Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Security Alerts after editing Horde config

Discussion in 'Security' started by joako, Apr 29, 2016.

Tags:
  1. joako

    joako Well-Known Member

    Joined:
    Aug 7, 2003
    Messages:
    112
    Likes Received:
    2
    Trophy Points:
    168
    cPanel Access Level:
    DataCenter Provider
    I need to edit horde config to be able to view a preview of some files online -- instead of having to download it. However after this I get an email daily:

    The system detected problems with the following cPanel-provided files that the RPM controls:
    RPM Status Additional Information
    cpanel-php54-horde,5.2.5,13.cp1152-/usr/local/cpanel/base/horde/config/mime_drivers.php Broken S.5....T.
    If you did not make these changes intentionally, execute the following command as the root user to correct them:
    /usr/local/cpanel/scripts/check_cpanel_rpms --fix


    The issue is when I run that command it will revert the changes I made. How can I stop these alerts for this particular file while ensuring I will still get the alert if there's legitimate tampering with system files?
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,896
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    You can configure this RPM as unmanaged via the instructions in the following document:

    How to Set or Unset RPM Management - cPanel Knowledge Base - cPanel Documentation

    However, keep in mind that cPanel will no longer manage this RPM, thus the RPMs require manual upgrades and maintenance. Also, to answer your other question, it's not possible to exclude a specific file from RPM management, only the RPM itself.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. joako

    joako Well-Known Member

    Joined:
    Aug 7, 2003
    Messages:
    112
    Likes Received:
    2
    Trophy Points:
    168
    cPanel Access Level:
    DataCenter Provider
    There has to be a way to keep it updated. This is a configuration file, and editing a configuration file should not cause security alerts nor should it prevent software from receiving future updates. I would file a bug report but you guys don't consider anything a bug and don't take security seriously! When I filed a ticket I was told to suppress ALL the tampered RPM alerts which obviously isn't a good idea.

    /edit: Nice! bug reports aren't even accepted any longer. Says
    Unable to load support form. Please contact Customer Service
     
    #3 joako, May 2, 2016
    Last edited by a moderator: May 2, 2016
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,896
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Are you making this modification for the HTML inline option with Horde? If so, we do have a feature request you can vote and add feedback to at:

    Add a Tweak Setting when choosing Horde to turn HTML inline on or off

    Could you verify how you are currently making the modification to the configuration file after each update? Is it via a post-upcp hook?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,896
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Is the form still failing to load? If so, could you let us know which URL you are accessing?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. joako

    joako Well-Known Member

    Joined:
    Aug 7, 2003
    Messages:
    112
    Likes Received:
    2
    Trophy Points:
    168
    cPanel Access Level:
    DataCenter Provider
    I am making the change to the configuration file manually one time with a text editor per the Horde documentation. A GUI would be nice but I don't have one to infinity years to wait for the feature request to go through.

    I'm using the link above that says Defects. Form loads but there's an error when you submit it.
     
  7. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,896
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Voting and adding feedback to the previously mentioned feature request is the best course of action:

    Add a Tweak Setting when choosing Horde to turn HTML inline on or off

    In the meantime, you can follow the instructions on the following comment from this feature request if you want to ensure the change is preserved after cPanel updates:

    Add a Tweak Setting when choosing Horde to turn HTML inline on or off

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. joako

    joako Well-Known Member

    Joined:
    Aug 7, 2003
    Messages:
    112
    Likes Received:
    2
    Trophy Points:
    168
    cPanel Access Level:
    DataCenter Provider
    All I want to do is exclude the config file from the RPM tamper alerts.
     
  9. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,896
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Manipulating the files provided via an RPM will result in that warning message because the file checksum will differ to what's expected, triggering the alert. For instance, here's the RPM associated with the file you are editing:

    Code:
    # rpm -qf /usr/local/cpanel/base/horde/imp/config/mime_drivers.php
    cpanel-php54-imp-6.2.8-6.cp1152.noarch
    You can't exclude specific files from the RPM verification check, so the best way to address the issue is to setup a hook that updates the specific line in the file after cPanel updates, and then create an email filter for that specific RPM notification based on the message body to discard the message.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. joako

    joako Well-Known Member

    Joined:
    Aug 7, 2003
    Messages:
    112
    Likes Received:
    2
    Trophy Points:
    168
    cPanel Access Level:
    DataCenter Provider
    The problem is this is a configuration file. Configuration files are supposed to be changed and should not trigger a security warning.

    Then why not disable fully the RPM check? Because every email from the RPM check is going to match the filter and get discarded. The idea should be to get these important alerts if an RPM is actually modified, for e.g. the system is exploited and executable files are compromised. Obviously Cpanel doesn't take security matters very seriously.
     
  11. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,896
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    I believe the primary issue here is the lack of a global configuration file for Horde to handle these types of changes without modifying files associated with the RPM. This is why voting and adding feedback to the following feature request is the best course of action to see a change in the product:

    Add a Tweak Setting when choosing Horde to turn HTML inline on or off

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. joako

    joako Well-Known Member

    Joined:
    Aug 7, 2003
    Messages:
    112
    Likes Received:
    2
    Trophy Points:
    168
    cPanel Access Level:
    DataCenter Provider
    I voted, has it been fixed yet?
     
  13. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,802
    Likes Received:
    1,896
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    There's no update to report at this time, however I've also voted for the feature request. I encourage anyone that wants to see this feature to continue to vote and add feedback at:

    Add a Tweak Setting when choosing Horde to turn HTML inline on or off

    In the meantime, the temporary workaround in the "Comments" section should work to automatically adjust this setting after each update.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice