Symptoms
When CSF/LFD is installed on a server, it will send an email saying something similar to the following.
The following list of files have FAILED the md5sum comparison test. This means that the file has been changed in some way. This could be a result of an OS update or application upgrade. If the change is unexpected it should be investigated:
Please note that cPanel doesn't develop or provide support for CSF/LFD. ConfigServer, the vendor for CSF/LFD, is responsible for errors and user-experience issues with their software.
Description
CSF/LFD sends the emails when it checks the md5sum of the installed packages and finds that they have been changed from what it thinks they should be. This generally means that the server changed or updated the packages, and the email may be ignored.
Workaround
- Access the server's command line as the 'root' user via SSH or "Terminal" in WHM.
- Check the package manager log for the modified package.
- RHEL 7-based servers
grep $packagename /var/log/yum.log
- RHEL 8/9-based servers
grep $packagename /var/log/dnf.log
- Ubuntu
grep $packagename /var/log/apt/history.log
- RHEL 7-based servers
- If the package is not found in the log, you may need to reach out to your security department to see how the files were modified.