some files md5 checksum failed. CPanel update, or hacked system?

[Kastwey]

Hello,

In first place, sorry for my bad english and my neubie questions
I'm neubie in CPanel, and I'm worried. I have installed CSF and LFD, and four hours ago, it sent me an e-mail, saying that some files integrity failed.
The message is:

/usr/bin/a2p: FAILED
 /usr/bin/afs5log: FAILED
 /usr/bin/certmaster-getcert: FAILED
 /usr/bin/certutil: FAILED
 /usr/bin/cmsutil: FAILED
 /usr/bin/crlutil: FAILED
 /usr/bin/curl: FAILED
 /usr/bin/cvs: FAILED
 /usr/bin/doveadm: FAILED
 /usr/bin/dsync: FAILED
 /usr/bin/elinks: FAILED
 /usr/bin/ex: FAILED
 /usr/bin/getcert: FAILED
 /usr/bin/ghostscript: FAILED
 /usr/bin/gs: FAILED
 /usr/bin/ipa-getcert: FAILED
 /usr/bin/lchfn: FAILED
 /usr/bin/lchsh: FAILED
 /usr/bin/links: FAILED
 /usr/bin/modutil: FAILED
 /usr/bin/p11-kit: FAILED
 /usr/bin/perf: FAILED
 /usr/bin/perl: FAILED
 /usr/bin/perl5.10.1: FAILED
 /usr/bin/pk12util: FAILED
 /usr/bin/pkexec: FAILED
 /usr/bin/reporter-kerneloops: FAILED
 /usr/bin/reporter-rhtsupport: FAILED
 /usr/bin/reporter-upload: FAILED
 /usr/bin/rvim: FAILED
 /usr/bin/screen: FAILED
 /usr/bin/selfsign-getcert: FAILED
 /usr/bin/signtool: FAILED
 /usr/bin/signver: FAILED
 /usr/bin/ssltap: FAILED
 /usr/bin/sss_ssh_authorizedkeys: FAILED
 /usr/bin/sss_ssh_knownhostsproxy: FAILED
 /usr/bin/vim: FAILED
 /usr/bin/vimdiff: FAILED
 /usr/bin/ypchfn: FAILED
 /usr/bin/ypchsh: FAILED
 /usr/bin/yppasswd: FAILED
 /usr/sbin/certmonger: FAILED
 /usr/sbin/exim_dbmbuild: FAILED
 /usr/sbin/exim_dumpdb: FAILED
 /usr/sbin/exim_fixdb: FAILED
 /usr/sbin/exim_lock: FAILED
 /usr/sbin/exim_tidydb: FAILED
 /usr/sbin/ipa-getkeytab: FAILED
 /usr/sbin/ipa-join: FAILED
 /usr/sbin/lchage: FAILED
 /usr/sbin/lgroupadd: FAILED
 /usr/sbin/lgroupdel: FAILED
 /usr/sbin/lgroupmod: FAILED
 /usr/sbin/lid: FAILED
 /usr/sbin/lnewusers: FAILED
 /usr/sbin/lpasswd: FAILED
 /usr/sbin/luseradd: FAILED
 /usr/sbin/luserdel: FAILED
 /usr/sbin/lusermod: FAILED
 /usr/sbin/mysqld: FAILED
 /usr/sbin/mysqld-debug: FAILED
 /usr/sbin/pluginviewer: FAILED
 /usr/sbin/sasldblistusers2: FAILED
 /usr/sbin/saslpasswd2: FAILED
 /usr/sbin/sss_cache: FAILED
 /usr/sbin/sssd: FAILED
 /usr/sbin/testsaslauthd: FAILED
 /usr/sbin/userhelper: FAILED
 /bin/csh: FAILED
 /bin/login: FAILED
 /bin/tcsh: FAILED
 /sbin/faillock: FAILED
 /sbin/mkhomedir_helper: FAILED
 /sbin/pam_console_apply: FAILED
 /sbin/pam_tally2: FAILED
 /sbin/sulogin: FAILED

I have try to view the cpanel update log, but I can't found it.
Can you help me?

Thanks in advance,

Juanjo.

 

[quizknows]

Check your update logs, /var/log/yum.log

The packages were probably updated.

To check /usr/sbin/sssd for example try this at a root prompt:

# rpm -qf /usr/sbin/sssd
sssd-1.9.2-129.el6_5.4.x86_64

# grep sssd /var/log/yum.log
Jan 07 22:02:24 Updated: sssd-client-1.9.2-129.el6_5.4.x86_64
Jan 07 22:02:40 Updated: sssd-1.9.2-129.el6_5.4.x86_64

This shows me that package was updated in Januaury. You'll probably find your packages were recently updated. If so your system is probably OK. If the yum log does not show recent updates to those RPMs you may wish to consult a system administrator to confirm the integrity of your system.

 

[cPanelMichael]

Hello

To answer your question, yes, the cPanel update logs will help indicate if your packages were updated automatically. It's available at:

/var/cpanel/updatelogs/last

Beyond that, you should follow the instructions from the quizknows in the previous post.

Thank you.