Page 1 of 1

New Install - Recurring Alerts

Posted: 25 Apr 2024, 14:42
by JFMarcomms
Hi,

I hope you can help.

We are running new cPanel install on AlmaLinux via Lightsail Instance.

Configuration:
Access to WHM and cPanel is limited to single static IP
SSH port remains as 22
SSH root login disabled
The following services are enabled and working:
MySQL is bound to 127.0.0.1
2-factor authentication for WHM
Security Advisor: all in ‘green’
ImunifyAV: No malware found in scans
ConfigServer: Enabled
cPHulk: Enabled, internal static IP whitelisted

We immediately began getting the following alerts every hour:

Executable: /usr/bin/rpcbind -w -f
File: /tmp/system_update.sh
Reason: Script, file extension
File: /tmp/imgbuild-common.sh
Reason: Script, file extension
File: /tmp/cpinstall.sh
Reason: Script, file extension
File: /tmp/set_up_install_on_boot.sh
Reason: Script, file extension
File: /tmp/clean.sh
Reason: Script, file extension
File: /tmp/watch-install-progress
Reason: Script, starts with #!
File: /tmp/zzz-fix-transient-hostname.sh
Reason: Script, file extension

I’m new to server admin, and neither our platform vendor nor cPanel can assist, can anyone shed any light on whether the above is something to be concerned about.

Thank you for your help.


Kind regards,
James

Re: New Install - Recurring Alerts

Posted: 17 Oct 2024, 15:34
by gmariani405
I'm getting the same thing on a fairly new cPanel install.

File: /tmp/watch-install-progress
Reason: Script, starts with #!
Action: No action taken

I didn't know if maybe this is another script that needs to be excluded by default in CSF. Anyone know anything else about it?