Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What is /tmp/passwd-reset.sh ?

Discussion in 'Security' started by Henry Aspden, Dec 15, 2017.

  1. Henry Aspden

    Henry Aspden Member

    Joined:
    Nov 2, 2015
    Messages:
    5
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Leeds, UK
    cPanel Access Level:
    Root Administrator
    I am having many error messages from CSF (ConfigServer Firewall) which read the following


    Code:
    Time:   Fri Dec 15 20:03:02 2017 +0000
    File:   /tmp/passwd-reset.sh
    Reason: Script, file extension
    Owner:  centos:centos (1000:1000)
    Action: No action taken
    and

    Code:
    Time:   Fri Dec 15 20:03:02 2017 +0000
    File:   /tmp/install.sh
    Reason: Script, file extension
    Owner:  centos:centos (1000:1000)
    Action: No action taken

    Now to me .sh files in the /tmp/ folder seems unusual and suspicious, however are these leftover from the original cPanel or Centos install on the server perhaps? Seen as they are owned by Centos.

    Thanks
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,062
    Likes Received:
    346
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Not that I'm aware of. You might want to move it out of temp and take a closer look at it. Note the date and timestamp on it as well in case you need it later.
     
  3. Henry Aspden

    Henry Aspden Member

    Joined:
    Nov 2, 2015
    Messages:
    5
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Leeds, UK
    cPanel Access Level:
    Root Administrator
    Looking into it... install.sh looks legit. Looks like the original cPanel install file...


    Code:
    #! /bin/sh
    
    METADATA_HOST="IP"
    METADATA_HOSTNAME_URI="http://$METADATA_HOST/latest/meta-data/local-hostname"
    METADATA_HOSTNAME_FILE="/tmp/hostname"
    
    CPANEL_VERSION="current"
    CPANEL_INSTALLER_URI="https://securedownloads.cpanel.net/latest"
    CPANEL_INSTALLER_FILE="/root/latest"
    
    CPANEL_UPDATE_FILE="/scripts/upcp"
    
    die() {
        echo $@ 1>&2
        exit 1
    }
    
    if [ -n "$1" ]; then
        CPANEL_VERSION="$1"
    
        echo "CPANEL=$CPANEL_VERSION" | sudo tee /etc/cpupdate.conf >/dev/null
    fi
    
    if ! sudo curl -o "$CPANEL_INSTALLER_FILE" "$CPANEL_INSTALLER_URI"; then
        die "Failed to download $CPANEL_INSTALLER_URI to $CPANEL_INSTALLER_FILE"
    fi
    
    for package in xz-compat-libs; do
        if ! sudo yum install -y "$package"; then
            die "Unable to install requisite package $package"
        fi
    done
    
    if ! curl -s -o "$METADATA_HOSTNAME_FILE" "$METADATA_HOSTNAME_URI"; then
        die "Failed to fetch hostname from $METADATA_HOSTNAME_URI"
    fi
    
    if ! sudo /bin/hostname -F "$METADATA_HOSTNAME_FILE"; then
        die "Failed to set hostname to `cat $METADATA_HOSTNAME_FILE`"
    
        rm "$METADATA_HOSTNAME_FILE"
    else
        rm "$METADATA_HOSTNAME_FILE"
    fi
    
    if ! sudo sh "$CPANEL_INSTALLER_FILE"; then
        die "Failed to install cPanel."
    fi
    
    if ! sudo sh "$CPANEL_UPDATE_FILE" --force; then
        die "Failed to update cPanel to latest."
    fi
    
    #
    # Ensure cPanel updates are not locked to the version explicitly specified for
    # this build.
    #
    if [ -n "$1" ]; then
        CPANEL_VERSION="`echo $1 | cut -d . -f 1,2`"
    
        echo "CPANEL=$CPANEL_VERSION" | sudo tee /etc/cpupdate.conf >/dev/null
    fi
    
    as for the passwd-reset.sh I am not sure... can anybody shed some light on this please?

    Code:
    #! /bin/sh
    
    for username in root vagrant centos fedora ec2-user; do
        if grep "^$username:" /etc/passwd; then
            passwd -l $username || true
        fi
    done
    
    Thanks
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,693
    Likes Received:
    1,703
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Those files are not provided by cPanel, but you may want to check with your data center or hosting provider to see if those files were included as part of the image or template used to setup your server.

    Thank you.
     
  5. Henry Aspden

    Henry Aspden Member

    Joined:
    Nov 2, 2015
    Messages:
    5
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Leeds, UK
    cPanel Access Level:
    Root Administrator
    Thanks Michael, it's a AWS AMI from...
    AWS Marketplace: cPanel & WHM for Linux

    Just for reference if anybody is wanting to run cPanel via AWS this is a pre-installed installation to get you up and running I came across...
     
    Infopro likes this.
  6. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,010
    Likes Received:
    87
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    Last script just looks to lock the passwords for those unused users (or perhaps used, but should never be logged into directly), likely for security reasons.

    Code:
           -l, --lock
               Lock the password of the named account. This option disables a
               password by changing it to a value which matches no possible
               encrypted value (it adds a ´!´ at the beginning of the password).
    
               Note that this does not disable the account. The user may still be
               able to login using another authentication token (e.g. an SSH key).
               To disable the account, administrators should use usermod
               --expiredate 1 (this set the account's expire date to Jan 2, 1970).
    
               Users with a locked password are not allowed to change their
               password.
    
    
     
    Henry Aspden likes this.
Loading...

Share This Page