rkhunter warnings after upgrade to 11.50.0.12
I may be worrying about nothing, but I'm a bit paranoid about the security of my server. After updating to 10.50.0.12 last nigh, I am seeing this in my rkhunter log file this morning:
[rkhunter] Warnings found for ${HOST_NAME}"'
[07:07:12] /bin/passwd [ Warning ]
[07:07:12] Warning: The file properties have changed:
[07:08:39] /usr/local/cpanel/bin/jail_safe_passwd [ Warning ]
[07:08:39] Warning: The file properties have changed:
[07:13:04] Checking for passwd file changes [ Warning ]
[07:13:04] Warning: User 'cpanelconnecttrack' has been added to the passwd file.
[07:13:05] Checking for group file changes [ Warning ]
[07:13:05] Warning: Group 'cpanelconnecttrack' has been added to the group file.
The cpannelconnecttrack user is aparently a new addition. I assume it's added by the update, but I would like to make sure.
I also checked permissions on /usr/local/cpanel/bin/jail_safe_passwd and found this:
-rwxr-xr-x 1 root root 16M Jun 21 23:23 jail_safe_passwd*
Does that file really need to be world executable?
I see that a lot of files in /usr/local/cpanel/bin/ are indeed world executable. What's the reason for this?
Any input greatly appreciated.
I meant version 11.50.0.12
Tried to updated that in my original post, but got a warning that I was trying to post spam...
-
Hello :) 1. Yes, the "cpanelconnecttrack" user is added to /etc/passwd and /etc/group by design. This is part of the new Passive OS Fingerprinting feature. 2. 0755 permissions are standard for the files within the /usr/local/cpanel/bin directory or Perl/CGI files in general. It's required based on how the files interact with the system. Ownership is set to "root". Thank you. 0 -
Thanks a lot for your reply. All my questions answered :) 0
Please sign in to leave a comment.
Comments
2 comments