LFD Warning

[hrr1963]

I have this new VPS, which I just finished setting up the other day. Today I received an email that upcp cron executed. Which is perfectly ok.

Then 20 minutes later I received an lfd warnings, which is ok, because if system files updated, the md5 shouldn't match. What is rare is that I was not able to relate these changes to the cPanel update, went through the logs (maybe didn't saw it), so I'm posting it here, just in case anybody have more info:

I think these are related to the PHP GD, again I was not able to see them in the log.

Thanks

------------
The following list of files have FAILED the md5sum comparison test. This means that the file has been changed in some way. This could be a result of an OS update or application upgrade. If the change is unexpected it should be investigated:

/usr/bin/annotate: FAILED
/usr/bin/gd2copypal: FAILED
/usr/bin/gd2togif: FAILED
/usr/bin/gd2topng: FAILED
/usr/bin/gdcmpgif: FAILED
/usr/bin/gdparttopng: FAILED
/usr/bin/gdtopng: FAILED
/usr/bin/giftogd2: FAILED
/usr/bin/pngtogd: FAILED
/usr/bin/pngtogd2: FAILED
/usr/bin/sxpm: FAILED
/usr/bin/webpng: FAILED
---------------------------------
Thanks

 

[vanessa]

Yes, these are related to GD. You can check /var/log/yum.log to see if the packages updated. In the future, if you're not sure what packages these files belong to, just use yum whatprovides, ie:

yum whatprovides /usr/bin/webpng:

gd-progs-2.0.35-11.el6.x86_64 : Utility programs that use libgd

 

[hrr1963]

Thank you for your response. I'm not able to see in the upcp log any reference to a GD package updated. Maybe I'm overlooking something... ?

Yes, these are related to GD. You can check /var/log/yum.log to see if the packages updated. In the future, if you're not sure what packages these files belong to, just use yum whatprovides, ie:

yum whatprovides /usr/bin/webpng:

gd-progs-2.0.35-11.el6.x86_64 : Utility programs that use libgd

 

[vanessa]

It may have been a system package update, which will be executed during a cPanel update if you have that option selected in your update configuration. Did you check /var/log/yum.log as advised previously?

 

[hrr1963]

Yes, I was replying, but went to check some configuration. For example LF_integrity is set to 3600 sec, which means it should verify each hour at least.

Knowing that...

I did verify the yum log. I see updates entries for gd-progs and libX (sxpm) but those are from Feb 9 around 11PM.
Then looking through the logs, lfd detected the above changes at : Feb 10 20:00:04, but I received a previous lfd warning regarding php at: Feb 10 01:00:07 , which was at the time of using EasyApache.

Don't you think that , since every hour lfd is executed, I should at least received that list appended to the list of PHP or around that time?

Basically a whole day passed and lfd didn't notice, that is what I found strange and concerning. Which lead me to question the validity of these files.

 

[vanessa]

I don't find it strange at all. I have dozens of clients that run LFD (and I ran it myself at one point), and we see this issue all the time. LFD doesn't check every binary on the server every time it runs - doing so would be incredibly resource expensive.

 

[cPanelMichael]

Hello

You can always browse to "WHM Home » Server Configuration » Update Preferences" and modify the setting for "Operating System Package Updates" so that you run them manually. This might help you to verify that package updates through YUM only occur when you update them manually. However, it would be important that you update the packages on a regular basis.

Thank you.