.5....T /usr/lib/libgd.a

    and
    gd-progs-1.8.4-4

    S.5....T /usr/bin/gd2copypal S.5....T /usr/bin/gd2topng S.5....T /usr/bin/gdparttopng S.5....T /usr/bin/gdtopng S.5....T /usr/bin/pngtogd S.5....T /usr/bin/pngtogd2 S.5....T /usr/bin/webpng

    and
    imap-2001a-10
    S.5....T /usr/sbin/imapd

    and

    pam-0.75-46.7.3
    S.5....T c /etc/pam.d/system-auth

    and

    perl-5.6.1-34.99.6

    S.5....T /usr/bin/a2p S.5....T /usr/bin/perl S.5....T /usr/bin/perl5.6.1 S.5....T /usr/bin/perlbug S.5....T /usr/lib/perl5/5.6.1/ExtUtils/MM_Unix.pm S.5....T /usr/lib/perl5/5.6.1/ExtUtils/MakeMaker.pm S.5....T /usr/lib/perl5/5.6.1/Getopt/Long.pm S.5....T /usr/lib/perl5/5.6.1/Test/Harness.pm S.5....T /usr/lib/perl5/5.6.1/newgetopt.pl


    Is it a good idea to reinstall above package or they were
    modified by WHM/Cpanel ?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #1 Radio_Head, May 9, 2003
    Last edited: May 9, 2003
  2. vishal

    vishal Well-Known Member

    Joined:
    Jan 28, 2003
    Messages:
    340
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    India
    Did u run Chkrootkit !!!

    Regards,
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    168
    Radiohead, I saw in another thread you mentioned tripwire.
    Why did you decide not to use tripwire and write your own scripts?
     
  4. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    343
    Because to do the checksum above are enough
    about 10 php rows (surely you can do that also with a small bash script) . I don't know what does exactly tripwire , I don't think it's only a checksum software . I think that tripwire when find something wrong deny the usage of some program and other things .
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    343
    Re: Re: [Security] MD5 and Size check

    Yes I run chkrootkit very often . However , I repeat you ,
    those packages should be modified by cpanel ,
    try to execute ( version packages are for a red hat 7.2 box)

    rpm -V util-linux net-tools procps frontpage
    rpm -V util-linux net-tools procps gd-devel
    rpm -V util-linux net-tools procps gd-progs
    rpm -V util-linux net-tools procps imap
    rpm -V util-linux net-tools procps pam
    rpm -V util-linux net-tools procps per

    and tell me if you have some S.5 error .
    Probably yes , and I think because these files are modified by cpanel .
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    343
    bump
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    343
    bump
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    343
    I received this reply from darkorb ..

    Yes, cpanel does modify some rpm's so this is something you should not worry about... :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    343
    they told me also that it's not a good idea to force installation of rpm to remove the checksum error , because the file were modified by Cpanel .

    The problem is that I have a list of rpm with checksum errors and I don't which are the rpm that are modified by cpanel and if I have some rpm modified for example from an hacker .

    I think we should know exactly which are the rpm modified
    by cpanel/whm and the new Cpanel/WHM checksum .
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    343
    I opened a ticket and darkorb provided me an ftp cpanel link
    where for every linux distrubution are listed all the rpm modified my Cpanel/WHM . Good ! In this way I can exactly know which are the rpms which could have md5 size checksum errors and rpm which should NOT have md5 size checksum errors .
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. howard

    howard Well-Known Member

    Joined:
    Apr 20, 2003
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    166
    yep i like the fact that they provide the src rpms as well so you can roll your own if your parnoid lol (or for ease of use)
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice