Control Web Panel
WebPanel => Updates => Topic started by: venty on February 21, 2026, 11:08:35 AM
-
Hi,
Please help, today, after I entered the CWP panel, I have two new messages:
[SECURITY ALERT] Unknown/Untrusted file: /usr/lib64/gconv/gconv-modules.cache
and
[SECURITY ALERT] Unauthorized port, for more info run: sh /scripts/cwp_security_audit
The installation is AL 9.7, and there were a lot of updates yesterday.
Please help...
Thanks in advance, and have a nice day!
BR
Venty
-
I have the /usr/lib64/gconv/gconv-modules.cache file on my AlmaLinux 8 servers (28K in size). Seem like a normal harmless cache file. Maybe the recent update attempts to tighten up security, but is generating false positives.
Indeed, look at the new cron job that runs cwp_security_audit:
[root@srv1]# ls -al /etc/cron.daily/cwp_security_audit.sh
-rwxr-xr-x 1 root root 31 Feb 17 18:40 /etc/cron.daily/cwp_security_audit.sh
-
Hi,
thank you very much for the reply..., as far as I can tell, they are fake...
The question is that I deleted them, and today they appeared again, the same two messages. Should I do something?
BR
Venty
-
No, it's a scary false positive. Ignore it and it will go away with the next CWP update when they update the script. Or edit the script (/scripts/cwp_security_audit) directly to remove the stanza that checks for ghost files.
Since I run CWP on an alternate port, that script also generates a warning about unauthorized ports -- but of course it's authorized and listed in
/usr/local/cwpsrv/conf/cwpsrv.conf and /etc/csf/csf.conf. So I had to add my alternate port to the list of allowed ports in that script.
-
Hi,
The installation is AL 9.7, and CWP...
Please, I had until now two messages:
[SECURITY ALERT] Unknown/Untrusted file: /usr/lib64/gconv/gconv-modules.cache
and
[SECURITY ALERT] Unauthorized port, for more info run: sh /scripts/cwp_security_audit
Today, after I entered the CWP panel, I have old and one new message:
[!!! CRITICAL ALERT !!!] Ghost files (deleted but running) found, for more info run: sh /scripts/cwp_security_audit
Thanks in advance, and have a nice day!
BR
Venty
-
False positives. Just ignore. See Sandeep's confirmation here:
https://www.alphagnu.com/topic/621-getting-a-critical-alert-ghost-files-deleted-but-running-found-in-new-cwp-install/
-
Hi,
The installation is AL 9.7, and CWP...
Please, I have had three messages until now:
[SECURITY ALERT] Unknown/Untrusted file: /usr/lib64/gconv/gconv-modules.cache
[SECURITY ALERT] Unauthorized port, for more info run: sh /scripts/cwp_security_audit
[!!! CRITICAL ALERT !!!] Ghost files (deleted but running) found, for more info run: sh /scripts/cwp_security_audit
What was I supposed to do with them :)?
Thanks in advance, and have a nice day!
BR
Venty
-
You can use a patched version of the security audit script that doesn't flag false positives:
https://www.alphagnu.com/topic/625-fixing-false-positive-cwp-security-audit-alerts-on-almalinux-9x/