Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cpanel session log

Discussion in 'Security' started by ottdev, Apr 8, 2017.

  1. ottdev

    ottdev Well-Known Member

    Joined:
    Oct 1, 2013
    Messages:
    76
    Likes Received:
    2
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    End of Feb 2016 this changed - is the length controlled by a setting or it's only being truncated in the log
    Code:
    # grep -m1  "2016-02.*NEW " session_log
    [2016-02-01 01:59:12 -0500] info [cpsrvd] 1.2.3.4 NEW username:qcBosOuRuAGsuhOMTh_ls5E2IrROwx__YM_Bs9J972EP9ZaG7aNJFs2_0OOmoVT5 address=1.2.3.4,app=cpaneld,creator=username,method=handle_form_login,path=form,possessed=0
    
    # grep -m1  "2017.*NEW " session_log
    [2017-01-04 21:18:18 -0500] info [cpsrvd] 1.2.3.4 NEW root:nFYzl15pEU3egiBP address=1.2.3.4,app=whostmgrd,creator=root,method=handle_form_login,path=form,possessed=0
    
     
    #1 ottdev, Apr 8, 2017
    Last edited by a moderator: Apr 8, 2017
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The session name referenced in the log should match what you see in the following directory:

    /var/cpanel/sessions/raw/

    It's not possible to modify how the session name is generated.

    Thank you.
     
  3. ottdev

    ottdev Well-Known Member

    Joined:
    Oct 1, 2013
    Messages:
    76
    Likes Received:
    2
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    What controls the length ? They changed from 64 characters to 16 characters as of Feb 29/2016.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Here's a quote from our UAPI documentation regarding a change to session management in cPanel version 54:

    I believe this is the change you are noticing in the log output you provided.

    Thank you.
     
  5. ottdev

    ottdev Well-Known Member

    Joined:
    Oct 1, 2013
    Messages:
    76
    Likes Received:
    2
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    I am not asking about the frequency of logins (there may be less, I didn't notice) - I understand you mean when a user logged in, it also hooked them up for sql and backups even if they didn't go there. Now it waits until they actually use these functions - so instead of 3 logins, it only creates one initially.

    I understand that - but why did the session length decrease from 64 characters to only 16 - wouldn't 64 charcters be more secure ?

    NEW username:qcBosOuRuAGsuhOMTh_ls5E2IrROwx__YM_Bs9J972EP9ZaG7aNJFs2_0OOmoVT5
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,425
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I don't see the specific case number that references the change, so it's possible that it was changed as part of the Security Tokens functionality included in a previous version. The session name you see in /usr/local/cpanel/logs/session_log doesn't include data that's usable in a web browser or through an external application for authentication. It's the name the corresponds to a file in the /var/cpanel/sessions/raw directory. Thus, it's not considered a security risk because it's not a value that can be used for access to cPanel/WHM/Webmail.

    Here's an example of what you will see if you view the session file in the /var/cpanel/sessions/raw directory:

    Code:
    # cat root:wB0vfgw_V3Ttj0VF
    ip_address=1.2.3.4
    login_theme=cpanel
    origin_as_string=address=1.2.3.4,app=whostmgrd,creator=root,method=handle_form_login,path=form,possessed=0
    user=root
    external_validation_token=2FXf0Qz5KF2eJH4C
    original_ip_address=1.2.3.4
    cp_security_token=/cpsess1234592347
    successful_internal_auth_with_timestamp=1494261947
    pass=2021757500b5754351234531603035673733383336683936383033626268385
    tfa_verified=0
    Notice that the actual security tokens are stored within the session file and do not correspond to the session name that appears in the session log. Thus, whether "wB0vfgw_V3Ttj0VF" in this example is 16-characters or 64-characters should not matter.

    Thank you.
     
Loading...

Share This Page