store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Sun Aug 18, 2019 2:36 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: cPanel MySQL upgrade
Unread postPosted: Thu Apr 11, 2013 7:54 am 
Offline
New Forum User
New Forum User

Joined: Wed Mar 27, 2013 3:48 am
Posts: 1
Location: Finland
As of 11.36 the cPanel has gone to RPM. Now we have MySQL55-server-5.5.30-3 installed. The ossec-server-hids requires mysql-libs 5.5.30-15 which of course configts with the cPanel's MySQL55.

1. Replace the cPanel's MySQL55 with ART 5.5.30-15 so we can get the ossec-server-hids working?
2. If we someway manage to replace the MySQL do we encounter problems with PHP and other packages also?
3. I see that ossec-hids is working even the ossec-server-hids is not installed. Is there however some other issues that I am not aware? Only problem I see is that we don't get the security events in web admin. We get the events in logs and in hourly email so the problem is only small one.

Thank you for any help or insights about this issue with cPanel.


Top
 Profile  
Reply with quote  
 Post subject: Re: cPanel MySQL upgrade
Unread postPosted: Thu Apr 11, 2013 8:07 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 8329
Location: earth
1. That was a very unnecessary change on their part, the rest of us have been happily managing different trees of mysql for more than 10 years now just calling it "mysql-server" (this is the default naming convention). So to answer your question, yes upgrading to the version from the Atomic repo is a great way to clean that up. Especially for those of you that run cloudlinux and make use of it governer. We maintain the latest builds of both Mysql and Mariadb with those patches built in, that means that the atomic version will both be newer than the cloudlinux or cpanel versions, and support more functionality. We then make our updates available back to cloudlinux and cpanel for their builds.

2. No, in fact this is the opposite. One current flaw in the cpanel implementation throws in a library that was deprecated many years ago (libmysql _r) that specifically causes problems with PHP. The redhat branch, which the atomic build is based on is specifically designed to minimize the conflicts caused between applications using different version libraries.

3. Very likely the ossec dbd daemon was affected by issue #2 I just mentioned above with the use of _r libraries.

And lastly, the atomic builds of packages like mysql and php are compiled with specific security flags to help prevent stack or heap based vulnerabilities from leading to exploitation of the system in a non-ASL kernel environment.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group