The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Have You Tried the cPanel Security Advisor?

Discussion in 'cPanel Announcements' started by Infopro, Aug 29, 2013.

  1. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Have you tried the new cPanel Security Advisor? cPanel is planning on adding this as an WHM add-on at some point in the near future, quite possibly even in with 11.40. You can get your hands on it right now, and, have some input to it's ongoing development and usefulness to you, if you're interested.

    The original thread announcing this add-on posted by cPanelNick, back in May, is located here:
    [11.38] Open source cPanel Security Advisor Addon [ALPHA VERSION] - cPanel Forums

    This is coming along quite well and I felt a new thread with a nice screenshot might be helpful. :)

    Here's a screenshot from within WHM of the cPanel Security Advisor UI:
    cPsecurityadviserSS.jpg

    Here's where you can read more about it:
    addon_securityadvisor - Security Advisor Addon for cPanel - GitHub

    This URL takes you right to the suggestions area for this plug-in on github:
    addon_securityadvisor - Security Advisor Addon for cPanel Issues - GitHub
    (or feel free to comment on this right here on the forums.)

    Installing this is straight forward and easy, using Git. Git is a powerful version control tool cPanel, Inc. uses in house. It's also included with cPanel & WHM and the tool used here to check out the cPanel Security Advisor. Git is also distributed with CentOS/RHEL, but, cPanel has it's own version based on the perl modules that cPanel installs.


    To install:
    Code:
    /usr/local/cpanel/3rdparty/bin/git clone https://github.com/bdraco/addon_securityadvisor.git
    
    cd addon_securityadvisor/pkg
    
    ./install
    
    Next, log into WHM and go to the Plugins section on left menu to locate the Security Advisor Tool.

    Clicking thru that link will automatically run the cPanel Security Advisor, and the test will only take a moment. Once completed, as seen in the screenshot above, you'll be told whats in good shape and what needs some attention.

    It's important to know that each security decision you are making here, is a risk versus reward situation. If you choose to take the risk, it's important to know consequences and to be best prepared. Security is a journey not a destination, so it requires continued vigor. Safety of previous decisions can be made unsafe by a single security advisory.

    Please do let us know what you think about this new tool. We very much appreciate your feedback.

    Thanks!
     
  2. jimlongo

    jimlongo Well-Known Member

    Joined:
    Mar 20, 2008
    Messages:
    145
    Likes Received:
    2
    Trophy Points:
    18
    The plugin installation was easy, and the information appreciated.

    2 comments:

    1. it kept telling me that I had Frontpage extension installed, when I know my build of easyApache has it off. It wasn't until I removed the rpm that the warning went away.

    2. The first recommendation is Apache vhosts are not segmented or chroot()ed.
    Enable “Jail Apache” in the “Tweak Settings” area, and change users to jailshell in the “Manage Shell Access” area. Consider a more robust solution by using “CageFS on CloudLinux”
    however that selection is greyed out in Tweak Settings and is not available. I guess that's because I don't have mod Ruid2 installed, mostly because it's listed as experimental.

    3. Unable to determine kernel version. Ensure that yum and rpm are working on your system. I'm sure they're both installed.

    Thanks for any input on #2 and #3.
     
    #2 jimlongo, Aug 29, 2013
    Last edited: Aug 29, 2013
  3. ThinIce

    ThinIce Well-Known Member

    Joined:
    Apr 27, 2006
    Messages:
    346
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Disillusioned in England
    cPanel Access Level:
    Root Administrator
    Have been meaning to give this a whirl, can it be fully uninstalled once installed?
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Yes. Not sure how this will work when added to WHM by default though.
    Code:
    /usr/local/cpanel/3rdparty/bin/addon_securityadvisor/pkg/
    
    ./uninstall
    @jimlongo
    #2 - Correct.
    #3 - I can't answer this one, but I'm sure someone will be by who can.
     
  5. kernow

    kernow Well-Known Member

    Joined:
    Jul 23, 2004
    Messages:
    865
    Likes Received:
    9
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    cPanel Security Advisor is very basic, perhaps you could use the CSF security check as a starting point and build on that?
    #3 CL kernel was correctly identified in our test.
     
    #5 kernow, Aug 30, 2013
    Last edited: Aug 30, 2013
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    In the original thread about this, linked at top of post, Nick has outlined the goals of this, which are a bit different than CSF. I asked him the same question myself, prior to that post.

    # 3, same for me here.


    HTH!
     
  7. ThinIce

    ThinIce Well-Known Member

    Joined:
    Apr 27, 2006
    Messages:
    346
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Disillusioned in England
    cPanel Access Level:
    Root Administrator
    I guess it's a consequence of them being suspended but currently suspended users are showing up under the "Users running outside of the jail:" check.

    On an instance with the kernel outside the VM, the alert "Unable to determine kernel version Ensure that yum and rpm are working on your system" is displayed, the running kernel can however be obtained normally with uname

    Same frontpage warning here, I guess due to the rpm having been in place by default even if it's never been used.

    And same comment on the apache jails alert as that above - last I remember asking the jury was out on whether this was 'better' and would replace the current default of suphp (I realise we can argue the definition of better ;) )

    Edit for clarity
     
  8. jimlongo

    jimlongo Well-Known Member

    Joined:
    Mar 20, 2008
    Messages:
    145
    Likes Received:
    2
    Trophy Points:
    18
    I was considering enabling mod_ruid2 until I read the this would disable mod_security.
    Doesn't seem like a fair tradeoff.
     
  9. ThinIce

    ThinIce Well-Known Member

    Joined:
    Apr 27, 2006
    Messages:
    346
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Disillusioned in England
    cPanel Access Level:
    Root Administrator
    It was this from the mods own page I was most interested in (I realise there is an if/when implicit)

     
  10. Viborahost

    Viborahost Registered

    Joined:
    Oct 6, 2013
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Disengage The Building of Experimental Mod_Ruid

    I have been testing cpanel 11.40 build 2 and I am not satisfied with the Security Manager Notifications suggestions. This Security Advisor is advising all to install Ruid2 / Mod security shall be obligatory from 11.42 apparently buy yet Cpanel has stated on some forum that Mod2 with Apache DSO / Mod Security is presently unstable at times

    I feel that the Advisor would be better off advising the most stable and better tested global feature which would be in my opinion:

    Advisor:
    Do not install Experimental Ruid2 DSO instead install Mod Security with a SuPhp Exec enviroment as it is better tested and is Stable.

    If any newbie where to pay attention to the Security advisor regarding this Ruid2, he or she is quite likely to run into a whole bunch of issues as I have found that just too many bumps along the road when messing around with Ruid2

    I am aware that using Ruid2 DSO is what appears to be a much faster enviroment but it most certainly is not a safer enviroment, some examples are the Jailshell issue... This is totally experimental.

    The typical issue I personally come accross with the Ruid2 running a DSO envirmoent is that when I go to the website of a newly created account, I immediately get this error saying that Not Allowed to Access this page and I have checked the /public_hrml and have quite sure that index.htm, index.shtml and other indexes do in fact exist.

    My experience led me to rebuilding Apache to sql 5.5, php 5.4 making it compatible for an Sup and disengaging Ruid2 of course, as soon as I did that, everything appears to function correctly.

    So as far as 11.40 build 2 goes, I will not be listening to much of what the Security Advisor is saying regarding Jailshell for Ruid2 until it is much more stable and tested.

    Just my humble opinion
     
  11. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Re: Disengage The Building of Experimental Mod_Ruid

    I've moved your post into this thread and removed the poll. No need for a poll.
     
  12. dualmonitor

    dualmonitor Active Member

    Joined:
    Dec 3, 2012
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Sweet feature! Thanks for putting the work into something so important!
     
  13. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    As of 11.40 this is now bundled into cPanel, there will no longer be a need to manually install. You should remove the plugin if you had it installed prior to cPanel 11.40.

    11.40 was pushed out to CURRENT, today.
     
  14. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    One small update to my prior comment. It seems the most awesome cPanel Development team has taken care of us by automagically removing this plugin if it finds it on upgrading to 11.40.

    I love those guys. :p
     
  15. ThinIce

    ThinIce Well-Known Member

    Joined:
    Apr 27, 2006
    Messages:
    346
    Likes Received:
    7
    Trophy Points:
    18
    Location:
    Disillusioned in England
    cPanel Access Level:
    Root Administrator
    ;) Just a thought - could you perhaps develop a / a set of security realated certs on cpanel university? I view this tool as a realisation that whilst every hosting provider should have procedures capable of covering this sort of stuff and dedicated security staff where possible, a lot of the time that just doesn't happen.

    I know the problems inherant in doing this and I think a lot of them are probably the same as argued for offering / not offering this tool, but I don't see where the harm would be in using the material from the docs on security to come up with an extra set of questions to quickly bring people up to a base line of some sort and to get them interested in learning more.
     
  16. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  17. Demitris

    Demitris Registered

    Joined:
    Feb 19, 2010
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Athens, Greece
    Hi There,

    After upgrade to WHM 11.40 Security Advisor was not there. i install it using the Infopro first post option:

    But when i go to WHM Plugins i see that is not functional (button "Scan Again" not work).

    Clipboard02.png






    i try to unistall it using :

    Code:
    /usr/local/cpanel/3rdparty/bin/addon_securityadvisor/pkg/
    
    ./uninstall
    but Putty print's me that:


    Clipboard01.png



    Any Help pls..?
     
  18. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Security Advisor is included in cPanel version 11.40. You should not attempt to install it manually. You can find it in Web Host Manager under the "Security Center" menu on the left.

    Thank you.
     
  19. Demitris

    Demitris Registered

    Joined:
    Feb 19, 2010
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Athens, Greece
    Hi Michael,

    After i locate where was the addon_securityadvisor folder and i unistall the plugin, i get 404 error both in Security Center, and Plugins menu.

    is there any way to fix somehow..?


    please look at screens below what i mean:

    Clipboard05.jpg Clipboard02.jpg
     
  20. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    Please try
    Code:
    /scripts/upcp --force
    after the removal of the old plugin. This should restore any files the uninstaller may have removed that are needed for the 11.40 version.
     
Loading...

Share This Page