Security Alerts after editing Horde config

[joako]

I need to edit horde config to be able to view a preview of some files online -- instead of having to download it. However after this I get an email daily:

The system detected problems with the following cPanel-provided files that the RPM controls:
RPM Status Additional Information
cpanel-php54-horde,5.2.5,13.cp1152-/usr/local/cpanel/base/horde/config/mime_drivers.php Broken S.5....T.
If you did not make these changes intentionally, execute the following command as the root user to correct them:
/usr/local/cpanel/scripts/check_cpanel_rpms --fix


The issue is when I run that command it will revert the changes I made. How can I stop these alerts for this particular file while ensuring I will still get the alert if there's legitimate tampering with system files?

 

[cPanelMichael]

How can I stop these alerts for this particular file while ensuring I will still get the alert if there's legitimate tampering with system files?

Hello,

You can configure this RPM as unmanaged via the instructions in the following document:

How to Set or Unset RPM Management - cPanel Knowledge Base - cPanel Documentation

However, keep in mind that cPanel will no longer manage this RPM, thus the RPMs require manual upgrades and maintenance. Also, to answer your other question, it's not possible to exclude a specific file from RPM management, only the RPM itself.

Thank you.

 

[joako]

There has to be a way to keep it updated. This is a configuration file, and editing a configuration file should not cause security alerts nor should it prevent software from receiving future updates. I would file a bug report but you guys don't consider anything a bug and don't take security seriously! When I filed a ticket I was told to suppress ALL the tampered RPM alerts which obviously isn't a good idea.

/edit: Nice! bug reports aren't even accepted any longer. Says
Unable to load support form. Please contact Customer Service

 

[cPanelMichael]

Hello,

Are you making this modification for the HTML inline option with Horde? If so, we do have a feature request you can vote and add feedback to at:

Add a Tweak Setting when choosing Horde to turn HTML inline on or off

Could you verify how you are currently making the modification to the configuration file after each update? Is it via a post-upcp hook?

Thank you.

 

[cPanelMichael]

/edit: Nice! bug reports aren't even accepted any longer. Says
Unable to load support form. Please contact Customer Service

Is the form still failing to load? If so, could you let us know which URL you are accessing?

Thank you.

 

[joako]

I am making the change to the configuration file manually one time with a text editor per the Horde documentation. A GUI would be nice but I don't have one to infinity years to wait for the feature request to go through.

I'm using the link above that says Defects. Form loads but there's an error when you submit it.

 

[cPanelMichael]

I am making the change to the configuration file manually one time with a text editor per the Horde documentation.

Hello,

Voting and adding feedback to the previously mentioned feature request is the best course of action:

Add a Tweak Setting when choosing Horde to turn HTML inline on or off

In the meantime, you can follow the instructions on the following comment from this feature request if you want to ensure the change is preserved after cPanel updates:

Add a Tweak Setting when choosing Horde to turn HTML inline on or off

Thank you.

 

[joako]

All I want to do is exclude the config file from the RPM tamper alerts.

 

[cPanelMichael]

All I want to do is exclude the config file from the RPM tamper alerts.

Manipulating the files provided via an RPM will result in that warning message because the file checksum will differ to what's expected, triggering the alert. For instance, here's the RPM associated with the file you are editing:

# rpm -qf /usr/local/cpanel/base/horde/imp/config/mime_drivers.php
cpanel-php54-imp-6.2.8-6.cp1152.noarch

You can't exclude specific files from the RPM verification check, so the best way to address the issue is to setup a hook that updates the specific line in the file after cPanel updates, and then create an email filter for that specific RPM notification based on the message body to discard the message.

Thank you.

 

[joako]

Manipulating the files provided via an RPM will result in that warning message because the file checksum will differ to what's expected, triggering the alert.

The problem is this is a configuration file. Configuration files are supposed to be changed and should not trigger a security warning.

create an email filter for that specific RPM notification based on the message body to discard the message.

Then why not disable fully the RPM check? Because every email from the RPM check is going to match the filter and get discarded. The idea should be to get these important alerts if an RPM is actually modified, for e.g. the system is exploited and executable files are compromised. Obviously Cpanel doesn't take security matters very seriously.

 

[cPanelMichael]

I believe the primary issue here is the lack of a global configuration file for Horde to handle these types of changes without modifying files associated with the RPM. This is why voting and adding feedback to the following feature request is the best course of action to see a change in the product:

Add a Tweak Setting when choosing Horde to turn HTML inline on or off

Thank you.

 

[joako]

I voted, has it been fixed yet?

 

[cPanelMichael]

There's no update to report at this time, however I've also voted for the feature request. I encourage anyone that wants to see this feature to continue to vote and add feedback at:

Add a Tweak Setting when choosing Horde to turn HTML inline on or off

In the meantime, the temporary workaround in the "Comments" section should work to automatically adjust this setting after each update.

Thank you.