The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WHM Service Manager: chkservd.conf.tmp - new file or hack?

Discussion in 'Security' started by nerod, Mar 7, 2011.

  1. nerod

    nerod Member

    Joined:
    Feb 4, 2011
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    This file is located in /etc/chkserv.d/chkservd.conf.tmp
    and contains:

    chkserv.d has:

    Is this anything I should be concerned about, or is this a new file? What alarms me, is the fact ftp is set to 1.. I don't use FTP, it's turned off.

    In WHM's service manager, this conf is under "Additional services" above lfd and is set to "enabled" but monitor is un-ticked.


    (ftpd is unchecked for both "enable" and "monitor" under WHM's service monitor)
     
  2. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    What are the timestamp and ownerships on chkservd.conf.tmp?

    Code:
    # ls -alh /etc/chkserv.d/chkservd.conf.tmp
    I have not seen this file created automatically, so I wonder if it was a backup of the file made at some point by a user. For example, I will often back up the files in /etc/chkservd before making changes, so it is possible that the file was made as a backup by a system user at some point.
     
  3. nerod

    nerod Member

    Joined:
    Feb 4, 2011
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    root@server [~]# ls -alh /etc/chkserv.d/chkservd.conf.tmp
    -rw-r--r-- 1 root root 114 May 19 2007 /etc/chkserv.d/chkservd.conf.tmp


    Which was years before I got this server. I got it in 2010. There are a few logs on the server dating back years ago, and the host's reasoning for this was because of re-imaging or something along the lines of that. I can't find the post on their forums, but they verbally assured me I wasn't using someone else's data.

    I don't recall ever noticing chkservd.conf.tmp in WHM before, but I've been extra-paranoid lately.
    Should I be worried?
     
  4. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    The file was last updated almost four years ago, and only contains similar information to chkservd.conf, so it is safe to remove or move the file and move on. It is likely a remnant from an old edit of chkservd.conf, and very unlikely to be a problem in the future.
     
Loading...

Share This Page