some files md5 checksum failed. CPanel update, or hacked system?

Kastwey

Registered
Apr 8, 2014
1
0
1
cPanel Access Level
Root Administrator
Hello,

In first place, sorry for my bad english and my neubie questions :)
I'm neubie in CPanel, and I'm worried. I have installed CSF and LFD, and four hours ago, it sent me an e-mail, saying that some files integrity failed.
The message is:
Code:
/usr/bin/a2p: FAILED
 /usr/bin/afs5log: FAILED
 /usr/bin/certmaster-getcert: FAILED
 /usr/bin/certutil: FAILED
 /usr/bin/cmsutil: FAILED
 /usr/bin/crlutil: FAILED
 /usr/bin/curl: FAILED
 /usr/bin/cvs: FAILED
 /usr/bin/doveadm: FAILED
 /usr/bin/dsync: FAILED
 /usr/bin/elinks: FAILED
 /usr/bin/ex: FAILED
 /usr/bin/getcert: FAILED
 /usr/bin/ghostscript: FAILED
 /usr/bin/gs: FAILED
 /usr/bin/ipa-getcert: FAILED
 /usr/bin/lchfn: FAILED
 /usr/bin/lchsh: FAILED
 /usr/bin/links: FAILED
 /usr/bin/modutil: FAILED
 /usr/bin/p11-kit: FAILED
 /usr/bin/perf: FAILED
 /usr/bin/perl: FAILED
 /usr/bin/perl5.10.1: FAILED
 /usr/bin/pk12util: FAILED
 /usr/bin/pkexec: FAILED
 /usr/bin/reporter-kerneloops: FAILED
 /usr/bin/reporter-rhtsupport: FAILED
 /usr/bin/reporter-upload: FAILED
 /usr/bin/rvim: FAILED
 /usr/bin/screen: FAILED
 /usr/bin/selfsign-getcert: FAILED
 /usr/bin/signtool: FAILED
 /usr/bin/signver: FAILED
 /usr/bin/ssltap: FAILED
 /usr/bin/sss_ssh_authorizedkeys: FAILED
 /usr/bin/sss_ssh_knownhostsproxy: FAILED
 /usr/bin/vim: FAILED
 /usr/bin/vimdiff: FAILED
 /usr/bin/ypchfn: FAILED
 /usr/bin/ypchsh: FAILED
 /usr/bin/yppasswd: FAILED
 /usr/sbin/certmonger: FAILED
 /usr/sbin/exim_dbmbuild: FAILED
 /usr/sbin/exim_dumpdb: FAILED
 /usr/sbin/exim_fixdb: FAILED
 /usr/sbin/exim_lock: FAILED
 /usr/sbin/exim_tidydb: FAILED
 /usr/sbin/ipa-getkeytab: FAILED
 /usr/sbin/ipa-join: FAILED
 /usr/sbin/lchage: FAILED
 /usr/sbin/lgroupadd: FAILED
 /usr/sbin/lgroupdel: FAILED
 /usr/sbin/lgroupmod: FAILED
 /usr/sbin/lid: FAILED
 /usr/sbin/lnewusers: FAILED
 /usr/sbin/lpasswd: FAILED
 /usr/sbin/luseradd: FAILED
 /usr/sbin/luserdel: FAILED
 /usr/sbin/lusermod: FAILED
 /usr/sbin/mysqld: FAILED
 /usr/sbin/mysqld-debug: FAILED
 /usr/sbin/pluginviewer: FAILED
 /usr/sbin/sasldblistusers2: FAILED
 /usr/sbin/saslpasswd2: FAILED
 /usr/sbin/sss_cache: FAILED
 /usr/sbin/sssd: FAILED
 /usr/sbin/testsaslauthd: FAILED
 /usr/sbin/userhelper: FAILED
 /bin/csh: FAILED
 /bin/login: FAILED
 /bin/tcsh: FAILED
 /sbin/faillock: FAILED
 /sbin/mkhomedir_helper: FAILED
 /sbin/pam_console_apply: FAILED
 /sbin/pam_tally2: FAILED
 /sbin/sulogin: FAILED
I have try to view the cpanel update log, but I can't found it.
Can you help me?

Thanks in advance,

Juanjo.
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
Check your update logs, /var/log/yum.log

The packages were probably updated.

To check /usr/sbin/sssd for example try this at a root prompt:

Code:
# rpm -qf /usr/sbin/sssd
sssd-1.9.2-129.el6_5.4.x86_64

# grep sssd /var/log/yum.log
Jan 07 22:02:24 Updated: sssd-client-1.9.2-129.el6_5.4.x86_64
Jan 07 22:02:40 Updated: sssd-1.9.2-129.el6_5.4.x86_64
This shows me that package was updated in Januaury. You'll probably find your packages were recently updated. If so your system is probably OK. If the yum log does not show recent updates to those RPMs you may wish to consult a system administrator to confirm the integrity of your system.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,222
463
Hello :)

To answer your question, yes, the cPanel update logs will help indicate if your packages were updated automatically. It's available at:

/var/cpanel/updatelogs/last

Beyond that, you should follow the instructions from the quizknows in the previous post.

Thank you.