/usr/local/cpanel/bin/jail_safe_passwd

prazgod · Nov 5, 2013

Is this a legitimate new file /usr/local/cpanel/bin/jail_safe_passwd on November 6th WHM 11.40.0 (build 16)

as its flagged by OSSEC (Security software) as bad:

OSSEC HIDS Notification.
2013 Nov 06 01:16:14

Received From: web2->rootcheck
Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)."
Portion of the log(s):

Trojaned version of file '/bin/passwd' detected. Signature used: 'bash|file\.h|proc\.h|/dev/ttyo|/dev/[A-Z]|/dev/[b-s,uvxz]' (Generic).

- - - Updated - - -

md5 b3fc5614e306b702305c04fe0a523fb5 /usr/local/cpanel/bin/jail_safe_passwd
sha1 83607040e4db499abe3564eaa28f3b2a258bb145 /usr/local/cpanel/bin/jail_safe_passwd

- - - Updated - - -

/bin/passwd is a symlink of /usr/local/cpanel/bin/jail_safe_passwd

MikeDVB · Nov 5, 2013

I ran a fresh 11.40 install and I see the same file.
b3fc5614e306b702305c04fe0a523fb5 /usr/local/cpanel/bin/jail_safe_passwd

Probably a false positive.

cPanelMichael · Nov 6, 2013

Hello

Yes, this is a valid file and the MD5 hash you provided is legitimate. This was implemented as a more secure method of password modification.

Thank you.

Thread starter	Similar threads	Forum	Replies	Date
	/usr/local/cpanel/bin/rebuild_sprites can be run as capnel user?	Security	1	Apr 24, 2023
R	In Progress CPANEL-39889 - Cron <[email protected]> /usr/local/cpanel/3rdparty/bin/freshclam --quiet --no-warnings	Security	24	Feb 1, 2022
D	Server Intrusion: The login shell has changed from '/usr/local/cpanel/bin/jailshell' to '/bin/bash'	Security	13	Mar 9, 2021
	SOLVED [CPANEL-21113] Virus Scan hammers /usr/local/cpanel/logs/error_log	Security	9	Jul 23, 2018
K	/usr/local/cpanel/bin/jail_safe_passwd Segmentation fault	Security	1	Jul 23, 2018

Search

Search

/usr/local/cpanel/bin/jail_safe_passwd

prazgod

Member

MikeDVB

Well-Known Member

cPanelMichael

Administrator