The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

some files md5 checksum failed. CPanel update, or hacked system?

Discussion in 'Security' started by Kastwey, Apr 16, 2014.

  1. Kastwey

    Kastwey Registered

    Joined:
    Apr 8, 2014
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello,

    In first place, sorry for my bad english and my neubie questions :)
    I'm neubie in CPanel, and I'm worried. I have installed CSF and LFD, and four hours ago, it sent me an e-mail, saying that some files integrity failed.
    The message is:
    Code:
    /usr/bin/a2p: FAILED
     /usr/bin/afs5log: FAILED
     /usr/bin/certmaster-getcert: FAILED
     /usr/bin/certutil: FAILED
     /usr/bin/cmsutil: FAILED
     /usr/bin/crlutil: FAILED
     /usr/bin/curl: FAILED
     /usr/bin/cvs: FAILED
     /usr/bin/doveadm: FAILED
     /usr/bin/dsync: FAILED
     /usr/bin/elinks: FAILED
     /usr/bin/ex: FAILED
     /usr/bin/getcert: FAILED
     /usr/bin/ghostscript: FAILED
     /usr/bin/gs: FAILED
     /usr/bin/ipa-getcert: FAILED
     /usr/bin/lchfn: FAILED
     /usr/bin/lchsh: FAILED
     /usr/bin/links: FAILED
     /usr/bin/modutil: FAILED
     /usr/bin/p11-kit: FAILED
     /usr/bin/perf: FAILED
     /usr/bin/perl: FAILED
     /usr/bin/perl5.10.1: FAILED
     /usr/bin/pk12util: FAILED
     /usr/bin/pkexec: FAILED
     /usr/bin/reporter-kerneloops: FAILED
     /usr/bin/reporter-rhtsupport: FAILED
     /usr/bin/reporter-upload: FAILED
     /usr/bin/rvim: FAILED
     /usr/bin/screen: FAILED
     /usr/bin/selfsign-getcert: FAILED
     /usr/bin/signtool: FAILED
     /usr/bin/signver: FAILED
     /usr/bin/ssltap: FAILED
     /usr/bin/sss_ssh_authorizedkeys: FAILED
     /usr/bin/sss_ssh_knownhostsproxy: FAILED
     /usr/bin/vim: FAILED
     /usr/bin/vimdiff: FAILED
     /usr/bin/ypchfn: FAILED
     /usr/bin/ypchsh: FAILED
     /usr/bin/yppasswd: FAILED
     /usr/sbin/certmonger: FAILED
     /usr/sbin/exim_dbmbuild: FAILED
     /usr/sbin/exim_dumpdb: FAILED
     /usr/sbin/exim_fixdb: FAILED
     /usr/sbin/exim_lock: FAILED
     /usr/sbin/exim_tidydb: FAILED
     /usr/sbin/ipa-getkeytab: FAILED
     /usr/sbin/ipa-join: FAILED
     /usr/sbin/lchage: FAILED
     /usr/sbin/lgroupadd: FAILED
     /usr/sbin/lgroupdel: FAILED
     /usr/sbin/lgroupmod: FAILED
     /usr/sbin/lid: FAILED
     /usr/sbin/lnewusers: FAILED
     /usr/sbin/lpasswd: FAILED
     /usr/sbin/luseradd: FAILED
     /usr/sbin/luserdel: FAILED
     /usr/sbin/lusermod: FAILED
     /usr/sbin/mysqld: FAILED
     /usr/sbin/mysqld-debug: FAILED
     /usr/sbin/pluginviewer: FAILED
     /usr/sbin/sasldblistusers2: FAILED
     /usr/sbin/saslpasswd2: FAILED
     /usr/sbin/sss_cache: FAILED
     /usr/sbin/sssd: FAILED
     /usr/sbin/testsaslauthd: FAILED
     /usr/sbin/userhelper: FAILED
     /bin/csh: FAILED
     /bin/login: FAILED
     /bin/tcsh: FAILED
     /sbin/faillock: FAILED
     /sbin/mkhomedir_helper: FAILED
     /sbin/pam_console_apply: FAILED
     /sbin/pam_tally2: FAILED
     /sbin/sulogin: FAILED
    I have try to view the cpanel update log, but I can't found it.
    Can you help me?

    Thanks in advance,

    Juanjo.
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Check your update logs, /var/log/yum.log

    The packages were probably updated.

    To check /usr/sbin/sssd for example try this at a root prompt:

    Code:
    # rpm -qf /usr/sbin/sssd
    sssd-1.9.2-129.el6_5.4.x86_64
    
    # grep sssd /var/log/yum.log
    Jan 07 22:02:24 Updated: sssd-client-1.9.2-129.el6_5.4.x86_64
    Jan 07 22:02:40 Updated: sssd-1.9.2-129.el6_5.4.x86_64
    
    This shows me that package was updated in Januaury. You'll probably find your packages were recently updated. If so your system is probably OK. If the yum log does not show recent updates to those RPMs you may wish to consult a system administrator to confirm the integrity of your system.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    To answer your question, yes, the cPanel update logs will help indicate if your packages were updated automatically. It's available at:

    /var/cpanel/updatelogs/last

    Beyond that, you should follow the instructions from the quizknows in the previous post.

    Thank you.
     
Loading...

Share This Page