The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security Alerts after editing Horde config

Discussion in 'Security' started by joako, Apr 29, 2016.

Tags:
  1. joako

    joako Well-Known Member

    Joined:
    Aug 7, 2003
    Messages:
    97
    Likes Received:
    2
    Trophy Points:
    8
    I need to edit horde config to be able to view a preview of some files online -- instead of having to download it. However after this I get an email daily:

    The system detected problems with the following cPanel-provided files that the RPM controls:
    RPM Status Additional Information
    cpanel-php54-horde,5.2.5,13.cp1152-/usr/local/cpanel/base/horde/config/mime_drivers.php Broken S.5....T.
    If you did not make these changes intentionally, execute the following command as the root user to correct them:
    /usr/local/cpanel/scripts/check_cpanel_rpms --fix


    The issue is when I run that command it will revert the changes I made. How can I stop these alerts for this particular file while ensuring I will still get the alert if there's legitimate tampering with system files?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    You can configure this RPM as unmanaged via the instructions in the following document:

    How to Set or Unset RPM Management - cPanel Knowledge Base - cPanel Documentation

    However, keep in mind that cPanel will no longer manage this RPM, thus the RPMs require manual upgrades and maintenance. Also, to answer your other question, it's not possible to exclude a specific file from RPM management, only the RPM itself.

    Thank you.
     
  3. joako

    joako Well-Known Member

    Joined:
    Aug 7, 2003
    Messages:
    97
    Likes Received:
    2
    Trophy Points:
    8
    There has to be a way to keep it updated. This is a configuration file, and editing a configuration file should not cause security alerts nor should it prevent software from receiving future updates. I would file a bug report but you guys don't consider anything a bug and don't take security seriously! When I filed a ticket I was told to suppress ALL the tampered RPM alerts which obviously isn't a good idea.

    /edit: Nice! bug reports aren't even accepted any longer. Says
    Unable to load support form. Please contact Customer Service
     
    #3 joako, May 2, 2016
    Last edited by a moderator: May 2, 2016
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Are you making this modification for the HTML inline option with Horde? If so, we do have a feature request you can vote and add feedback to at:

    Add a Tweak Setting when choosing Horde to turn HTML inline on or off

    Could you verify how you are currently making the modification to the configuration file after each update? Is it via a post-upcp hook?

    Thank you.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Is the form still failing to load? If so, could you let us know which URL you are accessing?

    Thank you.
     
  6. joako

    joako Well-Known Member

    Joined:
    Aug 7, 2003
    Messages:
    97
    Likes Received:
    2
    Trophy Points:
    8
    I am making the change to the configuration file manually one time with a text editor per the Horde documentation. A GUI would be nice but I don't have one to infinity years to wait for the feature request to go through.

    I'm using the link above that says Defects. Form loads but there's an error when you submit it.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Voting and adding feedback to the previously mentioned feature request is the best course of action:

    Add a Tweak Setting when choosing Horde to turn HTML inline on or off

    In the meantime, you can follow the instructions on the following comment from this feature request if you want to ensure the change is preserved after cPanel updates:

    Add a Tweak Setting when choosing Horde to turn HTML inline on or off

    Thank you.
     
  8. joako

    joako Well-Known Member

    Joined:
    Aug 7, 2003
    Messages:
    97
    Likes Received:
    2
    Trophy Points:
    8
    All I want to do is exclude the config file from the RPM tamper alerts.
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Manipulating the files provided via an RPM will result in that warning message because the file checksum will differ to what's expected, triggering the alert. For instance, here's the RPM associated with the file you are editing:

    Code:
    # rpm -qf /usr/local/cpanel/base/horde/imp/config/mime_drivers.php
    cpanel-php54-imp-6.2.8-6.cp1152.noarch
    You can't exclude specific files from the RPM verification check, so the best way to address the issue is to setup a hook that updates the specific line in the file after cPanel updates, and then create an email filter for that specific RPM notification based on the message body to discard the message.

    Thank you.
     
  10. joako

    joako Well-Known Member

    Joined:
    Aug 7, 2003
    Messages:
    97
    Likes Received:
    2
    Trophy Points:
    8
    The problem is this is a configuration file. Configuration files are supposed to be changed and should not trigger a security warning.

    Then why not disable fully the RPM check? Because every email from the RPM check is going to match the filter and get discarded. The idea should be to get these important alerts if an RPM is actually modified, for e.g. the system is exploited and executable files are compromised. Obviously Cpanel doesn't take security matters very seriously.
     
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    I believe the primary issue here is the lack of a global configuration file for Horde to handle these types of changes without modifying files associated with the RPM. This is why voting and adding feedback to the following feature request is the best course of action to see a change in the product:

    Add a Tweak Setting when choosing Horde to turn HTML inline on or off

    Thank you.
     
  12. joako

    joako Well-Known Member

    Joined:
    Aug 7, 2003
    Messages:
    97
    Likes Received:
    2
    Trophy Points:
    8
    I voted, has it been fixed yet?
     
  13. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    There's no update to report at this time, however I've also voted for the feature request. I encourage anyone that wants to see this feature to continue to vote and add feedback at:

    Add a Tweak Setting when choosing Horde to turn HTML inline on or off

    In the meantime, the temporary workaround in the "Comments" section should work to automatically adjust this setting after each update.

    Thank you.
     
Loading...

Share This Page