cPanel MySQL upgrade

Support/Development for MySQL, MariaDB, and other database systems
sunmacet
New Forum User
New Forum User
Posts: 1
Joined: Wed Mar 27, 2013 3:48 am
Location: Finland

cPanel MySQL upgrade

Unread post by sunmacet »

As of 11.36 the cPanel has gone to RPM. Now we have MySQL55-server-5.5.30-3 installed. The ossec-server-hids requires mysql-libs 5.5.30-15 which of course configts with the cPanel's MySQL55.

1. Replace the cPanel's MySQL55 with ART 5.5.30-15 so we can get the ossec-server-hids working?
2. If we someway manage to replace the MySQL do we encounter problems with PHP and other packages also?
3. I see that ossec-hids is working even the ossec-server-hids is not installed. Is there however some other issues that I am not aware? Only problem I see is that we don't get the security events in web admin. We get the events in logs and in hourly email so the problem is only small one.

Thank you for any help or insights about this issue with cPanel.
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: cPanel MySQL upgrade

Unread post by scott »

1. That was a very unnecessary change on their part, the rest of us have been happily managing different trees of mysql for more than 10 years now just calling it "mysql-server" (this is the default naming convention). So to answer your question, yes upgrading to the version from the Atomic repo is a great way to clean that up. Especially for those of you that run cloudlinux and make use of it governer. We maintain the latest builds of both Mysql and Mariadb with those patches built in, that means that the atomic version will both be newer than the cloudlinux or cpanel versions, and support more functionality. We then make our updates available back to cloudlinux and cpanel for their builds.

2. No, in fact this is the opposite. One current flaw in the cpanel implementation throws in a library that was deprecated many years ago (libmysql _r) that specifically causes problems with PHP. The redhat branch, which the atomic build is based on is specifically designed to minimize the conflicts caused between applications using different version libraries.

3. Very likely the ossec dbd daemon was affected by issue #2 I just mentioned above with the use of _r libraries.

And lastly, the atomic builds of packages like mysql and php are compiled with specific security flags to help prevent stack or heap based vulnerabilities from leading to exploitation of the system in a non-ASL kernel environment.
Post Reply