/usr/local/cpanel/bin/jail_safe_passwd

prazgod

• November 05, 2013 19:29

Is this a legitimate new file /usr/local/cpanel/bin/jail_safe_passwd on November 6th WHM 11.40.0 (build 16) as its flagged by OSSEC (Security software) as bad: OSSEC HIDS Notification. 2013 Nov 06 01:16:14 Received From: web2->rootcheck Rule: 510 fired (level 7) -> "Host-based anomaly detection event (rootcheck)." Portion of the log(s): Trojaned version of file '/bin/passwd' detected. Signature used: 'bash|file\.h|proc\.h|/dev/ttyo|/dev/[A-Z]|/dev/[b-s,uvxz]' (Generic). [COLOR="silver">- - - Updated - - - md5 b3fc5614e306b702305c04fe0a523fb5 /usr/local/cpanel/bin/jail_safe_passwd sha1 83607040e4db499abe3564eaa28f3b2a258bb145 /usr/local/cpanel/bin/jail_safe_passwd [COLOR="silver">- - - Updated - - - /bin/passwd is a symlink of /usr/local/cpanel/bin/jail_safe_passwd

• 

  MikeDVB

  • November 06, 2013 03:08

  I ran a fresh 11.40 install and I see the same file. b3fc5614e306b702305c04fe0a523fb5 /usr/local/cpanel/bin/jail_safe_passwd Probably a false positive.

  0
• 

  cPanelMichael

  • November 06, 2013 12:35

  Hello :) Yes, this is a valid file and the MD5 hash you provided is legitimate. This was implemented as a more secure method of password modification. Thank you.

  0

Please sign in to leave a comment.