[11.38] Open source cPanel Security Advisor Addon [ALPHA VERSION]

cPanelNick

Administrator
Staff member
Mar 9, 2015
3,488
35
158
cPanel Access Level
DataCenter Provider
This is a pre-release alpha version that is not intended for general use and has only been tested on 11.38.

https://github.com/cpanelinc/addon_securityadvisor

We would appreciate any preliminary feedback.

https://raw.github.com/CpanelInc/addon_securityadvisor/master/LICENSE


Screen Shot 2013-05-23 at 6.02.14 PM.png


A few design goals for this project:

1) Collect feedback on what security items we can enable by default without causing problems.
2) Provide a way for cPanel to directly provide advice on how to secure your server on a single page.
3) Highlight new security features as they are added to cPanel/WHM.
4) Provide the system under a permissive open source license so anyone can use/expand it.
5) Integrate this into WHM once it has moves from alpha -> beta -> in.
 

chrismfz

Well-Known Member
Jul 4, 2007
125
1
68
Greece
cPanel Access Level
DataCenter Provider
/etc/shadow has non default permissions. Expected: 0600, Actual: 0200.
Review the permissions on /etc/shadow to ensure they are safe

I believe 0200 is OK too.

A newer kernel is installed, however the system has not been rebooted. running: 2.6.32-458.6.2.lve1.2.30.el6.x86_64.debug, installed: 2.6.32-458.6.2.lve1.2.30.el6

Actually is the same kernel. It should strip/ignore ".debug" like it does for arch.
 

inthukha

Well-Known Member
Jul 17, 2013
61
0
6
cPanel Access Level
Root Administrator
Hi Nick,

Its really a great script and idea. i will use this soon once the qualified admins using it and it will going in the gamma.
 

jazz1611

Well-Known Member
Jun 5, 2012
82
0
56
cPanel Access Level
Root Administrator
I uninstalled Security Advisor Plugin and deleted everything related to it. But it still show on tables Plugin on WHM. You can see it on picture. Now how can i resolve it?

/http://i.imgur.com/vPxwim3.png
 

jimlongo

Well-Known Member
Mar 20, 2008
237
16
68
Is this currently supposed to do anything? I installed it and it simply shows a button for "scan again?"

Also, the update instructions don't seem to work -
I have it installed on 3 servers and it worked as advertised . . . on 1 of them it has in the last few days stopped doing anything other than what is described above. Maybe since 11.40 - but all 3 servers are 11.40.06

Screen Shot 2013-10-13 at 1.20.32 PM.png
 
Last edited:

lbeachmike

Well-Known Member
Dec 27, 2001
306
1
316
Long Beach, NY
cPanel Access Level
Root Administrator
I have it installed on 3 servers and it worked as advertised . . . on 1 of them it has in the last few days stopped doing anything other than what is described above. Maybe since 11.40 - but all 3 servers are 11.40.06

View attachment 17511
Okay, disappointed to never have received a response to my post (until now) - so I'll share my own findings -

1. The update instructions for the alpha version don't work as stated above
2. The plug-in, and the 11.40 release version, do not work on Vista IE 9.0 - this was reproduced by cpanel with a bug report filed
3. The 11.40 release (and probably the plug-in) incorrectly identify suspended accounts as having full shell access - bug report filed
4. The 11.40 release doesn't work with the plug-in still in place, so the plug-in requires removal in order for the release version to function properly - per my support ticket, here were the steps taken to move the plug-in out of the way -

Code:
mv /root/scripts/addon_securityadvisor/pkg/cgi/addon_securityadvisor.cgi /root/scripts/addon_securityadvisor/pkg/cgi/addon_securityadvisor.cgi.bak
/usr/local/cpanel/bin/unregister_appconfig /root/scripts/addon_securityadvisor/pkg/appconfig/securityadvisor.conf
mv /root/scripts/addon_securityadvisor/pkg/appconfig/securityadvisor.conf /root/scripts/addon_securityadvisor/pkg/appconfig/securityadvisor.conf.bak
mv /var/cpanel/addons/securityadvisor /var/cpanel/addons/securityadvisor.bak
mv /usr/local/cpanel/whostmgr/docroot/cgi/addons/securityadvisor/index.cgi /usr/local/cpanel/whostmgr/docroot/cgi/addons/securityadvisor/index.cgi.bak
I hope this info helps others.

Mike

- - - Updated - - -

By the way, happy to see the security advisor incorporated into WHM. I've got many ideas for useful enhancements. What's in place thus far is very valuable. Hopefully there will be more focus on security going forward. Thanks cpanel!
 

jimlongo

Well-Known Member
Mar 20, 2008
237
16
68
Thanks lbeachmike , that fixed that server.

Curious that the other 2 servers still run 1.03 from either Plugins>Security Advisor OR Security>Security Advisor

In other words didn't need to remove the plugin to have it work in 2 cases out of 3.

ALSO note that the removal instructions you gave did not work for me. The /scripts directory doesn't exist on my server, instead just removing every instance of /scripts worked for me. Perhaps because I wasn't running the alpha but release 1.0

Code:
mv /root/addon_securityadvisor/pkg/cgi/addon_securityadvisor.cgi /root/addon_securityadvisor/pkg/cgi/addon_securityadvisor.cgi.bak
/usr/local/cpanel/bin/unregister_appconfig /root/addon_securityadvisor/pkg/appconfig/securityadvisor.conf
mv /root/addon_securityadvisor/pkg/appconfig/securityadvisor.conf /root/addon_securityadvisor/pkg/appconfig/securityadvisor.conf.bak
mv /var/cpanel/addons/securityadvisor /var/cpanel/addons/securityadvisor.bak
mv /usr/local/cpanel/whostmgr/docroot/cgi/addons/securityadvisor/index.cgi /usr/local/cpanel/whostmgr/docroot/cgi/addons/securityadvisor/index.cgi.bak
Thanks again.
 
Last edited: