cPanel

Checking `passwd’… INFECTED

Checking `passwd'... INFECTED
chkrootkit

Some of you have already noticed the below error while running a chkrootkit scan on cPanel servers.

Checking `passwd'... INFECTED
Checking `bindshell'... INFECTED (PORTS: 465)

This may be false positive and common in cPanel server, however, you may need to check your system for exploit. Check the md5sum of the /bin/passwd file (it should be a symbolic link to /usr/local/cpanel/bin/jail_safe_passwd) to see if it matches up with what’s provided by cPanel.

Get “passwd” file from official cPanel link. Please note that it is for cPanel version 11.50.0.30.

 
wget http://httpupdate.cpanel.net/cpanelsync/11.50.0.30/binaries/linux-c6-x86_64/bin/jail_safe_passwd.bz2
bunzip2 jail_safe_passwd.bz2

The other cPanel version’s “passwd” file can be downloaded from¬†Here

Check the md5sum:

 
md5sum jail_safe_passwd 
bddb53aea267eeb2550af8bde5b55a87 jail_safe_passwd
md5sum /bin/passwd
bddb53aea267eeb2550af8bde5b55a87 /bin/passwd

If there is any mismatch please check the file “/bin/passwd”.

That’s it!

If you like the post and wish to receive more articles from us, please like our FB page: Grepitout

Your suggestions and feedbacks will encourage us and help to improve further, please feel free to write your comments.

For more details on our services, please drop us an E-mail at info@grepitout.com