« previous next »
Pages: [1]

Author Topic: [SECURITY ALERT] Unauthorized port / [SECURITY ALERT] Unknown/Untrusted file..  (Read 219 times)

0 Members and 1 Guest are viewing this topic.

Offline
venty
***
[SECURITY ALERT] Unauthorized port / [SECURITY ALERT] Unknown/Untrusted file..
« on: February 21, 2026, 11:08:35 AM »
Hi,

Please help, today, after I entered the CWP panel, I have two new messages:

[SECURITY ALERT] Unknown/Untrusted file: /usr/lib64/gconv/gconv-modules.cache

and

[SECURITY ALERT] Unauthorized port, for more info run: sh /scripts/cwp_security_audit

The installation is AL 9.7, and there were a lot of updates yesterday.

Please help...

Thanks in advance, and have a nice day!

BR
Venty
Logged
Offline
overseer
*****
Re: [SECURITY ALERT] Unauthorized port / [SECURITY ALERT] Unknown/Untrusted file..
« Reply #1 on: February 21, 2026, 02:14:59 PM »
I have the /usr/lib64/gconv/gconv-modules.cache file on my AlmaLinux 8 servers (28K in size). Seem like a normal harmless cache file. Maybe the recent update attempts to tighten up security, but is generating false positives.

Indeed, look at the new cron job that runs cwp_security_audit:
Code: [Select]
[root@srv1]# ls -al /etc/cron.daily/cwp_security_audit.sh
-rwxr-xr-x 1 root root 31 Feb 17 18:40 /etc/cron.daily/cwp_security_audit.sh
« Last Edit: February 21, 2026, 02:41:24 PM by overseer »
Logged
Offline
venty
***
Re: [SECURITY ALERT] Unauthorized port / [SECURITY ALERT] Unknown/Untrusted file..
« Reply #2 on: February 24, 2026, 10:33:58 AM »
Hi,

thank you very much for the reply..., as far as I can tell, they are fake...

The question is that I deleted them, and today they appeared again, the same two messages. Should I do something?

BR
Venty
Logged
Offline
overseer
*****
Re: [SECURITY ALERT] Unauthorized port / [SECURITY ALERT] Unknown/Untrusted file..
« Reply #3 on: February 24, 2026, 02:00:34 PM »
No, it's a scary false positive. Ignore it and it will go away with the next CWP update when they update the script. Or edit the script (/scripts/cwp_security_audit) directly to remove the stanza that checks for ghost files.

Since I run CWP on an alternate port, that script also generates a warning about unauthorized ports -- but of course it's authorized and listed in
/usr/local/cwpsrv/conf/cwpsrv.conf and /etc/csf/csf.conf. So I had to add my alternate port to the list of allowed ports in that script.
Logged
Offline
venty
***
Re: [SECURITY ALERT] Unauthorized port / [SECURITY ALERT] Unknown/Untrusted file..
« Reply #4 on: Today at 12:52:24 PM »
Hi,

The installation is AL 9.7, and CWP...

Please, I had until now two messages:

[SECURITY ALERT] Unknown/Untrusted file: /usr/lib64/gconv/gconv-modules.cache

and

[SECURITY ALERT] Unauthorized port, for more info run: sh /scripts/cwp_security_audit

Today, after I entered the CWP panel, I have old and one new message:

[!!! CRITICAL ALERT !!!] Ghost files (deleted but running) found, for more info run: sh /scripts/cwp_security_audit

Thanks in advance, and have a nice day!

BR
Venty
Logged
Pages: [1]
« previous next »