The server runs Centos 6.7 with WHM 54.0 (build 21) and CSF/LFD v8.16 which monitors various directories, including /bin and /usr/bin.
AT 4am yesterday, LFD notified me that /bin/ls and some other utils had changed. I knew this wasn't due to a cPanel update, as that runs at 4:30am, but I couldn't find out what had changed it, so I ran "yum reinstall coreutils". As expected, LFD then notified me that all the utils in that package had changed. However, at 4am this morning, it notified me that they had all been changed again. This time, before reinstalling them, I took a copy of /bin/ls, so I could compare it before and after, with this result:
Does cPanel require its own modified versions of those utilities, or could the server be compromised?
AT 4am yesterday, LFD notified me that /bin/ls and some other utils had changed. I knew this wasn't due to a cPanel update, as that runs at 4:30am, but I couldn't find out what had changed it, so I ran "yum reinstall coreutils". As expected, LFD then notified me that all the utils in that package had changed. However, at 4am this morning, it notified me that they had all been changed again. This time, before reinstalling them, I took a copy of /bin/ls, so I could compare it before and after, with this result:
Code:
[email protected] [~]# cp -p /bin/ls .
[email protected] [~]# yum reinstall coreutils
Loaded plugins: fastestmirror, security
Setting up Reinstall Process
Loading mirror speeds from cached hostfile
* epel: fedora-epel.mirror.lstn.net
* rpmforge: mirror.team-cymru.org
Resolving Dependencies
--> Running transaction check
---> Package coreutils.x86_64 0:8.4-37.el6_7.3 will be reinstalled
--> Finished Dependency Resolution
Dependencies Resolved
===============================================================================================
Package Arch Version Repository Size
===============================================================================================
Reinstalling:
coreutils x86_64 8.4-37.el6_7.3 updates 3.0 M
Transaction Summary
===============================================================================================
Reinstall 1 Package(s)
Total download size: 3.0 M
Installed size: 12 M
Downloading Packages:
coreutils-8.4-37.el6_7.3.x86_64.rpm | 3.0 MB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : coreutils-8.4-37.el6_7.3.x86_64 1/1
Verifying : coreutils-8.4-37.el6_7.3.x86_64 1/1
Installed:
coreutils.x86_64 0:8.4-37.el6_7.3
Complete!
[email protected] [~]# ls -l /bin/ls ls
-rwxr-xr-x 1 root root 109208 Nov 10 09:43 /bin/ls*
-rwxr-xr-x 1 root root 117024 Nov 10 09:43 ls*
