SOLVED Update /usr/sbin/intel-microcode2ucode: FAILED

[uk01]

Hi, I don't normally worry about file changes straight after an update but thought I'd check this one due to the severity of the Intel vulnerabilities.

Has the cpanel update this morning changed this file?

Time: Fri Sep 14 02:00:18 2018 +0100

The following list of files have FAILED the md5sum comparison test. This means that the file has been changed in some way. This could be a result of an OS update or application upgrade. If the change is unexpected it should be investigated:

/usr/sbin/intel-microcode2ucode: FAILED
/sbin/intel-microcode2ucode: FAILED

 

[sparek-3]

There was a microcode update released today for CentOS 6 and CentOS 7.

 

[uk01]

Thanks for confirming, much appreciated. At least this thread is here for anyone else searching now

 

[cPanelLauren]

Thanks for the details on that @sparek-3

@uk01 this really isn't a file cPanel would touch normally as well in the event there is a question about it in the future.

Thanks!

 

[uk01]

Thanks Lauren I guess on this occasion you did touch/change it to ensure all cpanel servers were updated on the os level.
(Aswell as the hypervisor in our case)

 

[sparek-3]

You probably have Operating System Package Updates set to automatic.

I don't really like automatic updates for this very reason... you never know if a file change is due to an update or due to something else.

But on the flip side, if people don't have automatic updates enabled... then they will never update.

So it's a rock and a hard place.

Me personally, I have automatic updates disabled and I get a report every morning telling me what packages have updates... but I also fancy myself an experienced server administrator... so...

 

[rpvw]

@uk01

The email you received is sent by CSF and is as a result of the System Integrity Checking being enabled.

The microcode was updated on your server by upcp calling yum as part of its update and upgrade routines. Yum then gets system and kernel updates from the relevant CentOS or Cloudlinux or whoever, repos that you have configured.

This particular update was issued by CentOS (may then have been provided by whoever supplies your kernel and system files - everything that is NOT cPanel), so not touched directly by cPanel - but rather installed as part of the many routines that upcp performs.

Hope this helps understand a bit more how the updates/upgrades work

 

[uk01]

Thanks both, yes totally clear on that.
I thought it was part of cPanel’s updates due to the time and we often get alerts after the updates.
Just this one relates to the microcode so thought I’d double check.

I like things to be kept as up to date as possible.
We run yum manually as we have to ensure r1soft keep up first!

We adopted the VMware mitigation’s early too, turning off hyperthreading was a hit, however with other updates it seems to have calmed down a lot now.

Thanks again for confirmation from fellow experts

 

[rpvw]

An excellent starting resource to see who's doing what, where and with whom, is the 74 Release Notes - Version 74 Documentation - cPanel Documentation

And look for the links that open the

cPanel-provided
cPanel & WHM version 74 includes the following third-party applications:
Click here to view the full list of third-party applications...
Third-party MISC modules: CentOS, CloudLinux™, or RHEL® 6 or 7, 64-bit architecture...
.

and the

OS-provided
cPanel & WHM uses the following operating system-provided third-party applications:
Click here to view the full list of OS-provided third-party modules...

Note:
We use CentOS servers to generate these lists. The specific version numbers and packages may vary slightly on CloudLinux™ and Red Hat® Enterprise Linux servers.​

Third-party OS applications: CentOS, CloudLinux™, or RHEL® 6 or 7, 64-bit architecture...

 

[sparek-3]

Another good source is the CentOS announcement mailing list:

https://lists.centos.org/mailman/listinfo

They will post when a package update gets published (and it will get delivered to you... sometime... such is the life of mailing lists these days).

Of course, if you are using RHEL then you would need to subscribe to the RHEL counterpart. You're probably using CentOS unless you paid for RHEL, but the same package updates come down from RHEL to CentOS, so it's possible that you are using RHEL.

 

[cPanelLauren]

Thanks for all the clarification @sparek-3 and @rpvw you guys are dead on.

@uk01 I'm glad we could help you get some relief at the very least! I'll go ahead and mark this issue as resolved now.

Thanks, everyone!