Security Advisor 101

Security Advisor 101 for cPanel Servers

Introduction: Security is paramount for web hosting environments. With the variety of threats evolving daily, having a tool like the Security Advisor in cPanel can provide insights and suggestions on keeping servers secure. This guide provides an overview of the Security Advisor tool in cPanel servers and offers basic instructions on how to use it.

1. What is Security Advisor?

Security Advisor is a feature within the WHM (Web Host Manager) of cPanel servers. It scans your server for potential security threats and provides recommendations on how to fix them.

2. Accessing Security Advisor:

• Log into WHM as the root user.
• In the WHM dashboard, type “Security Advisor” in the search bar.
• Click on “Security Advisor” from the menu.

3. Running a Security Scan:

• Once inside Security Advisor, click on the blue “Run Security Advisor Scan” button. The scan will analyze the server.
• After the scan completes, you’ll see a list of security notifications ranked by their importance: Critical, Warning, and Notices.

4. Reviewing and Addressing Recommendations:

• Critical: These are potential threats or vulnerabilities that should be addressed immediately. They might include outdated software versions, weak passwords, or unprotected configuration files.
• Warning: These are suggestions that might not pose an immediate threat but should be considered for better server security.
• Notices: General information or recommendations for improving the server’s security posture.

By clicking on the blue links in each recommendation, you can get more details and often a direct option or command to resolve the issue.

5. Key Areas Security Advisor Covers:

• Software Updates: Ensures that your cPanel, PHP, Apache, and other server software are up to date.
• Configuration Checks: Checks for any insecure configurations, such as directory permissions or unprotected databases.
• Account Security: Verifies user passwords’ strength, SSH configuration, and potential security breaches.
• Firewall and Brute Force Protection: Ensures that a firewall is active and correctly configured. It also checks for brute force protection mechanisms.
• SSL Certificates: Monitors the status of SSL certificates and ensures they’re valid and up-to-date.

6. Regularly Schedule Scans:

While Security Advisor provides immediate recommendations, it’s essential to run these scans regularly. New vulnerabilities or changes in server configurations might introduce new risks.

7. Additional Measures:

While the Security Advisor is a powerful tool, always consider additional security practices:

• Implement regular server backups.
• Use a reliable Intrusion Detection System (IDS).
• Consider additional security tools or plugins compatible with cPanel/WHM.
• Regularly update all server software and applications.
• Employ strong password policies and two-factor authentication where possible.

Inside the Security Center section of WHM lies a feature that some cPanel & WHM users may not be familiar with. Security Advisor is a feature that when selected, displays possible security concerns that hosting providers will want to address, as well as a solution to that warning message. The settings that are flagged may be problematic in some configurations but are not something that would be addressed through a cPanel & WHM version upgrade. So what exactly is Security Advisor?  Let’s dive in!

What is Security Advisor?

When selected from the left-hand menu in WHM, Security Advisor fires off a check of services installed, software versions, various passwords strengths, and other various configurations. It then displays either a red, yellow, grey, or green status for that particular check, and educates and informs you on some possible issues that may arise by related to those alerts.

For example: if you look at the first entry in Security Advisor from the image above, you’ll see the advisory reads:

Apache vhosts are not segmented or chroot()ed

This is then followed by instructions on how to resolve this advisory:

Enable “Jail Apache” in the “Tweak Settings” area, and change users to jailshell in the “Manage Shell Access” area. Consider a more robust solution by using “CageFS on CloudLinux”

Color me interested!

The messaging in Security Advisor is color-coded depending on the severity of the possible issue. The red advisories are indicative of a more severe issue. We strongly recommend addressing these issues immediately. The yellow advisories are a possible issue that we recommend investigating and resolving as soon as possible. Grey advisories are informational and may indicate a permissions issue where a user may have an unusual level of access. Finally, green advisories are notifications that the Security Advisor does not indicate a problem in that area.

Configuring Security Advisor Notifications

In WHM, the Contact Manager interface (WHM >> Home >> Server Contacts >> Contact Manager) allows you to specify when and where your server sends various notifications, including notifications around the Security Advisor. Contact Manager is set by default to send alerts (as they’re configured, either by Email, HipChat, a URL, SMS, or etc) when detecting new issues with high importance.

Inside of Contact Manager, you can configure the importance level of Security Advisor alerts (Low, Medium, High or Off) and the method of delivery in which you wish to receive the notifications:

Clicking on the dropdown menu under the “Receives” column will allow you to set the priorities in how the Type of communication will be received. This is important as when you’re configuring the Security Advisor Notifications (mentioned above), these choices will determine how you will be notified when an advisory is tripped. The “Edit” button allows you to configure a destination (i.e. email address, URL, phone number for SMS, ICQ number, etc) for that notification to be sent to!

Be a contributor!

The list of services and other items that Security Advisor checks is generated internally by cPanel. Security Advisor offers a different advantage over other features in cPanel & WHM; the ability to fork off and customize the Security Advisor for yourself! cPanel maintains a GitHub repository containing an open source version Security Advisor to fork off and develop on your own.

You could easily download the repo of Security Advisor, customize it to check your list of services and other features, and then make a pull request to have your work reviewed and merged into the official cPanel GitHub repository, improving the Security Advisor for everyone!

If you’re not already familiar with the feature, give the Security Advisor a test spin. If you have any questions or comments about the Security Advisor, or how to make your own contribution to it, feel free to reach out to us via Slack, Discord, or the Official cPanel Subreddit. If you’d like to request additions or changes to the Security Advisor, don’t hesitate to submit a feature request.