When CSF/LFD is installed on a server, it will check the md5sum of the installed packages and then will send out an email that says something similar to this:
The following list of files have FAILED the md5sum comparison test. This means that the file has been changed in some way. This could be a result of an OS update or application upgrade. If the change is unexpected it should be investigated:
This generally means that the packages were changed or updated by the server and when CSF/LFD scanned for changes it detected the md5sum has been modified. You can confirm that the packages were updated by checking the yum log which is located in /var/log/yum.log using a grep command similar to this:
grep ea-php56 /var/log/yum.log
If packages relating to the modified files are in the log then the system had updated the files through either the nightly cPanel UPCP process or through yum update.
Sometimes, the yum log may be missing or does not exist on your server. You can use the yum history command to try to see what packages were updated. Some more information on this can be found here:
If the packages are not located on the list as being updated recently, then you may need to reach out to your security department to see how the files were modified.
ConfigServer, the vendor for CSF/LFD, is responsible for errors and user-experience issues with their software. You can contact them for assistance here: