Security Alerts after editing Horde config

joako

Well-Known Member
Aug 7, 2003
112
2
168
cPanel Access Level
DataCenter Provider
I need to edit horde config to be able to view a preview of some files online -- instead of having to download it. However after this I get an email daily:

The system detected problems with the following cPanel-provided files that the RPM controls:
RPM Status Additional Information
cpanel-php54-horde,5.2.5,13.cp1152-/usr/local/cpanel/base/horde/config/mime_drivers.php Broken S.5....T.
If you did not make these changes intentionally, execute the following command as the root user to correct them:
/usr/local/cpanel/scripts/check_cpanel_rpms --fix


The issue is when I run that command it will revert the changes I made. How can I stop these alerts for this particular file while ensuring I will still get the alert if there's legitimate tampering with system files?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,216
363
How can I stop these alerts for this particular file while ensuring I will still get the alert if there's legitimate tampering with system files?
Hello,

You can configure this RPM as unmanaged via the instructions in the following document:

How to Set or Unset RPM Management - cPanel Knowledge Base - cPanel Documentation

However, keep in mind that cPanel will no longer manage this RPM, thus the RPMs require manual upgrades and maintenance. Also, to answer your other question, it's not possible to exclude a specific file from RPM management, only the RPM itself.

Thank you.
 

joako

Well-Known Member
Aug 7, 2003
112
2
168
cPanel Access Level
DataCenter Provider
There has to be a way to keep it updated. This is a configuration file, and editing a configuration file should not cause security alerts nor should it prevent software from receiving future updates. I would file a bug report but you guys don't consider anything a bug and don't take security seriously! When I filed a ticket I was told to suppress ALL the tampered RPM alerts which obviously isn't a good idea.

/edit: Nice! bug reports aren't even accepted any longer. Says
Unable to load support form. Please contact Customer Service
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,216
363
/edit: Nice! bug reports aren't even accepted any longer. Says
Unable to load support form. Please contact Customer Service
Is the form still failing to load? If so, could you let us know which URL you are accessing?

Thank you.
 

joako

Well-Known Member
Aug 7, 2003
112
2
168
cPanel Access Level
DataCenter Provider
I am making the change to the configuration file manually one time with a text editor per the Horde documentation. A GUI would be nice but I don't have one to infinity years to wait for the feature request to go through.

I'm using the link above that says Defects. Form loads but there's an error when you submit it.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,216
363
I am making the change to the configuration file manually one time with a text editor per the Horde documentation.
Hello,

Voting and adding feedback to the previously mentioned feature request is the best course of action:

Add a Tweak Setting when choosing Horde to turn HTML inline on or off

In the meantime, you can follow the instructions on the following comment from this feature request if you want to ensure the change is preserved after cPanel updates:

Add a Tweak Setting when choosing Horde to turn HTML inline on or off

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,216
363
All I want to do is exclude the config file from the RPM tamper alerts.
Manipulating the files provided via an RPM will result in that warning message because the file checksum will differ to what's expected, triggering the alert. For instance, here's the RPM associated with the file you are editing:

Code:
# rpm -qf /usr/local/cpanel/base/horde/imp/config/mime_drivers.php
cpanel-php54-imp-6.2.8-6.cp1152.noarch
You can't exclude specific files from the RPM verification check, so the best way to address the issue is to setup a hook that updates the specific line in the file after cPanel updates, and then create an email filter for that specific RPM notification based on the message body to discard the message.

Thank you.
 

joako

Well-Known Member
Aug 7, 2003
112
2
168
cPanel Access Level
DataCenter Provider
Manipulating the files provided via an RPM will result in that warning message because the file checksum will differ to what's expected, triggering the alert.
The problem is this is a configuration file. Configuration files are supposed to be changed and should not trigger a security warning.

create an email filter for that specific RPM notification based on the message body to discard the message.
Then why not disable fully the RPM check? Because every email from the RPM check is going to match the filter and get discarded. The idea should be to get these important alerts if an RPM is actually modified, for e.g. the system is exploited and executable files are compromised. Obviously Cpanel doesn't take security matters very seriously.