Overnight I received the folowing email:
Problems were detected with cPanel-provided files which are RPM controlled.
If you did not make these changes intentionally, you can correct them by running:
> /usr/local/cpanel/scripts/check_cpanel_rpms --fix
The following RPMs are found to be altered from their original install state:
MySQL55-client,5.5.32,1.cp1136,/usr/bin/mysql
MySQL55-server,5.5.32,1.cp1136,/usr/sbin/mysqld
MySQL55-server,5.5.32,1.cp1136,/usr/sbin/mysqld-debug
dovecot,1.2.17,3.cp1136,/usr/libexec/dovecot/dovecot-auth
dovecot,1.2.17,3.cp1136,/usr/libexec/dovecot/imap-login
dovecot,1.2.17,3.cp1136,/usr/libexec/dovecot/pop3-login
dovecot,1.2.17,3.cp1136,/usr/libexec/dovecot/ssl-build-param
dovecot,1.2.17,3.cp1136,/usr/sbin/dovecot
dovecot,1.2.17,3.cp1136,/usr/sbin/dovecotpw
exim,4.80.1,1.cp1136,/usr/sbin/exim_dbmbuild
exim,4.80.1,1.cp1136,/usr/sbin/exim_dumpdb
exim,4.80.1,1.cp1136,/usr/sbin/exim_fixdb
exim,4.80.1,1.cp1136,/usr/sbin/exim_lock
exim,4.80.1,1.cp1136,/usr/sbin/exim_tidydb
Where do I even begin to understand why this has been generated or what, if anything, needs doing about it?
Yesterday I did complete some work on the server:
1. Added MySQLi support (via EasyApache)
2. Added ConfigServer Security&Firewall
3. Added Gnome to CentOS.
Are these what has caused this? What happens if I don't run the fix command - do I keep getthing these? What If I do run the fix command, will that break something else?
Or has the server been compromised in some way? If so, where do I even begin trying to track this down?
Should someone with little/no experience of Linux(CentoOS)/WHM/cPanel even be attemtping to run a secure website on this platform, given much of what is happening on the server is an unfathomable mystery and mix of countless OpenSource components!?!
[This is a hosted dedicated server where the hosting company provided the server preinstalled but provides zero support for running this platform.]
Problems were detected with cPanel-provided files which are RPM controlled.
If you did not make these changes intentionally, you can correct them by running:
> /usr/local/cpanel/scripts/check_cpanel_rpms --fix
The following RPMs are found to be altered from their original install state:
MySQL55-client,5.5.32,1.cp1136,/usr/bin/mysql
MySQL55-server,5.5.32,1.cp1136,/usr/sbin/mysqld
MySQL55-server,5.5.32,1.cp1136,/usr/sbin/mysqld-debug
dovecot,1.2.17,3.cp1136,/usr/libexec/dovecot/dovecot-auth
dovecot,1.2.17,3.cp1136,/usr/libexec/dovecot/imap-login
dovecot,1.2.17,3.cp1136,/usr/libexec/dovecot/pop3-login
dovecot,1.2.17,3.cp1136,/usr/libexec/dovecot/ssl-build-param
dovecot,1.2.17,3.cp1136,/usr/sbin/dovecot
dovecot,1.2.17,3.cp1136,/usr/sbin/dovecotpw
exim,4.80.1,1.cp1136,/usr/sbin/exim_dbmbuild
exim,4.80.1,1.cp1136,/usr/sbin/exim_dumpdb
exim,4.80.1,1.cp1136,/usr/sbin/exim_fixdb
exim,4.80.1,1.cp1136,/usr/sbin/exim_lock
exim,4.80.1,1.cp1136,/usr/sbin/exim_tidydb
Where do I even begin to understand why this has been generated or what, if anything, needs doing about it?
Yesterday I did complete some work on the server:
1. Added MySQLi support (via EasyApache)
2. Added ConfigServer Security&Firewall
3. Added Gnome to CentOS.
Are these what has caused this? What happens if I don't run the fix command - do I keep getthing these? What If I do run the fix command, will that break something else?
Or has the server been compromised in some way? If so, where do I even begin trying to track this down?
Should someone with little/no experience of Linux(CentoOS)/WHM/cPanel even be attemtping to run a secure website on this platform, given much of what is happening on the server is an unfathomable mystery and mix of countless OpenSource components!?!
[This is a hosted dedicated server where the hosting company provided the server preinstalled but provides zero support for running this platform.]
