[11.38] Open source cPanel Security Advisor Addon [ALPHA VERSION]

[cPanelNick]

This is a pre-release alpha version that is not intended for general use and has only been tested on 11.38.

https://github.com/cpanelinc/addon_securityadvisor

We would appreciate any preliminary feedback.

https://raw.github.com/CpanelInc/addon_securityadvisor/master/LICENSE





A few design goals for this project:

1) Collect feedback on what security items we can enable by default without causing problems.
2) Provide a way for cPanel to directly provide advice on how to secure your server on a single page.
3) Highlight new security features as they are added to cPanel/WHM.
4) Provide the system under a permissive open source license so anyone can use/expand it.
5) Integrate this into WHM once it has moves from alpha -> beta -> in.

 

[cPanelNick]

This was updated today. Update instructions are in the README files.

 

[chrismfz]

/etc/shadow has non default permissions. Expected: 0600, Actual: 0200.
Review the permissions on /etc/shadow to ensure they are safe

I believe 0200 is OK too.

A newer kernel is installed, however the system has not been rebooted. running: 2.6.32-458.6.2.lve1.2.30.el6.x86_64.debug, installed: 2.6.32-458.6.2.lve1.2.30.el6

Actually is the same kernel. It should strip/ignore ".debug" like it does for arch.

 

[inthukha]

Hi Nick,

Its really a great script and idea. i will use this soon once the qualified admins using it and it will going in the gamma.

 

[jazz1611]

I uninstalled Security Advisor Plugin and deleted everything related to it. But it still show on tables Plugin on WHM. You can see it on picture. Now how can i resolve it?

/http://i.imgur.com/vPxwim3.png

 

[lbeachmike]

Is this currently supposed to do anything? I installed it and it simply shows a button for "scan again?"

Also, the update instructions don't seem to work -

Update:

cd [WHERE YOU RAN THE INSTALL]

cd addon_securityadvisor

git pull

cd addon_securityadvisor/pkg

./install

 

[jimlongo]

Is this currently supposed to do anything? I installed it and it simply shows a button for "scan again?"

Also, the update instructions don't seem to work -

I have it installed on 3 servers and it worked as advertised . . . on 1 of them it has in the last few days stopped doing anything other than what is described above. Maybe since 11.40 - but all 3 servers are 11.40.06

 

[lbeachmike]

I have it installed on 3 servers and it worked as advertised . . . on 1 of them it has in the last few days stopped doing anything other than what is described above. Maybe since 11.40 - but all 3 servers are 11.40.06

View attachment 17511

Okay, disappointed to never have received a response to my post (until now) - so I'll share my own findings -

1. The update instructions for the alpha version don't work as stated above
2. The plug-in, and the 11.40 release version, do not work on Vista IE 9.0 - this was reproduced by cpanel with a bug report filed
3. The 11.40 release (and probably the plug-in) incorrectly identify suspended accounts as having full shell access - bug report filed
4. The 11.40 release doesn't work with the plug-in still in place, so the plug-in requires removal in order for the release version to function properly - per my support ticket, here were the steps taken to move the plug-in out of the way -

mv /root/scripts/addon_securityadvisor/pkg/cgi/addon_securityadvisor.cgi /root/scripts/addon_securityadvisor/pkg/cgi/addon_securityadvisor.cgi.bak
/usr/local/cpanel/bin/unregister_appconfig /root/scripts/addon_securityadvisor/pkg/appconfig/securityadvisor.conf
mv /root/scripts/addon_securityadvisor/pkg/appconfig/securityadvisor.conf /root/scripts/addon_securityadvisor/pkg/appconfig/securityadvisor.conf.bak
mv /var/cpanel/addons/securityadvisor /var/cpanel/addons/securityadvisor.bak
mv /usr/local/cpanel/whostmgr/docroot/cgi/addons/securityadvisor/index.cgi /usr/local/cpanel/whostmgr/docroot/cgi/addons/securityadvisor/index.cgi.bak

I hope this info helps others.

Mike

- - - Updated - - -

By the way, happy to see the security advisor incorporated into WHM. I've got many ideas for useful enhancements. What's in place thus far is very valuable. Hopefully there will be more focus on security going forward. Thanks cpanel!

 

[jimlongo]

Thanks lbeachmike , that fixed that server.

Curious that the other 2 servers still run 1.03 from either Plugins>Security Advisor OR Security>Security Advisor

In other words didn't need to remove the plugin to have it work in 2 cases out of 3.

ALSO note that the removal instructions you gave did not work for me. The /scripts directory doesn't exist on my server, instead just removing every instance of /scripts worked for me. Perhaps because I wasn't running the alpha but release 1.0

mv /root/addon_securityadvisor/pkg/cgi/addon_securityadvisor.cgi /root/addon_securityadvisor/pkg/cgi/addon_securityadvisor.cgi.bak
/usr/local/cpanel/bin/unregister_appconfig /root/addon_securityadvisor/pkg/appconfig/securityadvisor.conf
mv /root/addon_securityadvisor/pkg/appconfig/securityadvisor.conf /root/addon_securityadvisor/pkg/appconfig/securityadvisor.conf.bak
mv /var/cpanel/addons/securityadvisor /var/cpanel/addons/securityadvisor.bak
mv /usr/local/cpanel/whostmgr/docroot/cgi/addons/securityadvisor/index.cgi /usr/local/cpanel/whostmgr/docroot/cgi/addons/securityadvisor/index.cgi.bak

Thanks again.