In Progress CPANEL-41603 - Current EA4 State profile being created every day in Home / Software / EasyApache 4

[PeteS]

Since 9/14 or 9/15, my servers show a new auto generated profile every day.

Example: Current EA4 State at 2022-09-14 00:07:03 -0700 modified for AlmaLinux_8

I can't find anything on this in forums or docs. I'm probably not looking in the correct place, but can anyone point me to information on this?

 

[quietFinn]

I don't know why it happens, but seems we have that occurring in one Centos v7.9 VPS (since October 3rd), NOT in AlmaLinux v8.6 VPS and NOT in any CloudLinux servers.
I believe it started when cPanel was upgraded to v106.0.8.

 

[PeteS]

I don't know why it happens, but seems we have that occurring in one Centos v7.9 VPS (since October 3rd), NOT in AlmaLinux v8.6 VPS and NOT in any CloudLinux servers.
I believe it started when cPanel was upgraded to v106.0.8.

Correct. Only on CentOS 7 servers.

 

[PeteS]

@cPRex This is continuing, day by day. Can we get a cPanel response?

If you set up a test server with CentOS 7.9... and WHM 106.0.8 or better, you should see this too. It adds one each time upcp runs.

 

[cPanelWilliam]

Hello!

We have a case/article that I suspect is related to the issue reported in this thread:

Security Advisor is creating additional EasyApache 4 profiles on CentOS 7 servers

Although the article subject references Security Advisor, this issue is also caused by upcp since the /usr/local/cpanel/scripts/check_security_advice_changes script runs during the nightly cPanel updates, which is responsible for creating the new EasyApache profile. Our developers are actively investigating this issue, however, in the meantime you can ignore or remove the additional profiles.

 

[PeteS]

Hello!

We have a case/article that I suspect is related to the issue reported in this thread:

Security Advisor is creating additional EasyApache 4 profiles on CentOS 7 servers

Although the article subject references Security Advisor, this issue is also caused by upcp since the /usr/local/cpanel/scripts/check_security_advice_changes script runs during the nightly cPanel updates, which is responsible for creating the new EasyApache profile. Our developers are actively investigating this issue, however, in the meantime you can ignore or remove the additional profiles.

Thank you!

Yes, I see that Security Advisor also creates one...

Can you post back here once it is resolved so we can just remove one per server?

 

[cPRex]

Sure thing - I'll post a reply once I have an update!

 

[skyllpro]

Yes. i had the same problem, it first appeared from 8/9/2022 and still going on till now, i also can't find any button to remove it. help me please.

 

[PeteS]

Hello!

We have a case/article that I suspect is related to the issue reported in this thread:

Security Advisor is creating additional EasyApache 4 profiles on CentOS 7 servers

Although the article subject references Security Advisor, this issue is also caused by upcp since the /usr/local/cpanel/scripts/check_security_advice_changes script runs during the nightly cPanel updates, which is responsible for creating the new EasyApache profile. Our developers are actively investigating this issue, however, in the meantime you can ignore or remove the additional profiles.

I see an update (2 days ago) on the article, stating that is has been resolved, but all my servers (106.0.11) still are creating the extra profiles.

When should the fix roll out?

 

[PeteS]

Yes. i had the same problem, it first appeared from 8/9/2022 and still going on till now, i also can't find any button to remove it. help me please.

For now, the magic button is the CLI:

Go here:
# cd /etc/cpanel/ea4/profiles/custom/

Verify number of profiles:
# ls current_state*|wc -l

Remove unwanted profiles:
# rm current_state_at_2022-1* -I

 

[cPanelWilliam]

Hi,

I see an update (2 days ago) on the article, stating that is has been resolved, but all my servers (106.0.11) still are creating the extra profiles.

When should the fix roll out?

The fix for the case isn't dependent on the cPanel version. If you're still experiencing this issue, it's likely that the /scripts/elevate-cpanel script hasn't been updated.

What happens when you try to run /scripts/elevate-cpanel --update on one of the affected servers? If that doesn't update the elevate script, you could try to move it aside and then access security advisor again, which should grab an updated version of the script.

 

[PeteS]

Hi,



The fix for the case isn't dependent on the cPanel version. If you're still experiencing this issue, it's likely that the /scripts/elevate-cpanel script hasn't been updated.

What happens when you try to run /scripts/elevate-cpanel --update on one of the affected servers? If that doesn't update the elevate script, you could try to move it aside and then access security advisor again, which should grab an updated version of the script.

Oops...

# /scripts/elevate-cpanel --update

This script does not recognize the following parameter: --update

Usage:
        /scripts/elevate-cpanel [OPTIONS]

        Optional:
           --start                        Start the convertion process
           --continue                     Continue the convertion: retry the last step
           --check[=BLOCKER_FILE]         Check if your system has any known blockers to upgrade.
           --log                          Show the current elevation log
           --status                       Check the current elevation status
           --clean                        Cleanup scripts and files created by elevate-cpanel

           --skip-elevate-version-check   Skip the check for whether this script is up to date.
           --skip-cpanel-version-check    Skip the check for whether cPanel is up to date.
                                          This option is intended only for testing!

           --help                         Display this documentation.

 

[cPanelWilliam]

Hi,

Did you try moving the /scripts/elevate-cpanel script aside and then opening the Security Advisor? The update option appears to work on my server which suggests you likely have an older version of the script:

[root@10-2-34-188 ~]# /scripts/elevate-cpanel --update
* 09-20:02:20 (363) [INFO] Self-update of script version 2 requested.
* 09-20:02:20 (385) [INFO] Script is up to date.

If that still doesn't resolve the issue I would recommend opening a ticket and referencing the case number (CPANEL-41603) so our team can take a closer look.

 

[PeteS]

Hi,

Did you try moving the /scripts/elevate-cpanel script aside and then opening the Security Advisor? The update option appears to work on my server which suggests you likely have an older version of the script:

[root@10-2-34-188 ~]# /scripts/elevate-cpanel --update
* 09-20:02:20 (363) [INFO] Self-update of script version 2 requested.
* 09-20:02:20 (385) [INFO] Script is up to date.

If that still doesn't resolve the issue I would recommend opening a ticket and referencing the case number (CPANEL-41603) so our team can take a closer look.

Nope. Once your directions didn't match what I was seeing I stopped. (Better safe than sorry, especially with as script that does what this one is designed to do!)

I got it to update to Elevate V2 using Security Advisor. However in Security Advisory, it says "Cpanel::Security::Advisor::Assessors::Elevate 1.00" when it runs. Can you verify what Security Advisor says on your test server? I'm not too worried because it is clearly running V2, since another non-updated server warns that Elevate is out of date, but this one doesn't, and it shows V2 on the CLI version check.

I'll confirm that it no longer creates the extra profiles on next upcp.

----

Side note...

These messages are not very useful:

• One or more enabled YUM repo are currently unsupported. You should disable these repositories and remove packages installed from them before continuing the update. Consider reporting this limitation to Issues · cpanel/elevate
• yum is not stable

I see no mention on the Elevate page on Github as referenced in the "For more information, see the utility’s website" link. Can you point me to documentation for these warnings?

 

[PeteS]

@cPanelWilliam Thank you, the update resolved the issue. (@skyllpro Give this a try to resolve your issue.)

Can you tell me why the earlier version didn't auto-update?

And can you provide access to better docs on Elevate? I would like to use it eventually, but I also feel like it's best to hold off and let it mature. There is a lot of time before cPanel drops support for CentOS. Thoughts?

 

[cPRex]

The docs at cPanel elevate documentation are all we have available at this point.

I don't believe the elevate script updates automatically.

 

[PeteS]

The docs at cPanel elevate documentation are all we have available at this point.

Hence my feeling that holding off is prudent. Thoughts?

I don't believe the elevate script updates automatically.

Well, shouldn't it? I mean it "automagically" installed itself and was added to Security Advisor.

 

[cPRex]

I did poke the team and we are expecting the elevate script to be updated as part of the nightly maintenance on the system.