The check_cpanel_rpms Script


Overview

The /usr/local/cpanel/scripts/check_cpanel_rpms script scans every installed RedHat® Package Manager (RPM) file on your server for problems. This script can also reinstall any affected RPMs to repair them.

Note:

To run the /usr/local/cpanel/scripts/check_cpanel_rpms script nightly, use the Maintenance cPanel RPM Check and Maintenance cPanel RPM Digest Check settings in the Software section of WHM’s

Tweak Settings interface (WHM >> Home >> Server Configuration >> Tweak Settings).

Script functions

The /usr/local/cpanel/scripts/check_cpanel_rpms script performs four basic functions each time that it runs:

  1. Discovers missing RPMs.
  2. Tracks RPMs that are out-of-date and need updates.
  3. Checks for any altered RPMs. Altered RPMs meet any of the following conditions:
    • Unordered sub-list.
    • Unordered sub-list.
    • Their mode has changed.
    • An MD5 checksum does not exist.
    • They are symlinks, and the file points to the wrong path.
    • They are missing.
  4. Checks whether to uninstall any cPanel-managed RPMs.

The /usr/local/cpanel/scripts/check_cpanel_rpms script does not check for problems with incorrect file permissions. If the /usr/local/cpanel/scripts/check_cpanel_rpms script does not detect any problems, it will not produce any output.

Run the script

To run the /usr/local/cpanel/scripts/check_cpanel_rpms script on the command line, use the following format:

/usr/local/cpanel/scripts/check_cpanel_rpms [options]

Options

You can use the following options with the /usr/local/cpanel/scripts/check_cpanel_rpms script:

Options Description
--download-only Downloads the RPMs and then exits.
--fix Shows any problems and automatically corrects them.
--list-only Lists altered RPMs and then exits.
--long-list Shows the altered RPMs and files in an easily-parsed format.
--no-broken Installs missing RPMs and uninstalls unneeded RPMs. The script will not check for broken RPMs.
--no-digest Performs a size validation.
  • This option will not report altered RPMs.
  • If the script detects an altered RPM, but the file size is identical, this option will not report the change.
  • This option applies the --nodigest and --nomd5 options to the rpm -Vv check.
--nodir The script will not read the /var/cpanel/rpm.versions.d directory.
--notify Sends a notification that lists any altered RPMs. Then, describes any actions that the system performed.
--targets Filters RPMs based on provided targets (comma-delimited).

Example

For example, to use the --fix option, run the following command:

/usr/local/cpanel/scripts/check_cpanel_rpms –fix

Checks performed

The /usr/local/cpanel/scripts/check_cpanel_rpms script runs the rpm -Vv check on all cPanel-managed RPMs. This checks for changes in the files since their installation. The script does not check configuration and documentation files.

Note:

If the output indicates that only Mode or mTime have changed, the script will not report that as an altered RPM.

The output of the rpm -Vv check lists the following changes:

Check Description
S File size differs.
M Mode differs. This includes permissions and file type.
5 MD5 sum differs.
D Device major or minor number mismatch.
L readLink(2) path mismatch.
U User ownership differs.
G Group ownership differs.
T mTime differs.
P Capabilities differ.

Additional Documentation