The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Altered RPMs Email Today

Discussion in 'General Discussion' started by GoWilkes, Feb 17, 2016.

  1. GoWilkes

    GoWilkes Well-Known Member

    Joined:
    Sep 26, 2006
    Messages:
    367
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I had literally just reinstalled an SSL cert when I got this email:

    Code:
    The system detected problems with the following cPanel-provided files that the RPM controls:
    
    RPM Status Additional Information
    MySQL55-client,5.5.48,1.cp1148-/usr/bin/mysql Broken S.?......
    There are dozens of those lines. I didn't want to paste them if they were unnecessary, but I can upon request.

    In an earlier thread, someone had a similar problem and cPanelMichael asked to post the results from rpm -qa|grep MySQL, so...

    Code:
    # rpm -qa|grep MySQL
    compat-MySQL51-shared-5.1.73-1.cp1150.x86_64
    MySQL55-shared-5.5.48-1.cp1148.x86_64
    cpanel-perl-514-MySQL-Diff-0.43-4.cp1146.x86_64
    MySQL55-client-5.5.48-1.cp1148.x86_64
    MySQL55-devel-5.5.48-1.cp1148.x86_64
    compat-MySQL50-shared-5.0.96-4.cp1136.x86_64
    MySQL55-server-5.5.48-1.cp1148.x86_64
    MySQL55-test-5.5.48-1.cp1148.x86_64
    Should I run /usr/local/cpanel/scripts/check_cpanel_rpms --fix, or just leave it be?
     
  2. Forcerdj

    Forcerdj Well-Known Member

    Joined:
    Nov 30, 2009
    Messages:
    60
    Likes Received:
    1
    Trophy Points:
    8
    Received this email this morning..

    Code:
    MySQL56-client,5.6.29,1.cp1148-/usr/bin/mysql    Broken    S.?......
    MySQL56-client,5.6.29,1.cp1148-/usr/bin/mysql_config_editor    Broken    S.?......
    MySQL56-client,5.6.29,1.cp1148-/usr/bin/mysql_waitpid    Broken    S.?......
    MySQL56-client,5.6.29,1.cp1148-/usr/bin/mysqladmin    Broken    S.?......
    MySQL56-client,5.6.29,1.cp1148-/usr/bin/mysqlbinlog    Broken    S.?......
    MySQL56-client,5.6.29,1.cp1148-/usr/bin/mysqlcheck    Broken    S.?......
    MySQL56-client,5.6.29,1.cp1148-/usr/bin/mysqldump    Broken    S.?......
    MySQL56-client,5.6.29,1.cp1148-/usr/bin/mysqlimport    Broken    S.?......
    MySQL56-client,5.6.29,1.cp1148-/usr/bin/mysqlshow    Broken    S.?......
    MySQL56-client,5.6.29,1.cp1148-/usr/bin/mysqlslap    Broken    S.?......
    MySQL56-server,5.6.29,1.cp1148-/usr/bin/innochecksum    Broken    S.?......
    MySQL56-server,5.6.29,1.cp1148-/usr/bin/my_print_defaults    Broken    S.?......
    MySQL56-server,5.6.29,1.cp1148-/usr/bin/myisam_ftdump    Broken    S.?......
    MySQL56-server,5.6.29,1.cp1148-/usr/bin/myisamchk    Broken    S.?......
    MySQL56-server,5.6.29,1.cp1148-/usr/bin/myisamlog    Broken    S.?......
    MySQL56-server,5.6.29,1.cp1148-/usr/bin/myisampack    Broken    S.?......
    MySQL56-server,5.6.29,1.cp1148-/usr/bin/mysql_plugin    Broken    S.?......
    MySQL56-server,5.6.29,1.cp1148-/usr/bin/mysql_tzinfo_to_sql    Broken    S.?......
    MySQL56-server,5.6.29,1.cp1148-/usr/bin/mysql_upgrade    Broken    S.?......
    MySQL56-server,5.6.29,1.cp1148-/usr/bin/mysqltest    Broken    S.?......
    MySQL56-server,5.6.29,1.cp1148-/usr/bin/perror    Broken    S.?......
    MySQL56-server,5.6.29,1.cp1148-/usr/bin/replace    Broken    S.?......
    MySQL56-server,5.6.29,1.cp1148-/usr/bin/resolve_stack_dump    Broken    S.?......
    MySQL56-server,5.6.29,1.cp1148-/usr/bin/resolveip    Broken    S.?......
    MySQL56-server,5.6.29,1.cp1148-/usr/sbin/mysqld    Broken    S.?......
    MySQL56-server,5.6.29,1.cp1148-/usr/sbin/mysqld-debug    Broken    S.?......
    MySQL56-test,5.6.29,1.cp1148-/usr/bin/mysql_client_test    Broken    S.?......
    MySQL56-test,5.6.29,1.cp1148-/usr/bin/mysql_client_test_embedded    Broken    S.?......
    MySQL56-test,5.6.29,1.cp1148-/usr/bin/mysqltest_embedded    Broken    S.?......
    cpanel-userperl,1.0,1.cp1136-/usr/bin/perlml    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/bin/doveadm    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/bin/doveconf    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/lib64/dovecot/libdovecot-lda.so.0.0.0    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/lib64/dovecot/libdovecot-login.so.0.0.0    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/lib64/dovecot/libdovecot-storage.so.0.0.0    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/lib64/dovecot/libdovecot.so.0.0.0    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/aggregator    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/anvil    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/auth    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/checkpassword-reply    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/config    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/dict    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/director    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/dns-client    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/doveadm-server    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/dovecot-lda    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/gdbhelper    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/imap    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/imap-hibernate    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/imap-login    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/imap-urlauth    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/imap-urlauth-login    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/imap-urlauth-worker    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/indexer    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/indexer-worker    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/ipc    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/lmtp    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/log    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/maildirlock    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/pop3    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/pop3-login    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/quota-status    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/rawlog    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/replicator    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/script    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/script-login    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/ssl-params    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/stats    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/xml2text    Broken    S.?......
    dovecot,2.2.21,1.cp1154-/usr/sbin/dovecot    Broken    S.?......
    exim,4.86,6.cp1154-/usr/sbin/exim_dbmbuild    Broken    S.?......
    exim,4.86,6.cp1154-/usr/sbin/exim_dumpdb    Broken    S.?......
    exim,4.86,6.cp1154-/usr/sbin/exim_fixdb    Broken    S.?......
    exim,4.86,6.cp1154-/usr/sbin/exim_lock    Broken    S.?......
    exim,4.86,6.cp1154-/usr/sbin/exim_tidydb    Broken    S.?......
    exim,4.86,6.cp1154-/usr/sbin/sendmail    Broken    S.?......
    Is this normal? it says I can run

    /usr/local/cpanel/scripts/check_cpanel_rpms --fix

    Should I go ahead with this?

    I am using CloudLinux.
     
  3. turbo2ltr

    turbo2ltr Member

    Joined:
    Jun 3, 2011
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    I received a very similar email this morning as well.
     
  4. ramorse

    ramorse Well-Known Member

    Joined:
    Sep 6, 2003
    Messages:
    201
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Ditto. From all servers. Have never seen it before. Need to know if it's safe to run:
    /usr/local/cpanel/scripts/check_cpanel_rpms --fix
     
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    That command should always be safe to run.
     
  6. darknite323

    darknite323 Registered

    Joined:
    Feb 17, 2016
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    I'm getting the same messages from two of our cPanel servers. Message is exactly the same on both.
    I won't bother reposing the entire list but it's exactly the same as whatForcerdj posted above, except that the MySQL version is MySQL55-server,5.5.48,1.cp1148

    Possibly something missing in the latest cPanel update?
    And can someone confirm that they've run the fix "check_cpanel_rpms --fix " successfully, last thing I want to do is break MySQL and Exim.
     
  7. ivan levente

    ivan levente Member

    Joined:
    Apr 4, 2015
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Romania
    cPanel Access Level:
    Root Administrator
    I did ran that command, waited for a bit but nothing happened apparently. Didn't get any confirmation of what's been done or not, weird:

    root@server [~]# /usr/local/cpanel/scripts/check_cpanel_rpms --fix
    root@server [~]#
     
  8. Matthew Wilcox

    Joined:
    Feb 5, 2016
    Messages:
    12
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    My Desk
    cPanel Access Level:
    Root Administrator
    Five of our servers have sent me these emails this morning "[check_cpanel_rpms] There are altered RPMs on ..."

    Looks like this is a wider problem; what's going on and what should we be doing? After a quick search online I found someone that ran the suggested script and his database no longer worked, so I don't want to touch anything unless it's definitely safe. And I don't understand why this happened in the first place.
     
  9. guhemama

    guhemama Registered

    Joined:
    Feb 18, 2016
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Curitiba, Brazil
    cPanel Access Level:
    Root Administrator
    Same thing here - received the alert from one of our servers; the others, which have the same HW/SW, sent no alerts. Very weird... Subscribing to the thread.
     
  10. jplill

    jplill Registered

    Joined:
    Feb 18, 2016
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Cambridge, MA
    cPanel Access Level:
    Website Owner
    I received this notice from 2 of my servers. Ran the suggested command (check_cpanel_rpms --fix) on one and got a "command not found" error. I checked, the script is definitely in the directory where it should be. Am posting here to see if anyone can provide insight.
     
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Could you let us know the full output of the email notification, so we can see which RPMs were modified?

    This suggests there were no issues with the RPMs.

    Thank you.
     
  12. ladydi711

    ladydi711 Well-Known Member

    Joined:
    Sep 4, 2001
    Messages:
    120
    Likes Received:
    3
    Trophy Points:
    18
    I also received the notice and would like to hear more from Cpanel on what has triggered. I have not yet run the /usr/local/cpanel/scripts/check_cpanel_rpms --fix command.

    Thanks!
     
  13. cPanelPeter

    cPanelPeter Technical Analyst III
    Staff Member

    Joined:
    Sep 23, 2013
    Messages:
    569
    Likes Received:
    15
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Please see if you have PRELINKING enabled. Look in /etc/sysconfig/prelink and see if PRELINKING=yes is there. If so, change it to PRELINKING=no and run: /etc/cron.daily/prelink

    Then remove the prelink rpm with: yum remove prelink

    This is likely happening because of CVE-2015-7547
    PRELINK! Changes the binary size, and the recent glibc update (to address the above CVE) will cause prelink to re-link pretty much everything on the system. We have not recommended using PRELINK in a very long time, and as of 54, it will no longer be allowed on new installs.

    Once prelink is removed, you'll also want to restart dovecot with: /usr/local/cpanel/scripts/restartsrv_dovecot
    Because this can cause dovecot authentication errors as well until you restart.
     
    Dhaupin and Metro2 like this.
  14. Mark Donne

    Mark Donne Registered

    Joined:
    Nov 12, 2015
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Fleet, Hants UK
    cPanel Access Level:
    DataCenter Provider
    Hi Peter

    Thank you for the detailed answer, that certainly worked for us. I am curious about one of your comments though:

    Where should we be seeing this kind of advice as it is obviously very useful! If people have been running a WHM server for a few years and letting the upgrade process run how do they find out about these little recommended tweaks to the base OS?

    Thanks again
    Mark Donne
     
  15. cPanelPeter

    cPanelPeter Technical Analyst III
    Staff Member

    Joined:
    Sep 23, 2013
    Messages:
    569
    Likes Received:
    15
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello Mark,

    Apologies if I was a little unclear. I can see how my response can be confusing. We didn't actually state anywhere that PRELINKING should be disabled but in our Installation Guide we do mention that we recommend a minimal install.

    When using the minimal install, Prelink is automatically disabled (as is SELinux which we don't recommend either). Many users however do a full install and that does enable Prelinking (and SELinux). Remember, having Prelinking enabled doesn't actually prevent cPanel/WHM from running. However it also does not really help with speed either and as you've seen can cause issues when some RPM's are updated.

    Let me know if something still isn't clear.
     
  16. Matthew Wilcox

    Joined:
    Feb 5, 2016
    Messages:
    12
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    My Desk
    cPanel Access Level:
    Root Administrator
    So overnight five of our cPanel servers have sent emails of this nature:

    The system detected problems with the following cPanel-provided files that the RPM controls:

    RPM Status Additional Information
    dovecot,2.2.21,1.cp1154-/usr/lib64/dovecot/libdovecot-login.so.0.0.0 Broken S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/imap-login Broken S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/imap-urlauth-login Broken S.?......
    dovecot,2.2.21,1.cp1154-/usr/libexec/dovecot/pop3-login Broken S.?......​

    What's the score here, what's gone wrong?
     
  17. RobinF28

    RobinF28 Member

    Joined:
    Jun 27, 2015
    Messages:
    12
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Elgin, Scotland
    cPanel Access Level:
    Root Administrator
    Hi there,

    Exact same for me - overnight...
    Perhaps an auto-update?

    - Rob.
     
  18. bigbankclub

    bigbankclub Registered

    Joined:
    Dec 23, 2014
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I receive these Altered RPMs Check type emails at random. I'm not making updates or changes to the server. yet these email arrive. I understand notifications are a normal practice when enabled; but what's the trigger?

    Plus there a fix "/usr/local/cpanel/scripts/check_cpanel_rpms --fix"

    I am guessing it's safe to run.

    dovecot,2.2.21,1.cp1154-/usr/lib64/dovecot/libdovecot-login.so.0.0.0 Broken S.?......

    Is in the email - any concern?
     
  19. RobinF28

    RobinF28 Member

    Joined:
    Jun 27, 2015
    Messages:
    12
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Elgin, Scotland
    cPanel Access Level:
    Root Administrator
    Hi everyone,

    I had the exact same issue & notifications, so I followed this advise, and ultimately removed Prelink.
    Everything went according to plan (as above), and afterwards I checked with...

    Code:
    /scripts/check_cpanel_rpms --long-list
    ...and received a clean (empty) response, indicating that the issue was not now present.

    All fixed, thank you cPanel.

    - Robin.
     
    Infopro likes this.
  20. linux4me2

    linux4me2 Well-Known Member

    Joined:
    Aug 21, 2015
    Messages:
    83
    Likes Received:
    15
    Trophy Points:
    8
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    Take a look at this entry in this thread. I think it will answer all your questions.

    I have gotten the Altered RPMs email a couple of times, including this morning, and did have PRELINKING enabled. I followed cPanelPeter's instructions (after running /usr/local/cpanel/scripts/check_cpanel_rpms --fix) and they went without a hitch.
     
Loading...

Share This Page