Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

System Integrity checking - modified files !

Discussion in 'Security' started by bigste, Oct 15, 2010.

  1. bigste

    bigste Member

    Joined:
    Jan 6, 2009
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    51
    Location:
    Cheshire, UK
    This morning I got an email from my server telling me about this list of files that have failed their MD5 check.
    I haven't seen any OS updates or anything. Are these the files that maybe targetted by a virus or hacker etc... I wouldn't really know. If they were in C:\Windows\System32 I'd be a bit worried about it but on this CentOS system I'm a bit out of my depth.


    /usr/bin/gencat: FAILED
    /usr/bin/getconf: FAILED
    /usr/bin/getent: FAILED
    /usr/bin/iconv: FAILED
    /usr/bin/java: FAILED
    /usr/bin/keytool: FAILED
    /usr/bin/lddlibc4: FAILED
    /usr/bin/locale: FAILED
    /usr/bin/localedef: FAILED
    /usr/bin/orbd: FAILED
    /usr/bin/pack200: FAILED
    /usr/bin/rmid: FAILED
    /usr/bin/rmiregistry: FAILED
    /usr/bin/rpcgen: FAILED
    /usr/bin/servertool: FAILED
    /usr/bin/sprof: FAILED
    /usr/bin/tnameserv: FAILED
    /usr/bin/unpack200: FAILED
    /usr/sbin/build-locale-archive: FAILED
    /usr/sbin/glibc_post_upgrade.i686: FAILED
    /usr/sbin/iconvconfig: FAILED
    /usr/sbin/iconvconfig.i686: FAILED
    /usr/sbin/logrotate: FAILED
    /usr/sbin/nscd: FAILED
    /usr/sbin/rpcinfo: FAILED
    /usr/sbin/zdump: FAILED
    /usr/sbin/zic: FAILED
    /sbin/ldconfig: FAILED
    /sbin/sln: FAILED

    suddenly I've got a lot of these messages:

    Suspicious process running under user haldaemon:
    /usr/libexec/hald-addon-keyboard.#prelink#.cMTWEy (deleted)

    /usr/libexec/hald-addon-acpi\00\00\00\00\00\88\b9\8f\f6\88\b9\8f\f6\00\00\00\00
    (deleted)

    /usr/sbin/hald\00]\00\08`r\9c\08\00\00\00\00\8aY\f7\b7A (deleted)

    I'm a bit worried...
     
    #1 bigste, Oct 15, 2010
    Last edited: Oct 15, 2010
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,338
    Likes Received:
    402
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. bigste

    bigste Member

    Joined:
    Jan 6, 2009
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    51
    Location:
    Cheshire, UK
    Phew.....

    The heat is off....

    I found an email in my Junk Items pertaining to an overnight OS update.

    I'm happy with that.



    CASE CLOSED :)
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,338
    Likes Received:
    402
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Be sure to restart your firewall. ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice