Inside the Security Center section of WHM lies a feature that some cPanel & WHM users may not be familiar with. Security Advisor is a feature that when selected, displays possible security concerns that hosting providers will want to address, as well as a solution to that warning message. The settings that are flagged may be problematic in some configurations but are not something that would be addressed through a cPanel & WHM version upgrade. So what exactly is Security Advisor? Let’s dive in!
What is Security Advisor?
When selected from the left-hand menu in WHM, Security Advisor fires off a check of services installed, software versions, various passwords strengths, and other various configurations. It then displays either a red, yellow, grey, or green status for that particular check, and educates and informs you on some possible issues that may arise by related to those alerts.
For example: if you look at the first entry in Security Advisor from the image above, you’ll see the advisory reads:
Apache vhosts are not segmented or chroot()ed
This is then followed by instructions on how to resolve this advisory:
Enable “Jail Apache” in the “Tweak Settings” area, and change users to jailshell in the “Manage Shell Access” area. Consider a more robust solution by using “CageFS on CloudLinux”
Color me interested!
The messaging in Security Advisor is color-coded depending on the severity of the possible issue. The red advisories are indicative of a more severe issue. We strongly recommend addressing these issues immediately. The yellow advisories are a possible issue that we recommend investigating and resolving as soon as possible. Grey advisories are informational and may indicate a permissions issue where a user may have an unusual level of access. Finally, green advisories are notifications that the Security Advisor does not indicate a problem in that area.
Configuring Security Advisor Notifications
In WHM, the Contact Manager interface (WHM >> Home >> Server Contacts >> Contact Manager) allows you to specify when and where your server sends various notifications, including notifications around the Security Advisor. Contact Manager is set by default to send alerts (as they’re configured, either by Email, HipChat, a URL, SMS, or etc) when detecting new issues with high importance.
Inside of Contact Manager, you can configure the importance level of Security Advisor alerts (Low, Medium, High or Off) and the method of delivery in which you wish to receive the notifications:
Clicking on the dropdown menu under the “Receives” column will allow you to set the priorities in how the Type of communication will be received. This is important as when you’re configuring the Security Advisor Notifications (mentioned above), these choices will determine how you will be notified when an advisory is tripped. The “Edit” button allows you to configure a destination (i.e. email address, URL, phone number for SMS, ICQ number, etc) for that notification to be sent to!
Be a contributor!
The list of services and other items that Security Advisor checks is generated internally by cPanel. Security Advisor offers a different advantage over other features in cPanel & WHM; the ability to fork off and customize the Security Advisor for yourself! cPanel maintains a GitHub repository containing an open source version Security Advisor to fork off and develop on your own.
You could easily download the repo of Security Advisor, customize it to check your list of services and other features, and then make a pull request to have your work reviewed and merged into the official cPanel GitHub repository, improving the Security Advisor for everyone!
If you’re not already familiar with the feature, give the Security Advisor a test spin. If you have any questions or comments about the Security Advisor, or how to make your own contribution to it, feel free to reach out to us via Slack, Discord, or the Official cPanel Subreddit. If you’d like to request additions or changes to the Security Advisor, don’t hesitate to submit a feature request.
Leave a Reply
You must be logged in to post a comment.