cPanel and up2date problems, please help!

[platypus]

I hope someone can help me... Every day, when I log into my server and run "top", I see that there are 3 instances of up2date running, which are effectively using up all CPU time. I have been able to manually kill each of them without any apparent problems, but figuring out why this happens is the challenge.

Perhaps someone can explain to me the relationship between cPanel and up2date? I know there is a cron job set up that runs /scripts/upcp, which in turn runs up2date. I'm running Redhat Enterprise 3, and I was concerned about the recent mod_ssl exploit that was reported. When I run up2date by itself, I see that certain packages (such as kernel, httpd, php, etc) are excluded from being updated. The mod_ssl fix says it requires some of these excluded packages. If I clear the exclusion list in up2date and run again, it fails. If I let /scripts/upcp run, it *re-inserts* those packages into the exclude list.

How am I supposed to install the mod_ssl fix? Please help...
Also, is there a known problem with up2date stalling and eating CPU time? How do I troubleshoot and fix this? Thank you.

[chirpy]

There are seberal issues here:

1. You should not install the mod_ssl update provided by up2date. It's for the wrong version of apache. cPanel uses the correct one when you run "Update Apache". You should add mod_ssl to your up2date skiplist

2. You could try running up2date manually with up2date -l which should list available packages. If that hangs, then you most likely have a problem with your rpm database. If so, then I would recommend running the option under WHM > Rebuild RPM Database. When that is finished (it will take some time to run) try running up2date -l again. If that still hangs, try rebooting the server and then try up2date -l a final time.

3. If up2date doesn't hang, but instead throws up an error, then you will have to contact your NOC as they will have to fix it.

Lastly, if you don't know what up2date is, you should look it up man up2date

[platypus]

I'm sorry I dont have time for a complete reply. Thanks for the info... so are you saying that /scripts/upcp should automatically take care of upgrading mod_ssl by itself, since it is not recommended that I try to upgrade it using up2date directly? If so, how can I verify that the updates have indeed been applied?

Thanks, and I'll respond more later.

[webafrica]

RPM Rebuild hangs for me, left it on overnight.

Then up2date still hangs for me.

[chirpy]

Try the following:

1. Issue the following to get the PID's of any processes access the rpm database:
lsof | grep /var/lib/rpm

2. The PID's are in the second column, you need to kill each of the separate ones off:
kill -9 PID

3. Now you need to clean up any lock files:
rm -f /var/lib/rpm/__*

4. Try again. If you get rpm database errors, you may need to:
rpm --rebuilddb

That could take a while. If it seems to be hanging (after 20 minutes or so), then...

5. Reboot the server as a last resort.

[webafrica]

Try the following:

1. Issue the following to get the PID's of any processes access the rpm database:
lsof | grep /var/lib/rpm

Oh my g!! I have HUNDREDS of processes... wtf.

rpmq 26911 root mem REG 3,3 16384 18531 /var/lib/rpm/__db.001
rpmq 26911 root mem REG 3,3 1318912 18572 /var/lib/rpm/__db.002
rpmq 26911 root mem REG 3,3 458752 18727 /var/lib/rpm/__db.003
rpmq 26911 root 3r REG 3,3 16658432 18514 /var/lib/rpm/Packages
rpmq 27186 root mem REG 3,3 16384 18531 /var/lib/rpm/__db.001
rpmq 27186 root mem REG 3,3 1318912 18572 /var/lib/rpm/__db.002
rpmq 27186 root mem REG 3,3 458752 18727 /var/lib/rpm/__db.003
rpmq 27186 root 3r REG 3,3 16658432 18514 /var/lib/rpm/Packages
rpmq 27269 root mem REG 3,3 16384 18531 /var/lib/rpm/__db.001
rpmq 27269 root mem REG 3,3 1318912 18572 /var/lib/rpm/__db.002
rpmq 27269 root mem REG 3,3 458752 18727 /var/lib/rpm/__db.003
rpmq 27269 root 3r REG 3,3 16658432 18514 /var/lib/rpm/Packages
rpmq 27315 root mem REG 3,3 16384 18531 /var/lib/rpm/__db.001
rpmq 27315 root mem REG 3,3 1318912 18572 /var/lib/rpm/__db.002
rpmq 27315 root mem REG 3,3 458752 18727 /var/lib/rpm/__db.003
rpmq 27315 root 3r REG 3,3 16658432 18514 /var/lib/rpm/Packages
rpmq 27622 root mem REG 3,3 16384 18531 /var/lib/rpm/__db.001
rpmq 27622 root mem REG 3,3 1318912 18572 /var/lib/rpm/__db.002
rpmq 27622 root mem REG 3,3 458752 18727 /var/lib/rpm/__db.003
rpmq 27622 root 3r REG 3,3 16658432 18514 /var/lib/rpm/Packages
rpm 27823 root mem REG 3,3 16384 18531 /var/lib/rpm/__db.001
rpm 27823 root mem REG 3,3 1318912 18572 /var/lib/rpm/__db.002
rpm 27823 root mem REG 3,3 458752 18727 /var/lib/rpm/__db.003
rpm 27823 root 3r REG 3,3 16658432 18514 /var/lib/rpm/Packages
rpmq 27947 root mem REG 3,3 16384 18531 /var/lib/rpm/__db.001
rpmq 27947 root mem REG 3,3 1318912 18572 /var/lib/rpm/__db.002
rpmq 27947 root mem REG 3,3 458752 18727 /var/lib/rpm/__db.003
rpmq 27947 root 3r REG 3,3 16658432 18514 /var/lib/rpm/Packages
rpmq 28016 root mem REG 3,3 16384 18531 /var/lib/rpm/__db.001
rpmq 28016 root mem REG 3,3 1318912 18572 /var/lib/rpm/__db.002
rpmq 28016 root mem REG 3,3 458752 18727 /var/lib/rpm/__db.003
rpmq 28016 root 3r REG 3,3 16658432 18514 /var/lib/rpm/Packages
rpmq 28185 root mem REG 3,3 16384 18531 /var/lib/rpm/__db.001
rpmq 28185 root mem REG 3,3 1318912 18572 /var/lib/rpm/__db.002
rpmq 28185 root mem REG 3,3 458752 18727 /var/lib/rpm/__db.003
rpmq 28185 root 3r REG 3,3 16658432 18514 /var/lib/rpm/Packages
rpmq 28297 root mem REG 3,3 16384 18531 /var/lib/rpm/__db.001
rpmq 28297 root mem REG 3,3 1318912 18572 /var/lib/rpm/__db.002
rpmq 28297 root mem REG 3,3 458752 18727 /var/lib/rpm/__db.003
rpmq 28297 root 3r REG 3,3 16658432 18514 /var/lib/rpm/Packages
rpmq 28346 root mem REG 3,3 16384 18531 /var/lib/rpm/__db.001
rpmq 30487 root mem REG 3,3 458752 18727 /var/lib/rpm/__db.003
rpmq 30487 root 3r REG 3,3 16658432 18514 /var/lib/rpm/Packages
rpmq 30639 root mem REG 3,3 16384 18531 /var/lib/rpm/__db.001
rpmq 30639 root mem REG 3,3 1318912 18572 /var/lib/rpm/__db.002
rpmq 30639 root mem REG 3,3 458752 18727 /var/lib/rpm/__db.003
rpmq 30639 root 3r REG 3,3 16658432 18514 /var/lib/rpm/Packages
rpmq 30679 root mem REG 3,3 16384 18531 /var/lib/rpm/__db.001
rpmq 30679 root mem REG 3,3 1318912 18572 /var/lib/rpm/__db.002
rhn_check 31089 root mem REG 3,3 458752 18727 /var/lib/rpm/__db.003
rhn_check 31089 root 0r REG 3,3 16658432 18514 /var/lib/rpm/Packages
rhn_check 31089 root 3r REG 3,3 172032 18519 /var/lib/rpm/Providename
rhn_check 31089 root 4r REG 3,3 24576 18516 /var/lib/rpm/Name
rhn_check 31089 root 6u REG 3,3 16658432 18514 /var/lib/rpm/Packages
rhn_check 31089 root 7u REG 3,3 24576 18516 /var/lib/rpm/Name
rhn_check 31089 root 8r REG 3,3 12288 18529 /var/lib/rpm/Pubkeys
rhn_check 31089 root 9u REG 3,3 2760704 18515 /var/lib/rpm/Basenames
rpmq 31148 root mem REG 3,3 16384 18531 /var/lib/rpm/__db.001
rpmq 31148 root mem REG 3,3 1318912 18572 /var/lib/rpm/__db.002
rpmq 31148 root mem REG 3,3 458752 18727 /var/lib/rpm/__db.003
rpmq 31148 root 3r REG 3,3 16658432 18514 /var/lib/rpm/Packages
rpmq 31182 root mem REG 3,3 16384 18531 /var/lib/rpm/__db.001
rpmq 31182 root mem REG 3,3 1318912 18572 /var/lib/rpm/__db.002
rpmq 31182 root mem REG 3,3 458752 18727 /var/lib/rpm/__db.003
rpmq 31182 root 3r REG 3,3 16658432 18514 /var/lib/rpm/Packages
rpmq 31303 root mem REG 3,3 16384 18531 /var/lib/rpm/__db.001
rpmq 31303 root mem REG 3,3 1318912 18572 /var/lib/rpm/__db.002
rpmq 31303 root mem REG 3,3 458752 18727 /var/lib/rpm/__db.003
rpmq 31303 root 3r REG 3,3 16658432 18514 /var/lib/rpm/Packages
rpmq 31365 root mem REG 3,3 16384 18531 /var/lib/rpm/__db.001
rpmq 31365 root mem REG 3,3 1318912 18572 /var/lib/rpm/__db.002
rpmq 31365 root mem REG 3,3 458752 18727 /var/lib/rpm/__db.003
rpmq 31365 root 3r REG 3,3 16658432 18514 /var/lib/rpm/Packages
rpmq 31806 root mem REG 3,3 16384 18531 /var/lib/rpm/__db.001
rpmq 31806 root mem REG 3,3 1318912 18572 /var/lib/rpm/__db.002
rpmq 31806 root mem REG 3,3 458752 18727 /var/lib/rpm/__db.003
rpmq 31806 root 3r REG 3,3 16658432 18514 /var/lib/rpm/Packages
rpmq 31868 root mem REG 3,3 16384 18531 /var/lib/rpm/__db.001
rpmq 31868 root mem REG 3,3 1318912 18572 /var/lib/rpm/__db.002
rpmq 31868 root mem REG 3,3 458752 18727 /var/lib/rpm/__db.003
rpmq 31868 root 3r REG 3,3 16658432 18514 /var/lib/rpm/Packages
rpmq 32068 root mem REG 3,3 16384 18531 /var/lib/rpm/__db.001
rpmq 32068 root mem REG 3,3 1318912 18572 /var/lib/rpm/__db.002
rpmq 32068 root mem REG 3,3 458752 18727 /var/lib/rpm/__db.003
rpmq 32068 root 3r REG 3,3 16658432 18514 /var/lib/rpm/Packages
rpmq 32158 root mem REG 3,3 16384 18531 /var/lib/rpm/__db.001
rpmq 32158 root mem REG 3,3 1318912 18572 /var/lib/rpm/__db.002
rpmq 32158 root mem REG 3,3 458752 18727 /var/lib/rpm/__db.003
rpmq 32158 root 3r REG 3,3 16658432 18514 /var/lib/rpm/Packages
rpmq 32290 root mem REG 3,3 16384 18531 /var/lib/rpm/__db.001
rpmq 32290 root mem REG 3,3 1318912 18572 /var/lib/rpm/__db.002
rpmq 32290 root mem REG 3,3 458752 18727 /var/lib/rpm/__db.003
rpmq 32290 root 3r REG 3,3 16658432 18514 /var/lib/rpm/Packages
rpmq 32600 root mem REG 3,3 16384 18531 /var/lib/rpm/__db.001
rpmq 32600 root mem REG 3,3 1318912 18572 /var/lib/rpm/__db.002
rpmq 32600 root mem REG 3,3 458752 18727 /var/lib/rpm/__db.003
rpmq 32600 root 3r REG 3,3 16658432 18514 /var/lib/rpm/Packages
rpmq 32676 root mem REG 3,3 16384 18531 /var/lib/rpm/__db.001
rpmq 32676 root mem REG 3,3 1318912 18572 /var/lib/rpm/__db.002
rpmq 32676 root mem REG 3,3 458752 18727 /var/lib/rpm/__db.003
rpmq 32676 root 3r REG 3,3 16658432 18514 /var/lib/rpm/Packages

Thats just a few.. can I use "killall rpmq"? What could have cause this?

[chirpy]

Ouch

I would do the following:

ps axf | grep -v grep | grep rpm

Make sure none of those look essential, then

killall rpm

You could also resolve it with a simple reboot, then go to step 3.

I would suspect you've had the problem for a few days. Since /scripts/upcp interrogates the rpm database it's probably got in a bit of a state. Considering that, and I don't normally recommend it, but a reboot may be a good idea to clear things up if you're not sure what should and what should not be running on your server.

[webafrica]

Wow - such a speedy reply and on a sunday. You guys rock! Yes to be honest we are complete linux noobians. (We are a windows host) Going to reboot and pray. Thanks

[webafrica]

root@linux01 [~]# up2date -l

Error Message:
Please run rhn_register (or up2date --register on Red Hat Linux 8.0)
as root on this client
Error Class Code: 9
Error Class Info: Invalid System Credentials.
Explanation:

Hmm nasty looks like something not right.. So I did a chkrootkit. and..

Then I saw this

Checking `bindshell'... INFECTED (PORTS: 465)

Is that bad?

[sawbuck]

465 is a known false positive. Might also try rkhunter.
http://www.rootkit.nl/