Should I Update with RPM or Let cPanel Handle it?

selfg

Member
May 1, 2004
13
0
151
Small Web Server for a department in a Community College
RedHat Enterprise ES 3

I recently installed cPanel on a server with a newly-formatted disk. I set up APF and then ran Nessus. I received a number of "Severity: High" warnings from Nessus and wondered if the best course of action is for me to update my system manually or let cPanel update it during its routine processes.

For example, I received several warnings about Mailman with advise to upgrade to Mailman 2.1.6b1. However, I'm not sure if I manually update Mailman would that break cPanel? Does cPanel update these types of modules automatically? I'm not sure if there is an RPM for mailman, but it is no problem for me to download the source and compile it on my machine. However, does it make any difference if there is an RPM for a given package (like Mailman)? Does an RPM make it less likely to break cPanel if I install it?

I do not want to do anything to break cPanel (it has made my life so much easier!); but, of course, I also do not want to leave a security hole open. I appreciate any advice you can offer.
 

ccccanada

Well-Known Member
Jan 17, 2003
279
0
166
Cpanel usually patches security holes so I would recomend waiting for Cpanel to update the software.
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,466
31
473
Go on, have a guess
Indeed. Nessus usually throws up a whole slew of false-positives because by its very nature it disregards the fact RH backport security fixes into packages. I've never found it to be particularly useful for that reason.
 

selfg

Member
May 1, 2004
13
0
151
Thanks

Thanks for your thoughts - this helps. --George
 

DeadManWalking

Well-Known Member
Dec 9, 2004
49
2
158
Japan
I have same problem with mailman.
One of my friend (I host him in my server) is trying to get a "HackerProof" seal from a company, and he cannot get it because this "Security Hole in Mailman" warning of Nessus.

I have tried to install 2.1.6b2 manually, but it installs to /etc/local/mailman, and when I access the mailman admin pages, I see that version is 2.1.6...

Until cPanel comes up with a patch, is there any way to install the mailman over cPanel's mailman?

Thanks...