WHM API Questions

[coursevector]

I'm working on a script to auto-configure my cPanel installations and I'm finding the API lacking in places and hard to dig through in others. So thought I would just ask and see if someone could point me in the right direction. Below are some of the WHM configuration sections I was unable to find equivalents in the API. Do they exist under a different name maybe?

Server Configuration -> Initial Quota Setup: Where is there the script that WHM runs so I could run it manually?
Security Center -> Apache mod_userdir Tweak: This one I kinda understand as the EasyApache profile must have the module available to enable this. But is there was script or option to enable this IF the module exists? Or just how to do this in general?
Security Center -> Compiler Access: Couldn't find any API to enable/disable this
Security Center -> Manage External Authentications: I would like to disable any authentications enabled by default. I recall a few versions back, cPanel was being enabled by default but not anymore. But I don't want to assume that will remain the case.
Security Center -> Security Advisor: I just want to know where the script is to install the Free Symlink Patch. This is the only way I know how to get to it.
Service Configuration -> Apache Configuration:Log Rotation: Couldn't find any API to enable/disable this
Service Configuration -> cPanel Log Rotation Configuration: Couldn't find any API to enable/disable this
Service Configuration -> Exim Configuration Manager:Advanced Editor: Safer to do manually
cPanel -> Customization:Customize Branding: Couldn't find any API to set the logo used. I see where you can REMOVE the logo, but not set it. I see that the files are stored in /var/cpanel/customizations/brand , could I just save images there and it would be picked up automatically? ( WHM API 1 Functions - load_style - Developer Documentation - cPanel Documentation WHM API 1 Functions - remove_logo - Developer Documentation - cPanel Documentation WHM API 1 Functions - save_style - Developer Documentation - cPanel Documentation )
Software -> Manage cPAddons Site Software: Couldn't find any API to enable/disable these. I'd like to enable WordPress and disable anything else
Software -> Manage Plugins: Couldn't find any API to enable/disable these. Just want to disable any enabled plugins.

finally the confusing one:
Service Configuration -> Apache Configuration:Global Configuration
( Global Configuration - Version 84 Documentation - cPanel Documentation Advanced Apache Configuration - EasyApache 4 - cPanel Documentation )
The server stores the configuration of your Apache web server in the /etc/cpanel/ea4/ea4.conf file. This file replaced the /var/cpanel/conf/apache/local and /var/cpanel/conf/apache/main files. So if I just manually edited the ea4.conf file, would that reflect on the Global Configuration screen? I already use a custom previrtualhost.conf file, would it be better just to put all my changes in there assuming it will override the global?

Thanks again for whoever takes the time to answer this for me!

 

[cPanelLauren]

The cpconftool script will do quite a few of these if you're pulling the configuration from a specific server to be identical to the rest: The cpconftool Script | cPanel & WHM Documentation

For quotas the script is /scripts/initquotas

For the Security Center items, I don't think there's an easy way to set these but I will try to look into it further for you and see what I can find.


For any of these you'd want to create a script that runs on the server if you want to automate them after installation.

 

[coursevector]

@cPanelLauren

I am currently working on a script to automate all of this which is why I've been delving in to the API to the degree I have. (i actually found and reported a bug in the api recently) I did look at the cpconftool, but it only migrates about 60% of the settings available and while our servers are very similar it's only about 95%. So a custom script is where i'm at at this point. It configures bash, ssh, mysql, dovecot, modsec, let's encrypt plugin, csf, cmc, prometheus, adds postmaster global alias, then goes through pretty much every screen in WHM. The items I listed in the original post are the items I couldn't find an equivalent API of in WHM.

Thanks for the info on the initquotas script, i look forward to what you are able to dig up!

 

[cPanelLauren]

Security Center -> Apache mod_userdir Tweak: This one I kinda understand as the EasyApache profile must have the module available to enable this. But is there was script or option to enable this IF the module exists? Or just how to do this in general?

This would be able to be done with the cpconftool script I believe - it should move over your EA4 profiles (i.e., you can restore to the server whatever profile you want set)

Security Center -> Compiler Access: Couldn't find any API to enable/disable this

There's no API for this but the bash command for it in your script would probably be pretty simple after looking at the documentation here: Compiler Access | cPanel & WHM Documentation

How does this feature work?
When compiler access is enabled (default), the /usr/bin/gcc file has the following permissions:

• Permissions — -rwxr-xr-x
• User — root
• Group — root

When you disable compiler access, cPanel changes the permissions of the /usr/bin/gcc file to:

• Permissions — -rwxr-x---
• User — root
• Group — compiler

The compiler group contains the cpanel user and any users that you add to the Allow specific users to use the compilers menu.

Security Center -> Manage External Authentications: I would like to disable any authentications enabled by default. I recall a few versions back, cPanel was being enabled by default but not anymore. But I don't want to assume that will remain the case.

I think these will do what you're looking for?

WHM API 1 Functions - disable_authentication_provider - Developer Documentation - cPanel Documentation

documentation.cpanel.net

WHM API 1 Functions - twofactorauth_disable_policy - Developer Documentation - cPanel Documentation

documentation.cpanel.net

Security Center -> Security Advisor: I just want to know where the script is to install the Free Symlink Patch. This is the only way I know how to get to it.

This is done with the following:

curl -s https://repo.cloudlinux.com/kernelcare/kernelcare_install.sh | bash

then:

kcarectl --set-patch-type free --update

cPanel -> Customization:Customize Branding: Couldn't find any API to set the logo used. I see where you can REMOVE the logo, but not set it. I see that the files are stored in /var/cpanel/customizations/brand , could I just save images there and it would be picked up automatically? ( WHM API 1 Functions - load_style - Developer Documentation - cPanel Documentation WHM API 1 Functions - remove_logo - Developer Documentation - cPanel Documentation WHM API 1 Functions - save_style - Developer Documentation - cPanel Documentation )

For this, I think you'd have to just add the files in the correct path - they're all listed here: Guide to cPanel Interface Customization - Branding - Developer Documentation - cPanel Documentation

 

[coursevector]

@cPanelLauren

For the compiler access I did see that in the documentation but I wasn't sure that's ALL it did. In some testing I found it did one more thing than it said in the documentation.
The documentation says it only modifies "/usr/bin/gcc" when in fact it also changes "/usr/bin/x86_64-redhat-linux-gcc". So i wasn't confident there weren't other changes at that point. Could you confirm?

All that is left then is some guidance on:
Service Configuration -> Apache Configuration:Log Rotation: Couldn't find any API to enable/disable this
Service Configuration -> cPanel Log Rotation Configuration: Couldn't find any API to enable/disable this
Software -> Manage cPAddons Site Software: Couldn't find any API to enable/disable these. I'd like to enable WordPress and disable anything else
Software -> Manage Plugins: Couldn't find any API to enable/disable these. Just want to disable any enabled plugins.

All other items i was able to work in thanks to your help.

 

[cPanelLauren]

Hello,

Service Configuration -> Apache Configuration:Log Rotation: Couldn't find any API to enable/disable this
Service Configuration -> cPanel Log Rotation Configuration: Couldn't find any API to enable/disable this

This is controlled by cpanellogd and there's no API to configure that. All the selected rotateable logs are located in /var/cpanel/log_rotation/

You can enable/disable cpanellogd with WHM API 1 Functions - configureservice - Developer Documentation - cPanel Documentation

For the site software specific stuff:

Software -> Manage cPAddons Site Software: Couldn't find any API to enable/disable these. I'd like to enable WordPress and disable anything else

We make use of the WordPress Manager feature now in cPanel accounts, so this should be able to be enabled by ensuring the plugin is enabled in the feature manager Wordpress (cPanel) and Wordpress Manager.

Software -> Manage Plugins: Couldn't find any API to enable/disable these. Just want to disable any enabled plugins.

This is the only one I can't give you anything on, due to the varying nature of plugins there's nothing present to enable/disable plugins. They'd all have to be added/removed in accordance with Guide to WHM Plugins - Developer Documentation - cPanel Documentation

There are the scripts to install a plugin and uninstall a plugin:

[root@server log_rotation]# ls -lah /scripts/ |grep -i plugin
-rwxr-xr-x  1 root root  2.6K Jun 26  2018 install_plugin
-rwxr-xr-x  1 root root  2.7K Jun 26  2018 uninstall_plugin

As well as the ones to register one:

[root@server log_rotation]# ls -lah /usr/local/cpanel/bin/ |grep -i plugin
-rwx------  1 root    root     2.1M Jan  7 05:17 refresh_plugin_cache
-rwxr-xr-x  1 root    root     7.5K Nov 26 05:17 register_cpanelplugin
-rwxr-xr-x  1 root    root     4.5K Nov 26 05:17 unregister_cpanelplugin

 

[coursevector]

@cPanelLauren

Thanks for the information, could you confirm about the Compiler Access comments I had earlier?

Also good to know about the WordPress plugin, I'll just handle that through the feature manager. That's much easier to configure!

Finally, for the log rotation could you confirm how it works exactly? From what I looked at, it scans for all the *_log *.log files in /usr/local/cpanel/logs/ and create symlinks
for them in /var/cpanel/log_rotation/ . I could do that easy enough if that's all it's looking for. For example, would just adding a symlink called cp_%FILE_NAME%.cpanellogd work? No other settings need to be changed?

 

[sparek-3]

It looks like that /usr/bin/gcc and /usr/bin/x86_64-redhat-linux-gcc are the same file - they share the same inode (at least on my system) so they are hard links.

Verify this by:

ls -ail /usr/bin/x86_64-redhat-linux-gcc /usr/bin/gcc

The inode for the files will be the first column.

 

[coursevector]

@cPanelLauren

Regarding the compilers, I made another discovery. I think it's checking for all binaries that are part of the "compiler" user group

find /usr/bin -group compiler

Can you confirm?

 

[sparek-3]

Now, that's a good catch.

And kind of underscores the whole "cPanel (or cPanel documentation) says one thing and does something else"

cPanel has made great strides with their API for the command line... but it still lacks quite a bit.

In a lot of ways, I see cPanel being a lot like Windows. To do the simpliest of tasks you still have to load up some type of GUI and click a button. Nothing is meant to be automated. This is fine when you have one server or one PC. But if you have 50... logging into each WHM is a pain. But cPanel mostly ceded to being the goto management tool for small webhosts that just operate a single or handful of servers. This spreads them out more. 50 cPanel licenses from 1 company or 1 license from 50 different companies makes no difference to them. It's less likely 50 different companies will get mad at them and pull out, but it's at least plausible that 1 company could get mad enough and pull all 50 of their licenses.

[/rant]

 

[cPanelLauren]

@coursevector

I need to look further into this and see if I can replicate it. I'll get you more information as soon as possible.

Now, that's a good catch.

I agree, this is a good catch and I need to investigate it further. If the docs are incorrect, they need to get changed or if the call is functioning differently than the intended behavior it needs to get fixed.

cPanel has made great strides with their API for the command line... but it still lacks quite a bit.

Though this wasn't an API call being noted with this specific issue, I agree with you. In fact, I think a lot of us here would agree with you as well, I know there is a team currently performing a complete overhaul of our API - they're doing a fantastic job, starting with the removal of cpapi1/2 - it's not a quick process though.

logging into each WHM is a pain. But cPanel mostly ceded to being the goto management tool for small webhosts that just operate a single or handful of servers. This spreads them out more. 50 cPanel licenses from 1 company or 1 license from 50 different companies makes no difference to them. It's less likely 50 different companies will get mad at them and pull out, but it's at least plausible that 1 company could get mad enough and pull all 50 of their licenses.

I believe we're actually looking at something that would facilitate this - a central hub for all your servers so to speak. At the very least I've heard it discussed as something that is a needed feature. The configuration cluster was the start but progress on that line did idle. I know the moving to the node approach (mail node, DNS node, etc.) is a step in this direction as well.

 

[sparek-3]

I believe we're actually looking at something that would facilitate this - a central hub for all your servers so to speak. At the very least I've heard it discussed as something that is a needed feature. The configuration cluster was the start but progress on that line did idle. I know the moving to the node approach (mail node, DNS node, etc.) is a step in this direction as well.

I would actually just prefer being able to do everything you can in the WHM via the command-line. That's my 2 cents on the matter.

Instead of focusing on a cluster, offload this to terminal level commands - it's easy enough to send a terminal command to 50 servers with a push of a button. And then this way I'm able to further configure this... what if I only want a certain command to happen on 45 of the 50 servers? I can specify those 45 servers instead of the 50.

I'm mostly anti-GUI... although I realize you'll never be able to get rid of it completely. But every function in the WHM has an underlying command sequence that can be run on the server. Running that sequence is often faster than loading through a GUI.

I grew up in the dialup era. I remember managing servers while on a dialup connection. This began my disdain for GUIs. Taking 5 minutes to load up a GUI just to click a button, when I could do the same thing in 30 seconds with an SSH command.

... but... this may be veering this topic off-course. Feel free to split this discussion into it's own thread, although I don't know if I have much more to add to this.

 

[coursevector]

@sparek-3
I disagree, a well design GUI can be leaps and bounds easier to understand than a terminal interface. Not to say that terminal doesn't have it's places though. What I would see ideal is that every feature in WHM is actually using an available API. That way no feature you see in WHM could not be automated as well.

As for a central hub, I would really welcome that idea. I've been in the process of cobbling scripts and software to automate commands to dozens of servers already. If this was built in, it would be easier and would allow me to focus on my customers.

 

[coursevector]

We make use of the WordPress Manager feature now in cPanel accounts, so this should be able to be enabled by ensuring the plugin is enabled in the feature manager Wordpress (cPanel) and Wordpress Manager.

I took your word for it and removed the cPaddon for this and something went haywire. I no longer any any cPaddons listed and the WordPress Manager is missing from the feature list. I thought that i didn't need the cPaddon anymore and could only rely on the Feature List. I'll probably be opening a support ticket on this but wanted to update the ticket.

 

[cPanelLauren]

I took your word for it and removed the cPaddon for this and something went haywire. I no longer any any cPaddons listed and the WordPress Manager is missing from the feature list. I thought that i didn't need the cPaddon anymore and could only rely on the Feature List. I'll probably be opening a support ticket on this but wanted to update the ticket.

I am sorry if my response came through as you don't need cPaddons anymore, my point was just that it's not called that in the feature manager anymore, it's called Wordpress (cPanel) and Wordpress

If you removed the cPaddon for Wordpress you should be able re-add it and feature list should show it as an option again.

 

[cPanelLauren]

@coursevector

In regard to the compiler access question you had. The following compilers are present on the system:

[root@server bin]# ls -lah grep compiler
-rwxr-x---   4 root compiler 755K Aug  6 11:52 c++
-rwxr-x---   1 root compiler  224 Aug  6 11:52 c89
-rwxr-x---   1 root compiler  215 Aug  6 11:52 c99
-rwxr-x---   4 root compiler 755K Aug  6 11:52 g++
-rwxr-x---   2 root compiler 751K Aug  6 11:52 gcc
-rwxr-x---   1 root compiler 983K Oct 18 11:14 ld.bfd
-rwxr-x---   4 root compiler 755K Aug  6 11:52 x86_64-redhat-linux-c++
-rwxr-x---   4 root compiler 755K Aug  6 11:52 x86_64-redhat-linux-g++
-rwxr-x---   2 root compiler 751K Aug  6 11:52 x86_64-redhat-linux-gcc

When you enable/disable compiler access all of these compilers will be modified


There are more but this includes the x86_64-redhat-linux-gcc you were seeing modified and explains why.

 

[coursevector]

@cPanelLauren

So it does modify anything with the compiler usergroup then, good to know. I'd suggest updating the documentation as that isn't very clear. Thanks!

Also an update on the cPaddon. I had a weird quirk where i was unable to add it back in (the option was gone from the site software page). cpanel support did look today and it was back miraculously, so i dunno what happened but it's back and I'm good to re-enable WordPress again.

 

[cPanelLauren]

Hello,

But, modifying that file should do that...you modify /usr/bin/gcc and the rest of the compiler's are modified:

I'll use the redhat ones as an example:

[root@server bin]# stat /usr/bin/x86_64-redhat-linux-*
  File: ‘/usr/bin/x86_64-redhat-linux-c++’
  Size: 772744        Blocks: 1512       IO Block: 4096   regular file
Device: fd01h/64769d    Inode: 926714      Links: 4
Access: (0750/-rwxr-x---)  Uid: (    0/    root)   Gid: (  983/compiler)
Access: 2020-01-21 14:18:44.595719455 -0600
Modify: 2019-08-06 11:52:56.000000000 -0500
Change: 2020-01-21 13:53:55.249725782 -0600
 Birth: -
  File: ‘/usr/bin/x86_64-redhat-linux-g++’
  Size: 772744        Blocks: 1512       IO Block: 4096   regular file
Device: fd01h/64769d    Inode: 926714      Links: 4
Access: (0750/-rwxr-x---)  Uid: (    0/    root)   Gid: (  983/compiler)
Access: 2020-01-21 14:18:44.595719455 -0600
Modify: 2019-08-06 11:52:56.000000000 -0500
Change: 2020-01-21 13:53:55.249725782 -0600
 Birth: -
  File: ‘/usr/bin/x86_64-redhat-linux-gcc’
  Size: 768648        Blocks: 1504       IO Block: 4096   regular file
Device: fd01h/64769d    Inode: 926430      Links: 2
Access: (0750/-rwxr-x---)  Uid: (    0/    root)   Gid: (  983/compiler)
Access: 2020-01-21 13:58:10.989594657 -0600
Modify: 2019-08-06 11:52:56.000000000 -0500
Change: 2020-01-21 13:53:55.249725782 -0600
 Birth: -

My compiler access was disabled so here I'm enabling it:

[root@server bin]# chmod 755 /usr/bin/gcc && chown root:root /usr/bin/gcc

[root@server bin]# stat /usr/bin/x86_64-redhat-linux-*
  File: ‘/usr/bin/x86_64-redhat-linux-c++’
  Size: 772744        Blocks: 1512       IO Block: 4096   regular file
Device: fd01h/64769d    Inode: 926714      Links: 4
Access: (0750/-rwxr-x---)  Uid: (    0/    root)   Gid: (  983/compiler)
Access: 2020-01-21 14:18:44.595719455 -0600
Modify: 2019-08-06 11:52:56.000000000 -0500
Change: 2020-01-21 13:53:55.249725782 -0600
 Birth: -
  File: ‘/usr/bin/x86_64-redhat-linux-g++’
  Size: 772744        Blocks: 1512       IO Block: 4096   regular file
Device: fd01h/64769d    Inode: 926714      Links: 4
Access: (0750/-rwxr-x---)  Uid: (    0/    root)   Gid: (  983/compiler)
Access: 2020-01-21 14:18:44.595719455 -0600
Modify: 2019-08-06 11:52:56.000000000 -0500
Change: 2020-01-21 13:53:55.249725782 -0600
 Birth: -
  File: ‘/usr/bin/x86_64-redhat-linux-gcc’
  Size: 768648        Blocks: 1504       IO Block: 4096   regular file
Device: fd01h/64769d    Inode: 926430      Links: 2
Access: (0755/-rwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2020-01-21 13:58:10.989594657 -0600
Modify: 2019-08-06 11:52:56.000000000 -0500
Change: 2020-01-21 14:43:42.301871366 -0600
 Birth: -

As you can see they're all changed after I modified the permissions/ownership to enable compiler access.

While I hear your recommendation to update the documentation, I don't think that it would be beneficial in this instance to do so as it would cause unnecessary confusion. You don't have to do anything besides update the permissions/ownership as is stated there in order to update compiler access.

 

[coursevector]

ok, thanks for looking into this all!

 

[cPanelLauren]

Of course! And if you're willing to share it - I'd love to see this script when you're done with it (pending you've removed any identifying information)