The check_cpanel_pkgs Script

Valid for versions 102 through the latest version



Last modified: February 20, 2024


The /usr/local/cpanel/scripts/check_cpanel_pkgs script scans every installed cPanel-managed package on your server for problems. This script can also reinstall any affected cPanel & WHM packages to repair them.


To run the /usr/local/cpanel/scripts/check_cpanel_pkgs script nightly, use the Maintenance cPanel RPM Check and Maintenance cPanel RPM Digest Check settings in the Software section of WHM’s Tweak Settings interface (WHM » Home » Server Configuration » Tweak Settings).

Script functions

The /usr/local/cpanel/scripts/check_cpanel_pkgs script performs four basic functions each time that it runs:

  1. Discovers missing packages.
  2. Tracks packages that are out-of-date and need updates.
  3. Checks for any altered packages. Altered packages meet any of the following conditions:
    • Their mode has changed.
    • An MD5 checksum does not exist.
    • They are symlinks, and the file points to the wrong path.
    • They are missing.
  4. Checks whether to uninstall any cPanel-managed package.
  • The /usr/local/cpanel/scripts/check_cpanel_pkgs script runs for a few minutes. If it does not detect any problems, it will not produce any output and exit to the command prompt.
  • The /usr/local/cpanel/scripts/check_cpanel_pkgs script does not check for problems with incorrect file permissions.

Run the script

To run the /usr/local/cpanel/scripts/check_cpanel_pkgs script on the command line, use the following format:

/usr/local/cpanel/scripts/check_cpanel_pkgs [options]


You can use the following options with the /usr/local/cpanel/scripts/check_cpanel_pkgs script:

Options Description
--download-only Downloads any missing packages to the /usr/local/cpanel/tmp/rpm.versions file, then exits.
  • The script downloads a new copy of a package only if the package is missing.
  • If the package already exists, the script lists the package name only and then exits.
--fix Shows any problems and automatically corrects them.
--list-only Lists altered packages and exits.
--long-list Shows the altered packages and files in an easily-parsed format.
--no-broken Installs missing packages and uninstalls unneeded packages. The script does not check for broken packages.
--no-digest Skips file-digest checks. The script does not check for changes to the file contents.
--nodir The script does not read the /var/cpanel/rpm.versions.d directory.
--notify Sends a notification that lists any altered packages. Then, the script describes any actions that the system performed.
--targets Filters packages based on provided targets (comma-delimited).


For example, to use the --fix option, run the following command:

/usr/local/cpanel/scripts/check_cpanel_pkgs --fix

Checks performed

The /usr/local/cpanel/scripts/check_cpanel_pkgs script runs a verification check on all cPanel-managed packages. This checks for changes in the files since their installation. The script does not check configuration and documentation files.


If the output indicates that only Mode or mTime have changed, the script will not report that as an altered package.

The output of the verification check lists the following changes:

Check Description
S File size differs.
M Mode differs. This includes permissions and file type.
5 MD5 sum differs.
D Device major or minor number mismatch.
L readLink(2) path mismatch.
U User ownership differs.
G Group ownership differs.
T mTime differs. mTime refers to the last time the file was modified.
P Capabilities differ.

Additional Documentation