The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

/usr/local/cpanel/bin/jail_safe_passwd

Discussion in 'Security' started by prazgod, Nov 5, 2013.

  1. prazgod

    prazgod Member

    Joined:
    Oct 19, 2004
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Is this a legitimate new file /usr/local/cpanel/bin/jail_safe_passwd on November 6th WHM 11.40.0 (build 16)

    as its flagged by OSSEC (Security software) as bad:

    OSSEC HIDS Notification.
    2013 Nov 06 01:16:14

    Received From: web2->rootcheck
    Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)."
    Portion of the log(s):

    Trojaned version of file '/bin/passwd' detected. Signature used: 'bash|file\.h|proc\.h|/dev/ttyo|/dev/[A-Z]|/dev/[b-s,uvxz]' (Generic).

    - - - Updated - - -

    md5 b3fc5614e306b702305c04fe0a523fb5 /usr/local/cpanel/bin/jail_safe_passwd
    sha1 83607040e4db499abe3564eaa28f3b2a258bb145 /usr/local/cpanel/bin/jail_safe_passwd

    - - - Updated - - -

    /bin/passwd is a symlink of /usr/local/cpanel/bin/jail_safe_passwd
     
  2. MikeDVB

    MikeDVB Well-Known Member
    PartnerNOC

    Joined:
    Jun 4, 2008
    Messages:
    212
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    Indiana, USA
    I ran a fresh 11.40 install and I see the same file.
    b3fc5614e306b702305c04fe0a523fb5 /usr/local/cpanel/bin/jail_safe_passwd

    Probably a false positive.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Yes, this is a valid file and the MD5 hash you provided is legitimate. This was implemented as a more secure method of password modification.

    Thank you.
     
Loading...

Share This Page