The check_cpanel_rpms Script

Valid for versions 82 through the latest version



Last modified: December 1, 2022


The /usr/local/cpanel/scripts/check_cpanel_rpms script scans every installed RedHat® Package Manager (RPM) file on your server for problems. This script can also reinstall any affected cPanel & WHM RPMs to repair them.

  • We renamed this script to check_cpanel_pkgs in cPanel & WHM version 100.

  • To run the /usr/local/cpanel/scripts/check_cpanel_rpms script nightly, use the Maintenance cPanel RPM Check and Maintenance cPanel RPM Digest Check settings in the Software section of WHM’s Tweak Settings interface (WHM » Home » Server Configuration » Tweak Settings).

Script functions

The /usr/local/cpanel/scripts/check_cpanel_rpms script performs four basic functions each time that it runs:

  1. Discovers missing RPMs.
  2. Tracks RPMs that are out-of-date and need updates.
  3. Checks for any altered RPMs. Altered RPMs meet any of the following conditions:
    • Unordered sub-list.
    • Unordered sub-list.
    • Their mode has changed.
    • An MD5 checksum does not exist.
    • They are symlinks, and the file points to the wrong path.
    • They are missing.
  4. Checks whether to uninstall any cPanel-managed RPMs.
  • The /usr/local/cpanel/scripts/check_cpanel_rpms script runs for a few minutes. If it does not detect any problems, it will not produce any output and exit to the command prompt.
  • The /usr/local/cpanel/scripts/check_cpanel_rpms script does not check for problems with incorrect file permissions.

Run the script

To run the /usr/local/cpanel/scripts/check_cpanel_rpms script on the command line, use the following format:

/usr/local/cpanel/scripts/check_cpanel_rpms [options]


You can use the following options with the /usr/local/cpanel/scripts/check_cpanel_rpms script:

Options Description
--download-only Downloads any missing packages to the /usr/local/cpanel/tmp/rpm.versions file, then exits.
  • The script downloads a new copy of a package only if the package is missing.
  • If the package already exists, the script lists the package name only and then exits.
--fix Shows any problems and automatically corrects them.
--list-only Lists altered RPMs and then exits.
--long-list Shows the altered RPMs and files in an easily-parsed format.
--no-broken Installs missing RPMs and uninstalls unneeded RPMs. The script will not check for broken RPMs.
--no-digest Performs a size validation.
  • This option will not report altered RPMs.
  • If the script detects an altered RPM, but the file size is identical, this option will not report the change.
  • This option applies the --nodigest and --nomd5 options to the rpm -Vv check.
--nodir The script will not read the /var/cpanel/rpm.versions.d directory.
--notify Sends a notification that lists any altered RPMs. Then, the script describes any actions that the system performed.
--targets Filters RPMs based on provided targets (comma-delimited).


For example, to use the --fix option, run the following command:

/usr/local/cpanel/scripts/check_cpanel_rpms --fix

Checks performed

The /usr/local/cpanel/scripts/check_cpanel_rpms script runs the rpm -Vv check on all cPanel-managed RPMs. This checks for changes in the files since their installation. The script does not check configuration and documentation files.


If the output indicates that only Mode or mTime have changed, the script will not report that as an altered RPM.

The output of the rpm -Vv check lists the following changes:

Check Description
S File size differs.
M Mode differs. This includes permissions and file type.
5 MD5 sum differs.
D Device major or minor number mismatch.
L readLink(2) path mismatch.
U User ownership differs.
G Group ownership differs.
T mTime differs. mTime refers to the last time the file was modified.
P Capabilities differ.

Additional Documentation