The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Complete list of what is updated & when

Discussion in 'General Discussion' started by mpope2, Jun 12, 2002.

  1. mpope2

    mpope2 Well-Known Member

    Joined:
    Feb 8, 2002
    Messages:
    73
    Likes Received:
    0
    Trophy Points:
    6
    Complete list of what is updated & when

    Hello,

    I am trying to get a better grasp on exactly what needs to be done security-wise to my servers. In trying to figure this out, I have determined that I must first know what Cpanel/WHM updates and when. For example, recently Bind was updated to 9.2.1 for a security release. However, when the php security vulnerability was found back in february, php was never auto-update (to the best of my knowledge).

    I would absolutely love it if the Cpanel guys could compile a list for me that contains this information. I know many other people will also want this information.

    In my opinion cpanel boxes are VERY good at keeping out the hackers, but with this information we can secure them down for good.

    Please let me know what you think of this!
     
  2. bdraco

    bdraco Guest

    [quote:0a22a6132c][i:0a22a6132c]Originally posted by mpope2[/i:0a22a6132c]


    Hello,

    I am trying to get a better grasp on exactly what needs to be done security-wise to my servers. In trying to figure this out, I have determined that I must first know what Cpanel/WHM updates and when. For example, recently Bind was updated to 9.2.1 for a security release. However, when the php security vulnerability was found back in february, php was never auto-update (to the best of my knowledge).

    I would absolutely love it if the Cpanel guys could compile a list for me that contains this information. I know many other people will also want this information.

    In my opinion cpanel boxes are VERY good at keeping out the hackers, but with this information we can secure them down for good.

    Please let me know what you think of this!
    [/quote:0a22a6132c]

    Cpanel updates: include anything in /usr/local/cpanel and below
    Secuirty Updates: Updates from redhat or mandrake (errata) depeneding on which distro you have.
    DarkORB updates: RPMS built for cPanel .. ie exim etc.


    Note: apache and modules are never updated automatticly since they are way to finicky
     
  3. mpope2

    mpope2 Well-Known Member

    Joined:
    Feb 8, 2002
    Messages:
    73
    Likes Received:
    0
    Trophy Points:
    6
    So, it appears that we only have to update the kernel and apache / apache modules. Is this correct?

    Thanks!
     
  4. bdraco

    bdraco Guest

    [quote:75409a1e47][i:75409a1e47]Originally posted by mpope2[/i:75409a1e47]


    So, it appears that we only have to update the kernel and apache / apache modules. Is this correct?

    Thanks![/quote:75409a1e47]

    that would be correct
     
  5. Mary B.

    Mary B. Member

    Joined:
    Jun 11, 2002
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    What if the /usr/local/cpanel directory is empty? Does that mean that nothing is updated? I'm baffled. Many other people seem to have contents in that directory. I don't, and I don't know why.
     
  6. DaveUsedToWorkHere

    DaveUsedToWorkHere Well-Known Member

    Joined:
    Dec 28, 2001
    Messages:
    691
    Likes Received:
    1
    Trophy Points:
    18
    [quote:dfad348a4b][i:dfad348a4b]Originally posted by Mary B.[/i:dfad348a4b]

    What if the /usr/local/cpanel directory is empty? Does that mean that nothing is updated? I'm baffled. Many other people seem to have contents in that directory. I don't, and I don't know why.[/quote:dfad348a4b]

    Mary,
    Try running /scripts/upcp. If this does not take care of it, you may have to delete the installd directory, and reinstall.
     
  7. Djelibeybi

    Djelibeybi Well-Known Member

    Joined:
    Mar 19, 2002
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    [quote:4149c64a98][i:4149c64a98]Originally posted by mpope2[/i:4149c64a98]
    So, it appears that we only have to update the kernel and apache / apache modules. Is this correct?[/quote:4149c64a98]

    Ok, I'm quite sure WHM/CPanel just automatically updated Apache to 1.3.26 and PHP 4.2.1 without any prompting. I only noticed because my site was running slow and I did a ps -aux and I could see buildapache.sea running.

    I'm the only one with root access to that box. Unless my dedicated hosting provider went and did it without asking me, CPanel did it automatically!
     
  8. shaun

    shaun Well-Known Member

    Joined:
    Nov 9, 2001
    Messages:
    698
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    San Clemente, Ca
    Djelibeybi,

    If you have a dedicated Server with a hosting company then they should be upgrading your server's software/packages. Like alot of admins i'm sure i'm sitting here now going thru box's here upgrading apache. :(
     
  9. Djelibeybi

    Djelibeybi Well-Known Member

    Joined:
    Mar 19, 2002
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    [quote:1163ab3238][i:1163ab3238]Originally posted by shaun[/i:1163ab3238]
    If you have a dedicated Server with a hosting company then they should be upgrading your server's software/packages. Like alot of admins i'm sure i'm sitting here now going thru box's here upgrading apache. :([/quote:1163ab3238]

    So it was you! I have an OChosting.com dedicated box. In fact, I'm that stupid client that had perl -w in his scripts. But, you live and learn. :)

    Now at least I can tell my users why the site went deathly slow for a few minutes.
     
  10. shaun

    shaun Well-Known Member

    Joined:
    Nov 9, 2001
    Messages:
    698
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    San Clemente, Ca
    lol, i hope i didnt call you a stupid client!? :) We try here to keep the systems as secure as possible. Actually from what i hear the perl -w is a good thing but the problem is, is that when people write these scripts (including me) they dont write them as perl would like them to be. So a hole list of warnings are displayed.

    In the begging the -W was a solution that i used when i found perl scripts that wouldnt run properly and would execute from bash but then i ended up finding out this was because sombody decided to edit them in a enriched text editor and i found the a great perl command to stip these (no it wasnt ^M either) anyway. Your server should be running as it should and you are all up2date :)
     
  11. Djelibeybi

    Djelibeybi Well-Known Member

    Joined:
    Mar 19, 2002
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    Ah, but I *was* a stupid client, so that's OK. :)

    I've installed a local Linux box so that I can learn without putting my production server at risk. At the moment, I'm playing with Apache and compiling PHP and Perl into the httpd. Fun, fun, fun.

    BTW, you should recommend any other shared server user that's running Ikonboard v3 to migrate to Invision Board instead. Its written in PHP and has built-in gzip compression, so mod_gzip isn't required to save bandwidth.

    I figure that my new Board with Invision could probably move back to shared hosting without impacting a shared hosts resources as significantly as Ikonboard does.
     
Loading...

Share This Page