System integrity check ... /usr/bin/cpan

Routes

• August 11, 2016 15:24

Hi, I just did a complete fresh VPS setup / CPanel install and just got the message from security integrity checked that a file has changed, and it is /usr/bin/cpan ... /bin/cpan I downloaded latest version of cpanel the file has a change timestamp of about 2 hours after install, same as cpan-mirrors, MD5 is applied. Anybody had this with cpanel already?? -r-xr-xr-x 1 root root 4288 Aug 11 21:25 cpan-mirrors -r-xr-xr-x 1 root root 8019 Aug 11 21:25 cpan md5sum cpan 4eea975e3f226a334735154556434fe1 cpan Thanks, Routes cannot edit my original post the file timestamp is pretty much install timestamp, I forgot that I made some break between setting up the machine and cpanel install, sorry

• 

  Infopro

  • August 11, 2016 20:36

  just got the message from security integrity checked that a file has changed

  
  Whats the question exactly? Do you have CSF installed and thats what sent the email out?

  0
• 

  Routes

  • August 11, 2016 20:38

  CSF is installed, yes. LFD sent out the message, but I never had that in an install before that /usr/bin/cpan was affected

  0
• 

  cPanelMichael

  • August 14, 2016 23:49

  Hello, Please let us know the output from the following commands and we can verify if the MD5 checksum you provided matches what's on our mirrors:
  arch cat /etc/redhat-release cat /usr/local/cpanel/version
  Thank you.

  0
• 

  Routes

  • August 15, 2016 08:11

  Hi Michael, [root@22951 routes]# arch x86_64 [root@22951 routes]# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) [root@22951 routes]# cat /usr/local/cpanel/version 11.58.0.19 But the Md5sum won't fit for sure. This is a ticket already... and it's a very long ticket until now... The cpan version should be 1.98, it is while installed, but after about 1 hour after a clean install on a completeley clean system (CentOS 7) the cpan binary gets updated from some background process which is not 100% identified at the moment. The cpan version gets then 2.14 but not from a package install but from a rebuild of the binary(the rpm ist still 1.98) The behaviour is reproducible even on a complete rebuild of the box in another container, so malware is 99,99999% impossible. The only thing that is done between the clean install of cpanel and the rebuild of the binary is installation of csf, which is finished already at about 30 minutes BEFORE cpan is rebuilt. I will give some information here when the ticket is answered, it is deposed at some specialist team at the moment. Thanks, Thomas

  0
• 

  cPanelMichael

  • August 22, 2016 16:59

  I will give some information here when the ticket is answered, it is deposed at some specialist team at the moment.

  
  Could you post the ticket number here so we can update this thread with the outcome? Thank you.

  0

Please sign in to leave a comment.