Have You Tried the cPanel Security Advisor?

Infopro

Well-Known Member
May 20, 2003
17,113
507
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
Have you tried the new cPanel Security Advisor? cPanel is planning on adding this as an WHM add-on at some point in the near future, quite possibly even in with 11.40. You can get your hands on it right now, and, have some input to it's ongoing development and usefulness to you, if you're interested.

The original thread announcing this add-on posted by cPanelNick, back in May, is located here:
[11.38] Open source cPanel Security Advisor Addon [ALPHA VERSION] - cPanel Forums

This is coming along quite well and I felt a new thread with a nice screenshot might be helpful. :)

Here's a screenshot from within WHM of the cPanel Security Advisor UI:
cPsecurityadviserSS.jpg

Here's where you can read more about it:
addon_securityadvisor - Security Advisor Addon for cPanel - GitHub

This URL takes you right to the suggestions area for this plug-in on github:
addon_securityadvisor - Security Advisor Addon for cPanel Issues - GitHub
(or feel free to comment on this right here on the forums.)

Installing this is straight forward and easy, using Git. Git is a powerful version control tool cPanel, Inc. uses in house. It's also included with cPanel & WHM and the tool used here to check out the cPanel Security Advisor. Git is also distributed with CentOS/RHEL, but, cPanel has it's own version based on the perl modules that cPanel installs.


To install:
Code:
/usr/local/cpanel/3rdparty/bin/git clone https://github.com/bdraco/addon_securityadvisor.git

cd addon_securityadvisor/pkg

./install
Next, log into WHM and go to the Plugins section on left menu to locate the Security Advisor Tool.

Clicking thru that link will automatically run the cPanel Security Advisor, and the test will only take a moment. Once completed, as seen in the screenshot above, you'll be told whats in good shape and what needs some attention.

It's important to know that each security decision you are making here, is a risk versus reward situation. If you choose to take the risk, it's important to know consequences and to be best prepared. Security is a journey not a destination, so it requires continued vigor. Safety of previous decisions can be made unsafe by a single security advisory.

Please do let us know what you think about this new tool. We very much appreciate your feedback.

Thanks!
 

jimlongo

Well-Known Member
Mar 20, 2008
237
16
68
The plugin installation was easy, and the information appreciated.

2 comments:

1. it kept telling me that I had Frontpage extension installed, when I know my build of easyApache has it off. It wasn't until I removed the rpm that the warning went away.

2. The first recommendation is Apache vhosts are not segmented or chroot()ed.
Enable “Jail Apache” in the “Tweak Settings” area, and change users to jailshell in the “Manage Shell Access” area. Consider a more robust solution by using “CageFS on CloudLinux”
however that selection is greyed out in Tweak Settings and is not available. I guess that's because I don't have mod Ruid2 installed, mostly because it's listed as experimental.

3. Unable to determine kernel version. Ensure that yum and rpm are working on your system. I'm sure they're both installed.

Thanks for any input on #2 and #3.
 
Last edited:

ThinIce

Well-Known Member
Apr 27, 2006
352
9
168
Disillusioned in England
cPanel Access Level
Root Administrator
I guess it's a consequence of them being suspended but currently suspended users are showing up under the "Users running outside of the jail:" check.

On an instance with the kernel outside the VM, the alert "Unable to determine kernel version Ensure that yum and rpm are working on your system" is displayed, the running kernel can however be obtained normally with uname

Same frontpage warning here, I guess due to the rpm having been in place by default even if it's never been used.

And same comment on the apache jails alert as that above - last I remember asking the jury was out on whether this was 'better' and would replace the current default of suphp (I realise we can argue the definition of better ;) )

Edit for clarity
 

jimlongo

Well-Known Member
Mar 20, 2008
237
16
68
And same comment on the apache jails alert as that above - last I remember asking the jury was out on whether this was 'better' and would replace the current default of suphp (I realise we can argue the definition of better ;) )
I was considering enabling mod_ruid2 until I read the this would disable mod_security.
Doesn't seem like a fair tradeoff.
 

ThinIce

Well-Known Member
Apr 27, 2006
352
9
168
Disillusioned in England
cPanel Access Level
Root Administrator
It was this from the mods own page I was most interested in (I realise there is an if/when implicit)

-there are some security issues, for instance if attacker successfully exploits the httpd process, he can set effective capabilities and setuid to root. i recommend to use some security patch in kernel (grsec), or something..
 

Viborahost

Registered
Oct 6, 2013
4
0
1
cPanel Access Level
Root Administrator
Disengage The Building of Experimental Mod_Ruid

I have been testing cpanel 11.40 build 2 and I am not satisfied with the Security Manager Notifications suggestions. This Security Advisor is advising all to install Ruid2 / Mod security shall be obligatory from 11.42 apparently buy yet Cpanel has stated on some forum that Mod2 with Apache DSO / Mod Security is presently unstable at times

I feel that the Advisor would be better off advising the most stable and better tested global feature which would be in my opinion:

Advisor:
Do not install Experimental Ruid2 DSO instead install Mod Security with a SuPhp Exec enviroment as it is better tested and is Stable.

If any newbie where to pay attention to the Security advisor regarding this Ruid2, he or she is quite likely to run into a whole bunch of issues as I have found that just too many bumps along the road when messing around with Ruid2

I am aware that using Ruid2 DSO is what appears to be a much faster enviroment but it most certainly is not a safer enviroment, some examples are the Jailshell issue... This is totally experimental.

The typical issue I personally come accross with the Ruid2 running a DSO envirmoent is that when I go to the website of a newly created account, I immediately get this error saying that Not Allowed to Access this page and I have checked the /public_hrml and have quite sure that index.htm, index.shtml and other indexes do in fact exist.

My experience led me to rebuilding Apache to sql 5.5, php 5.4 making it compatible for an Sup and disengaging Ruid2 of course, as soon as I did that, everything appears to function correctly.

So as far as 11.40 build 2 goes, I will not be listening to much of what the Security Advisor is saying regarding Jailshell for Ruid2 until it is much more stable and tested.

Just my humble opinion
 

ThinIce

Well-Known Member
Apr 27, 2006
352
9
168
Disillusioned in England
cPanel Access Level
Root Administrator
;) Just a thought - could you perhaps develop a / a set of security realated certs on cpanel university? I view this tool as a realisation that whilst every hosting provider should have procedures capable of covering this sort of stuff and dedicated security staff where possible, a lot of the time that just doesn't happen.

I know the problems inherant in doing this and I think a lot of them are probably the same as argued for offering / not offering this tool, but I don't see where the harm would be in using the material from the docs on security to come up with an extra set of questions to quickly bring people up to a base line of some sort and to get them interested in learning more.
 

Demitris

Registered
Feb 19, 2010
3
0
51
Athens, Greece
Hi There,

After upgrade to WHM 11.40 Security Advisor was not there. i install it using the Infopro first post option:

Installing this is straight forward and easy, using Git. Git is a powerful version control tool cPanel, Inc. uses in house. It's also included with cPanel & WHM and the tool used here to check out the cPanel Security Advisor. Git is also distributed with CentOS/RHEL, but, cPanel has it's own version based on the perl modules that cPanel installs.


To install:
Code:
/usr/local/cpanel/3rdparty/bin/git clone https://github.com/bdraco/addon_securityadvisor.git

cd addon_securityadvisor/pkg

./install
Next, log into WHM and go to the Plugins section on left menu to locate the Security Advisor Tool.
But when i go to WHM Plugins i see that is not functional (button "Scan Again" not work).

Clipboard02.png






i try to unistall it using :

Code:
/usr/local/cpanel/3rdparty/bin/addon_securityadvisor/pkg/

./uninstall
but Putty print's me that:


Clipboard01.png



Any Help pls..?
 

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,911
2,233
363
cPanel Access Level
DataCenter Provider
Twitter
Hello :)

Security Advisor is included in cPanel version 11.40. You should not attempt to install it manually. You can find it in Web Host Manager under the "Security Center" menu on the left.

Thank you.
 

Demitris

Registered
Feb 19, 2010
3
0
51
Athens, Greece
Hi Michael,

After i locate where was the addon_securityadvisor folder and i unistall the plugin, i get 404 error both in Security Center, and Plugins menu.

is there any way to fix somehow..?


please look at screens below what i mean:

Clipboard05.jpg Clipboard02.jpg
 

cPanelNick

Administrator
Staff member
Mar 9, 2015
3,488
35
158
cPanel Access Level
DataCenter Provider
Hi Michael,

After i locate where was the addon_securityadvisor folder and i unistall the plugin, i get 404 error both in Security Center, and Plugins menu.

is there any way to fix somehow..?


please look at screens below what i mean:

View attachment 18101 View attachment 18102
Please try
Code:
/scripts/upcp --force
after the removal of the old plugin. This should restore any files the uninstaller may have removed that are needed for the 11.40 version.