Some of you have already noticed the below error while running a chkrootkit scan on cPanel servers.
Checking `passwd'... INFECTED Checking `bindshell'... INFECTED (PORTS: 465)
This may be false positive and common in cPanel server, however, you may need to check your system for exploit. Check the md5sum of the /bin/passwd file (it should be a symbolic link to /usr/local/cpanel/bin/jail_safe_passwd) to see if it matches up with what’s provided by cPanel.
Get “passwd” file from official cPanel link. Please note that it is for cPanel version 126.96.36.199.
wget http://httpupdate.cpanel.net/cpanelsync/188.8.131.52/binaries/linux-c6-x86_64/bin/jail_safe_passwd.bz2 bunzip2 jail_safe_passwd.bz2
The other cPanel version’s “passwd” file can be downloaded from Here
Check the md5sum:
md5sum jail_safe_passwd bddb53aea267eeb2550af8bde5b55a87 jail_safe_passwd
md5sum /bin/passwd bddb53aea267eeb2550af8bde5b55a87 /bin/passwd
If there is any mismatch please check the file “/bin/passwd”.
If you like the post and wish to receive more articles from us, please like our FB page: Grepitout
Your suggestions and feedbacks will encourage us and help to improve further, please feel free to write your comments.
For more details on our services, please drop us an E-mail at firstname.lastname@example.org