The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Problems were detected with cPanel-provided files which are RPM controlled.

Discussion in 'Security' started by regisit, Aug 1, 2013.

  1. regisit

    regisit Member

    Joined:
    Jul 31, 2013
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Overnight I received the folowing email:

    Problems were detected with cPanel-provided files which are RPM controlled.
    If you did not make these changes intentionally, you can correct them by running:

    > /usr/local/cpanel/scripts/check_cpanel_rpms --fix

    The following RPMs are found to be altered from their original install state:
    MySQL55-client,5.5.32,1.cp1136,/usr/bin/mysql
    MySQL55-server,5.5.32,1.cp1136,/usr/sbin/mysqld
    MySQL55-server,5.5.32,1.cp1136,/usr/sbin/mysqld-debug
    dovecot,1.2.17,3.cp1136,/usr/libexec/dovecot/dovecot-auth
    dovecot,1.2.17,3.cp1136,/usr/libexec/dovecot/imap-login
    dovecot,1.2.17,3.cp1136,/usr/libexec/dovecot/pop3-login
    dovecot,1.2.17,3.cp1136,/usr/libexec/dovecot/ssl-build-param
    dovecot,1.2.17,3.cp1136,/usr/sbin/dovecot
    dovecot,1.2.17,3.cp1136,/usr/sbin/dovecotpw
    exim,4.80.1,1.cp1136,/usr/sbin/exim_dbmbuild
    exim,4.80.1,1.cp1136,/usr/sbin/exim_dumpdb
    exim,4.80.1,1.cp1136,/usr/sbin/exim_fixdb
    exim,4.80.1,1.cp1136,/usr/sbin/exim_lock
    exim,4.80.1,1.cp1136,/usr/sbin/exim_tidydb

    Where do I even begin to understand why this has been generated or what, if anything, needs doing about it?

    Yesterday I did complete some work on the server:

    1. Added MySQLi support (via EasyApache)
    2. Added ConfigServer Security&Firewall
    3. Added Gnome to CentOS.

    Are these what has caused this? What happens if I don't run the fix command - do I keep getthing these? What If I do run the fix command, will that break something else?

    Or has the server been compromised in some way? If so, where do I even begin trying to track this down?

    Should someone with little/no experience of Linux(CentoOS)/WHM/cPanel even be attemtping to run a secure website on this platform, given much of what is happening on the server is an unfathomable mystery and mix of countless OpenSource components!?!

    [This is a hosted dedicated server where the hosting company provided the server preinstalled but provides zero support for running this platform.]
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    The message you received indicates the RPMs listed were altered from the original installation state. It's possible the third-party applications you installed altered these RPMS. The following command will revert the RPMS back to how they are provided by cPanel:

    Code:
    /usr/local/cpanel/scripts/check_cpanel_rpms --fix
    You can find more information on this at:

    cPanel RPM Check

    Do you experience the same issue if you update cPanel again after running the command above? Also, do you plan to stay on cPanel version 11.36 or upgrade to cPanel version 11.38?

    Thank you.
     
  3. SashaL

    SashaL Member

    Joined:
    Nov 28, 2012
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello Michael

    How can I remove these files/rpms from being checked? I don't need them anymore.

    cpanel-perl-514-Cache-Cache.1.06-1.cp1136
    cpanel-perl-514-munin.1.4.7-8.cp1136


    Thank you.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  5. SashaL

    SashaL Member

    Joined:
    Nov 28, 2012
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I've changed installed to uninstalled in /var/cpanel/rpm.versions.d/local.versions for that RPM and it looks it helped. Thank you! :)
     
  6. SashaL

    SashaL Member

    Joined:
    Nov 28, 2012
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello Michael,
    today I received the message again.
    I checked /var/cpanel/rpm.versions.d/local.versions and found 'installed' for these pachets, but I'm pretty sure nobody tried to install them again.

    the file was edited during the night, 01:11 server time. I have no idea which scheduled task did it but there are two tasks having close starting time: /usr/local/cpanel/scripts/upcp and /usr/local/cpanel/scripts/cpbackup.

    I reviewed the link you provided before but it's still unclear to me what should I do so cPanel forget about those rpms.

    Please help.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  8. SashaL

    SashaL Member

    Joined:
    Nov 28, 2012
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thank you, will check.

    The reason is that we have newer Munin on the server, whilst cPanel try to install the outdated one. This produces conflict and nervous e-mail alert.
     
Loading...

Share This Page