I noticed the following result for chkrootkit:
------------------------------
# ./chkrootkit | grep -v not
ROOTDIR is `/'
Checking `passwd'... INFECTED
Checking `aliens'... no suspect files
Checking `bindshell'... INFECTED (PORTS: 465)
------------------------------
cPanel forum update:
It's very likely a false positive, however you may want to review your system for any additional signs of an exploit. Check the md5sum of the /bin/passwd file (it should be a symbolic link to /usr/local/cpanel/bin/jail_
Steps followed:
===========================
------------------------------
# ./chkrootkit | grep -v not
ROOTDIR is `/'
Checking `passwd'... INFECTED
Checking `aliens'... no suspect files
Checking `bindshell'... INFECTED (PORTS: 465)
------------------------------
cPanel forum update:
It's very likely a false positive, however you may want to review your system for any additional signs of an exploit. Check the md5sum of the /bin/passwd file (it should be a symbolic link to /usr/local/cpanel/bin/jail_
Steps followed:
===========================
Get "passwd" file from official cPanel link:
# wget http://httpupdate.cpanel.net/cpanelsync/11.50.0.30/binaries/linux-c6-x86_64/bin/jail_safe_passwd.bz2
# bunzip2 jail_safe_passwd.bz2
Check the md5sum:
+++++++
]# md5sum jail_safe_passwd
bddb53aea267eeb2550af8bde5b55a
+++++++
# md5sum /bin/passwd
bddb53aea267eeb2550af8bde5b55a
[/usr/local/chkrootkit]#
+++++++
If there is any mismatch please check the file "/bin/passwd".
No comments:
Post a Comment