SOLVED CPANEL-39815 - Not receiving security advisor notifications

cPSloaneB

Developer I
Staff member
Oct 2, 2012
12
2
128
cPanel Access Level
Root Administrator
@WorkinOnIt, as the root user, if you rename the /var/cpanel/security_advisor_history.json file to something else and then run /scripts/check_security_advice_changes --notify once again, does it re-issue all, some, or none of the missing notifications you are expecting?
 

WorkinOnIt

Well-Known Member
Aug 3, 2016
258
41
78
UK
cPanel Access Level
Root Administrator
@cPRex

Thank you for your integrity. I have replied to the ticket to see what they say about a partial refund - although to be honest, the money is not really the issue (although when refunds are involved it does sharpen the focus somewhat, so that might help ;-)

Did you hear anything from your colleagues following the meeting?

I've just discovered another kernel update is ready in the manual security scan (of course, once again, no notification received !)
 

WorkinOnIt

Well-Known Member
Aug 3, 2016
258
41
78
UK
cPanel Access Level
Root Administrator
@WorkinOnIt, as the root user, if you rename the /var/cpanel/security_advisor_history.json file to something else and then run /scripts/check_security_advice_changes --notify once again, does it re-issue all, some, or none of the missing notifications you are expecting?
Thank you @cPSloaneB - yes, that actually worked! I also received the email notification o_O I updated on four servers and they all responded the same.

Of course, it remains to be seen if this will fix future auto-generated notices - I guess will have to wait and see if I still receive the email the next time there are new security advisor notifications ? Do you think this is now fixed - or does this need further steps?

I have no idea why renaming that file fixed it - would you care to explain further?
 
Last edited:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
10,360
1,629
363
cPanel Access Level
Root Administrator
Deleting the history file and forcing the run to happen again forces all notifications to be sent again.

I did talk with the development team about this earlier this week, and there is work actively happening on the issue now.
 

cPSloaneB

Developer I
Staff member
Oct 2, 2012
12
2
128
cPanel Access Level
Root Administrator
Of course, it remains to be seen if this will fix future auto-generated notices - I guess will have to wait and see if I still receive the email the next time there are new security advisor notifications ? Do you think this is now fixed - or does this need further steps?

I have no idea why renaming that file fixed it - would you care to explain further?
This by itself will not fix future notifications, unless the file is removed again continually. The Security Advisor currently remembers the internal names of each advice item, a hash of the text of the advice, and the severity of the item in that file, and it carries over this information across runs of the script. Unless the severity of the item was increased since the script last saw the item, it will not issue the same notification twice. Removing the history file makes the script forget about all previous notifications, which may work for you but would be too noisy for other users. (In principle, removing just the information pertaining to the notification you expect to be re-issued will also work.)

At this time, I have submitted a fix which changes this behavior so that the history file only remembers the notices which appeared the last time the script ran. This way, it should notify whenever the state of the item degrades since the last notification; if it stays the same, improves, or disappears, then this should still not trigger a notification, which I am hoping is not too noisy of a policy. Furthermore, it doesn't require changing the data format of the history file.

This change is being targeted for a 104 release. A backport to 102 may be possible, but we would likely want to see whether we get negative feedback for this change in 104, which might make necessary further changes to the kind of data recorded in the history file, so that the Security Advisor could apply more complicated hysteresis to the policy of when to issue notifications.
 
Last edited:

WorkinOnIt

Well-Known Member
Aug 3, 2016
258
41
78
UK
cPanel Access Level
Root Administrator
At this time, I have submitted a fix which changes this behavior so that the history file only remembers the notices which appeared the last time the script ran. This way, it should notify whenever the state of the item degrades since the last notification; if it stays the same, improves, or disappears, then this should still not trigger a notification, which I am hoping is not too noisy of a policy. Furthermore, it doesn't require changing the data format of the history file.

This change is being targeted for a 104 release. A backport to 102 may be possible, but we would likely want to see whether we get negative feedback for this change in 104, which might make necessary further changes to the kind of data recorded in the history file, so that the Security Advisor could apply more complicated hysteresis to the policy of when to issue notifications.
Good one thanks. I am rather surprised that I am the only person who seems to have noticed / reported this matter..... I guess I must be old school !

I think another useful way to handle this is some kind of dashboard notification / flashing icon that says "hey something needs attention!" There is already a notification menu icon in the new layout at top right - I would suggest showing new security state change notices in there would be sensible?
 
Last edited: