You’re welcome for the script work.
- I mentioned this thread in an internal discussion about this topic and wanted to share some notes:
- I updated your earlier post with a link to the updated workaround instructions.
- The SSP repo on cPanel's GitHub is useful if you're interested in examples of how to interact with cPanel & WHM from a script level (it's in Perl, but it's still helpful to read without a Perl background). It's available at:
System Status Probe. Contribute to CpanelInc/SSP development by creating an account on GitHub.
And thank you for those!
• One of the primary goals of this change was to improve the signal-to-noise ratio in cPanel & WHM to avoid confusion from customers that see the successful upcp email notification and are unable to assert the meaning of the log output.
• The existing feature request was mentioned as a good idea, however, it's important to continue to vote and add comments about the value this feature would bring to the product. You can follow updates to this feature request on the feature request website itself.
• The idea of a new "audit log" was mentioned as a potentially better feature to address this feedback. The "audit log" would log every change made on the system by cPanel & WHM (as opposed to just upcp) and would be readily available for viewing from the command line or as part of Contact Manager. If anyone on this thread thinks this is a good idea, open a new feature request for it in the following format and then share the link here:
I’ll add my thoughts here, but if there is somewhere else you think I should add them too, I can do that as well. (Open a new topic for this discussion alone?)
Trying to reduce the signal-to-noise ratio is a good thing, it is pretty high, but...
The existing feature request is acceptable, but really it’s just replacing what was deleted.
The idea of an "audit log" is probably the best idea I’ve seen, but...
# # #
I’ve already stated this, but AFAICT all of the solutions given basically boils down to a solution that requires a user to routinely log in to a potentially compromised system and as such is a “bad” solution. (Although on re-read, I’m not sure what “as part of Contact Manager” encompasses, so maybe not?)
So, before I modify and add something "audit log"(ish) as a feature request, let’s discuss it and work out it’s flaws so it’s useful as a whole? My thoughts:
- It must be able to be sent in email.
So that any change can be compared against whatever “System Integrity checking detected a modified system file” type report (csf/ldf, etc.) the user has setup.
- It preferably tells the user what specially has changed.
It’d be helpful if it went beyond telling what packages were updated and also told what files, user accounts, crontab entries, and such were modified. (Currently, for not well known files, we have to find a non-updated server and run ‘yum whatprovides’ to match changed files to updated packages.)
- It should encompass everything that gets updated or changed.
- It should, or should be able to, be received in basically real time.
- It does not have to contain the entire log output.
Raw log output is definitely a noise ‘issue.’ Granted most of us now know how to skim them well, but I can see that if they are just attached and the body is the summarized change report, it’d be significantly easier for everyone.
# # #
That’s a first pass, but I’m sure I’ve missed elements that should, or would be really useful to, be included. I’m also sure that it would greatly help the feature request for whatever is decided to be re-written by cPanel to use cPanel jargon, procedures, and process names.