Complete list of what is updated & when

[quote:0a22a6132c][i:0a22a6132c]Originally posted by mpope2[/i:0a22a6132c]


Hello,

I am trying to get a better grasp on exactly what needs to be done security-wise to my servers. In trying to figure this out, I have determined that I must first know what Cpanel/WHM updates and when. For example, recently Bind was updated to 9.2.1 for a security release. However, when the php security vulnerability was found back in february, php was never auto-update (to the best of my knowledge).

I would absolutely love it if the Cpanel guys could compile a list for me that contains this information. I know many other people will also want this information.

In my opinion cpanel boxes are VERY good at keeping out the hackers, but with this information we can secure them down for good.

Please let me know what you think of this!
[/quote:0a22a6132c]

Cpanel updates: include anything in /usr/local/cpanel and below
Secuirty Updates: Updates from redhat or mandrake (errata) depeneding on which distro you have.
DarkORB updates: RPMS built for cPanel .. ie exim etc.


Note: apache and modules are never updated automatticly since they are way to finicky

 

[quote:75409a1e47][i:75409a1e47]Originally posted by mpope2[/i:75409a1e47]


So, it appears that we only have to update the kernel and apache / apache modules. Is this correct?

Thanks![/quote:75409a1e47]

that would be correct

 

What if the /usr/local/cpanel directory is empty? Does that mean that nothing is updated? I'm baffled. Many other people seem to have contents in that directory. I don't, and I don't know why.

 

[quote:dfad348a4b][i:dfad348a4b]Originally posted by Mary B.[/i:dfad348a4b]

What if the /usr/local/cpanel directory is empty? Does that mean that nothing is updated? I'm baffled. Many other people seem to have contents in that directory. I don't, and I don't know why.[/quote:dfad348a4b]

Mary,
Try running /scripts/upcp. If this does not take care of it, you may have to delete the installd directory, and reinstall.

 

[quote:4149c64a98][i:4149c64a98]Originally posted by mpope2[/i:4149c64a98]
So, it appears that we only have to update the kernel and apache / apache modules. Is this correct?[/quote:4149c64a98]

Ok, I'm quite sure WHM/CPanel just automatically updated Apache to 1.3.26 and PHP 4.2.1 without any prompting. I only noticed because my site was running slow and I did a ps -aux and I could see buildapache.sea running.

I'm the only one with root access to that box. Unless my dedicated hosting provider went and did it without asking me, CPanel did it automatically!

 

Djelibeybi,

If you have a dedicated Server with a hosting company then they should be upgrading your server's software/packages. Like alot of admins i'm sure i'm sitting here now going thru box's here upgrading apache.

 

[quote:1163ab3238][i:1163ab3238]Originally posted by shaun[/i:1163ab3238]
If you have a dedicated Server with a hosting company then they should be upgrading your server's software/packages. Like alot of admins i'm sure i'm sitting here now going thru box's here upgrading apache. [/quote:1163ab3238]

So it was you! I have an OChosting.com dedicated box. In fact, I'm that stupid client that had perl -w in his scripts. But, you live and learn.

Now at least I can tell my users why the site went deathly slow for a few minutes.

 

lol, i hope i didnt call you a stupid client!? We try here to keep the systems as secure as possible. Actually from what i hear the perl -w is a good thing but the problem is, is that when people write these scripts (including me) they dont write them as perl would like them to be. So a hole list of warnings are displayed.

In the begging the -W was a solution that i used when i found perl scripts that wouldnt run properly and would execute from bash but then i ended up finding out this was because sombody decided to edit them in a enriched text editor and i found the a great perl command to stip these (no it wasnt ^M either) anyway. Your server should be running as it should and you are all up2date

 

Ah, but I *was* a stupid client, so that's OK.

I've installed a local Linux box so that I can learn without putting my production server at risk. At the moment, I'm playing with Apache and compiling PHP and Perl into the httpd. Fun, fun, fun.

BTW, you should recommend any other shared server user that's running Ikonboard v3 to migrate to Invision Board instead. Its written in PHP and has built-in gzip compression, so mod_gzip isn't required to save bandwidth.

I figure that my new Board with Invision could probably move back to shared hosting without impacting a shared hosts resources as significantly as Ikonboard does.