System integrity check ... /usr/bin/cpan

Routes

Member
Aug 5, 2016
14
1
3
Austria
cPanel Access Level
Root Administrator
Hi,

I just did a complete fresh VPS setup / CPanel install and just got the message from security integrity checked that a file has changed, and it is /usr/bin/cpan ... /bin/cpan

I downloaded latest version of cpanel the file has a change timestamp of about 2 hours after install, same as cpan-mirrors, MD5 is applied.

Anybody had this with cpanel already??

-r-xr-xr-x 1 root root 4288 Aug 11 21:25 cpan-mirrors
-r-xr-xr-x 1 root root 8019 Aug 11 21:25 cpan

md5sum cpan
4eea975e3f226a334735154556434fe1 cpan

Thanks,
Routes

cannot edit my original post the file timestamp is pretty much install timestamp, I forgot that I made some break between setting up the machine and cpanel install, sorry
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
Hello,

Please let us know the output from the following commands and we can verify if the MD5 checksum you provided matches what's on our mirrors:

Code:
arch
cat /etc/redhat-release
cat /usr/local/cpanel/version
Thank you.
 

Routes

Member
Aug 5, 2016
14
1
3
Austria
cPanel Access Level
Root Administrator
Hi Michael,

[[email protected] routes]# arch
x86_64
[[email protected] routes]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
[[email protected] routes]# cat /usr/local/cpanel/version
11.58.0.19

But the Md5sum won't fit for sure. This is a ticket already... and it's a very long ticket until now...
The cpan version should be 1.98, it is while installed, but after about 1 hour after a clean install on a completeley clean system (CentOS 7) the cpan binary gets updated from some background process which is not 100% identified at the moment. The cpan version gets then 2.14 but not from a package install but from a rebuild of the binary(the rpm ist still 1.98)
The behaviour is reproducible even on a complete rebuild of the box in another container, so malware is 99,99999% impossible.
The only thing that is done between the clean install of cpanel and the rebuild of the binary is installation of csf, which is finished already at about 30 minutes BEFORE cpan is rebuilt.
I will give some information here when the ticket is answered, it is deposed at some specialist team at the moment.

Thanks,
Thomas
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,228
463
I will give some information here when the ticket is answered, it is deposed at some specialist team at the moment.
Could you post the ticket number here so we can update this thread with the outcome?

Thank you.