Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

cPanel Security Advisor

Discussion in 'Discusión en Español' started by JMGarcía, Feb 8, 2018.

  1. JMGarcía

    JMGarcía Member

    Joined:
    Oct 11, 2016
    Messages:
    11
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Hola,

    Tengo cPanel v68.0.28 con centOS 7.4

    El cPanel Security Advisor me da estos 2 avisos,... he reinciado 10 veces y todavía me salen esos 2 avisos,... ¿alguna solución?

    Gracias.
     
  2. JMGarcía

    JMGarcía Member

    Joined:
    Oct 11, 2016
    Messages:
    11
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Los avisos son estos:

    1 - The system’s core libraries or services have been updated. Reboot the server to ensure the system benefits from these updates.

    2 - The system cannot check the KernelCare promotion preferences: Cannot determine company ID.


    Gracias.
     
  3. cPWilliamL

    cPWilliamL cP Technical Analyst II
    Staff Member

    Joined:
    May 15, 2017
    Messages:
    257
    Likes Received:
    29
    Trophy Points:
    103
    Location:
    America
    cPanel Access Level:
    Root Administrator
    Hi,

    Could you please provide the output of the following commands?
    Code:
    # ls -lahd /var/cpanel/companyid*
    # /usr/local/cpanel/cpkeyclt
    
    Thanks,
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. JMGarcía

    JMGarcía Member

    Joined:
    Oct 11, 2016
    Messages:
    11
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Hi,

    I changed from mpm prefork to worker and now all fine,... Security Advisor only show now:

    Apache vhosts are not segmented or chroot()ed.
    No symlink protection detected

    Thanks.
     
  5. cPWilliamL

    cPWilliamL cP Technical Analyst II
    Staff Member

    Joined:
    May 15, 2017
    Messages:
    257
    Likes Received:
    29
    Trophy Points:
    103
    Location:
    America
    cPanel Access Level:
    Root Administrator
    The warning should also produce advice like below:
    Did you have any specific questions about the recommendations?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. JMGarcía

    JMGarcía Member

    Joined:
    Oct 11, 2016
    Messages:
    11
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    No advice about "Enable “Jail Apache” in the “Tweak Settings” are,...

    and also no advice about:

    The MySQL service is currently configured to listen on all interfaces: (bind-address=*)

    And I don't changed my.cnf or close port 3306,...

    About
    Apache vhosts are not segmented or chroot()ed.
    No symlink protection detected

    I read that it's not fundamental to security and may lower the performance,...

    What's your opinion?

    Thanks.

    Output:

    [root@sv ~]# ls -lahd /var/cpanel/companyid*
    -rw-r--r-- 1 root root 3 Feb 9 16:10 /var/cpanel/companyid
    lrwxrwxrwx 1 root root 3 Feb 9 16:10 /var/cpanel/companyid.fast -> 375
    [root@sv ~]#


    [root@sv ~]# /usr/local/cpanel/cpkeyclt
    Updating cPanel license...Done. Update succeeded.
    Building global cache for cpanel...Done
    [root@sv ~]#
     
    #6 JMGarcía, Feb 9, 2018
    Last edited by a moderator: Feb 9, 2018
  7. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,806
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    If bind-address is set to a non-localhost value and there are no iptables reject/deny rules in place for the MySQL port, then a warning will be issued. Could you let us know the contents of the /etc/my.cnf file on this system?

    Internal case (SWAT-733) open to ensure that specific Security Advisor alert reflects the fact that Mod_Ruid2 is required in order to use the "Jail Apache" option in "WHM >> Tweak Settings".

    We do recommend you protect your system against symlink attacks. We provide a list of available solutions at:

    Symlink Race Condition Protection - EasyApache 4 - cPanel Documentation

    Can you verify if you still see this message? If so, could you open a support ticket using the link in my signature so we can take a closer look?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. JMGarcía

    JMGarcía Member

    Joined:
    Oct 11, 2016
    Messages:
    11
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Hello,

    /etc/my.cnf

    [mysqld]
    log-error=/var/lib/mysql/sv.domain.com.err
    default-storage-engine=MyISAM
    innodb_file_per_table=1
    performance-schema=0
    max_allowed_packet=268435456
    bind-address=127.0.0.1

    Still no message:
    The system cannot check the KernelCare promotion preferences: Cannot determine company ID.

    Another issue in all my KVM VPS with cenOS7.x with Cpanel:
    Always enable SSH Password Authorization Tweak and disable when need connect with SSH,...
    Normally when disable can't connect SSH, need first fix SSH with https://ip:2087/scripts2/doautofixer?autofix=safesshrestart
    and then connect, after when enable again get this error:

    SSH Server...Waiting for “sshd” to start ……Job for sshd.service failed because the control process exited with error code. See "systemctl status sshd.service" and "journalctl -xe" for details.
    …failed.

    Cpanel::Exception::Services::StartError
    Service Status

    Service Error
    (XID 6jfr97) The “sshd” service failed to start.

    Startup Log
    Feb 13 18:02:21 sv.domain.com systemd[1]: Failed to start OpenSSH server daemon.
    Feb 13 18:02:21 sv.domain.com systemd[1]: Unit sshd.service entered failed state.
    Feb 13 18:02:21 sv.domain.com systemd[1]: sshd.service failed.

    Log Messages
    Feb 13 18:02:21 sv sshd[3676]: fatal: Cannot bind any address.
    Feb 13 18:02:21 sv sshd[3676]: error: Bind to port 22 on :: failed: Address already in use.
    Feb 13 18:02:21 sv sshd[3676]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
    Feb 13 18:02:10 sv sshd[3659]: fatal: Cannot bind any address.
    Feb 13 18:02:10 sv sshd[3659]: error: Bind to port 22 on :: failed: Address already in use.

    sshd has failed. Contact your system administrator if the service does not automagically recover.
    ...Done


    but SSH Password Authorization Tweak enabled.
    Not really a problem, fix is easy once you know,...

    Thanks.
     
  9. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,806
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    You should be able to remove that entry and restart MySQL to solve that issue.

    Could you open a support ticket using the link in my signature so we can take a closer look?

    As far as the separate issue with SSH, please open a new thread so we can investigate that separately.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. JMGarcía

    JMGarcía Member

    Joined:
    Oct 11, 2016
    Messages:
    11
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Ticket open ID 9296401

    Thanks.
     
  11. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,806
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    To update, it looks like we were unable to reproduce the same warning messages upon testing.

    Let us know if you have any additional questions.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. JMGarcía

    JMGarcía Member

    Joined:
    Oct 11, 2016
    Messages:
    11
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    I restart server and warning now don't show.

    Thanks.
     
    cPanelMichael likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice