Reducing Unnecessary WHM/Cron Notification Emails, Sytem Updates, Integrity

jazee

Well-Known Member
Jan 12, 2015
119
4
68
cPanel Access Level
Root Administrator
I'm tired of getting bombarded with email notifications that are regarding normal system operations. Specifically the system update emails with subject <[email protected] name> (/usr/local/cpanel/scripts/fix-cpanel-perl; /usr/local/cpanel/scripts/upcp --cron)

I only want to get emails when there is an error/problem.

In addition every time there is an update there's an email about an MD5 check failure on System Integrity which is a false alert since it was caused by a system update. I'm a little surprised the system isn't 'smart' enough to filter these out caused by a System Update.

These things combined essentially create a frequent mess (when you have multiple servers) of notifications that don't actually pertain to a useful warning or critical error state. It's causing a "Boy Who Cried Wolf" scenario that now I'm so used to ignoring and deleting them it's likely I'll overlook one that is flagging an actual problem!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,213
363
Hello @jazee,

Specifically the system update emails with subject <[email protected] name> (/usr/local/cpanel/scripts/fix-cpanel-perl; /usr/local/cpanel/scripts/upcp --cron)

I only want to get emails when there is an error/problem.
We're changing the behavior in cPanel & WHM version 82 so that cPanel update cron job notifications are only sent when there's a failure. For reference, the case number is CPANEL-26113.

In addition every time there is an update there's an email about an MD5 check failure on System Integrity which is a false alert since it was caused by a system update. I'm a little surprised the system isn't 'smart' enough to filter these out caused by a System Update.
Can you provide an example of a specific instance when this occurred? Include the notification subject and body, but exclude any identifying information about your server.

Thank you.
 

jazee

Well-Known Member
Jan 12, 2015
119
4
68
cPanel Access Level
Root Administrator
You get these after every system update (I believe generated by LFD)

Code:
Subject: lfd on [redacted]: System Integrity checking detected a modified system file


Time:     Tue Jun 11 01:35:18 2019 -0700


The following list of files have FAILED the md5sum comparison test. This means that the file has been changed in some way. This could be a result of an OS update or application upgrade. If the change is unexpected it should be investigated:


/usr/bin/cpupower: FAILED

/usr/bin/dig: FAILED

/usr/bin/gapplication: FAILED

/usr/bin/gdbus: FAILED

/usr/bin/gio: FAILED

/usr/bin/gio-querymodules-64: FAILED

/usr/bin/glib-compile-schemas: FAILED

/usr/bin/gsettings: FAILED

/usr/bin/host: FAILED

/usr/bin/isc-config.sh: FAILED

/usr/bin/nslookup: FAILED

/usr/bin/nsupdate: FAILED

/usr/sbin/arpaname: FAILED

/usr/sbin/ddns-confgen: FAILED

/usr/sbin/dnssec-dsfromkey: FAILED

/usr/sbin/dnssec-importkey: FAILED

/usr/sbin/dnssec-keyfromlabel: FAILED

/usr/sbin/dnssec-keygen: FAILED

/usr/sbin/dnssec-revoke: FAILED

/usr/sbin/dnssec-settime: FAILED

/usr/sbin/dnssec-signzone: FAILED

/usr/sbin/dnssec-verify: FAILED

/usr/sbin/genrandom: FAILED

/usr/sbin/isc-hmac-fixup: FAILED

/usr/sbin/lwresd: FAILED

/usr/sbin/named: FAILED

/usr/sbin/named-checkconf: FAILED

/usr/sbin/named-checkzone: FAILED

/usr/sbin/named-compilezone: FAILED

/usr/sbin/named-journalprint: FAILED

/usr/sbin/nsec3hash: FAILED

/usr/sbin/rndc: FAILED

/usr/sbin/rndc-confgen: FAILED

/bin/cpupower: FAILED

/bin/dig: FAILED

/bin/gapplication: FAILED

/bin/gdbus: FAILED

/bin/gio: FAILED

/bin/gio-querymodules-64: FAILED

/bin/glib-compile-schemas: FAILED

/bin/gsettings: FAILED

/bin/host: FAILED

/bin/isc-config.sh: FAILED

/bin/nslookup: FAILED

/bin/nsupdate: FAILED

/sbin/arpaname: FAILED

/sbin/ddns-confgen: FAILED

/sbin/dnssec-dsfromkey: FAILED

/sbin/dnssec-importkey: FAILED

/sbin/dnssec-keyfromlabel: FAILED

/sbin/dnssec-keygen: FAILED

/sbin/dnssec-revoke: FAILED

/sbin/dnssec-settime: FAILED

/sbin/dnssec-signzone: FAILED

/sbin/dnssec-verify: FAILED

/sbin/genrandom: FAILED

/sbin/isc-hmac-fixup: FAILED

/sbin/lwresd: FAILED

/sbin/named: FAILED

/sbin/named-checkconf: FAILED

/sbin/named-checkzone: FAILED

/sbin/named-compilezone: FAILED

/sbin/named-journalprint: FAILED

/sbin/nsec3hash: FAILED

/sbin/rndc: FAILED

/sbin/rndc-confgen: FAILED

/etc/init.d/httpd: FAILED open or read
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,213
363
Hello @jazee,

Subject: lfd on [redacted]: System Integrity checking detected a modified system file
This message is coming from your CSF/LFD plugin. You may want to consider reporting a bug to the ConfigServer bug report forums to request an improvement to how this notification detects file checksum changes after updates to your system's RPMs:

Report Bugs (csf) - ConfigServer Community Forum

Alternatively, you could disable that notification in your CSF configuration settings and use an alternative such as Immunify360:

Imunify360 - home

Thank you.
 
Thread starter Similar threads Forum Replies Date
J Installation & Updates 0
Similar threads
unnecessary RPMs