Child pages
  • WHM API 1 Functions - fetch_security_advice
Skip to end of metadata
Go to start of metadata

Description

This function returns the cPanel Security Advisor's security scan data. It advises you of how to resolve any security issues that it finds.

Note:

For more information, read the cPanel Security Advisor documentation at the cPanel, L.L.C. GitHub® repository.

Examples


 JSON API
https://hostname.example.com:2087/cpsess##########/json-api/fetch_security_advice?api.version=1
 Command Line
whmapi1 fetch_security_advice


Notes:

  • Unless otherwise noted, you must URI-encode values.
  • For more information and additional output options, read our Guide to WHM API 1 documentation or run the whmapi1 --help command.
  • If you run CloudLinux™, you must use the full path of the whmapi1 command:

    /usr/local/cpanel/bin/whmapi1

 Output (JSON)
{
   "data" : {
      "payload" : [
         {
            "advice" : {
               "key" : "Apache_vhosts_not_segmented",
               "summary" : "Apache vhosts are not segmented or chroot()ed.",
               "suggestion" : "Enable “Jail Apache” in the “<a target=\"_blank\" href=\"https://example.com:2087/scripts2/tweaksettings?find=jailapache\">Tweak Settings</a>” area, and change users to jailshell in the “<a target=\"_blank\" href=\"https://example.com:2087/scripts2/manageshells\">Manage Shell Access</a>” area.  Consider a more robust solution by using “<a target=\"_blank\" href=\"https://go.cpanel.net/cloudlinux\">CageFS on CloudLinux</a>”.  Note that this may break the ability to access mailman via Apache.",
               "type" : "ADVISE_BAD"
            },
            "module" : "Cpanel::Security::Advisor::Assessors::Apache",
            "type" : "mod_advice"
         },
         {
            "module" : "Cpanel::Security::Advisor::Assessors::Apache",
            "type" : "mod_advice",
            "advice" : {
               "summary" : "Kernel does not support the prevention of symlink ownership attacks.",
               "suggestion" : "You do not appear to have any symlink protection enabled through a properly patched kernel on this server, which provides additional protections beyond those solutions employed in userland. Please review <a target=\"_blank\" href=\"https://go.cpanel.net/EA4Symlink\">the documentation</a> to learn how to apply this protection.",
               "type" : "ADVISE_BAD",
               "key" : "Apache_no_symlink_protection"
            }
         },
         {
            "type" : "mod_advice",
            "module" : "Cpanel::Security::Advisor::Assessors::Brute",
            "advice" : {
               "key" : "Brute_protection_enabled",
               "type" : "ADVISE_GOOD",
               "suggestion" : null,
               "summary" : "cPHulk Brute Force Protection is enabled."
            }
         },
         {
            "module" : "Cpanel::Security::Advisor::Assessors::ClamAV",
            "type" : "mod_advice",
            "advice" : {
               "type" : "ADVISE_BAD",
               "summary" : "ClamAV is not installed.",
               "suggestion" : "Install ClamAV within \"<a target=\"_blank\" href=\"https://example.com:2087/scripts2/manage_plugins\">Manage Plugins</a>\".",
               "key" : "ClamAV_not_installed"
            }
         },
         {
            "advice" : {
               "key" : "Jail_users_running_outside_of_jail",
               "summary" : "Users running outside of the jail: user1, user2, user3, and username.",
               "suggestion" : "Change these users to jailshell or noshell in the “<a target=\"_blank\" href=\"https://example.com:2087/scripts2/manageshells\">Manage Shell Access</a>” area.",
               "type" : "ADVISE_WARN"
            },
            "type" : "mod_advice",
            "module" : "Cpanel::Security::Advisor::Assessors::Jail"
         },
         {
            "module" : "Cpanel::Security::Advisor::Assessors::Kernel",
            "type" : "mod_advice",
            "advice" : {
               "type" : "ADVISE_BAD",
               "summary" : "Add KernelCare's Free Symlink Protection.",
               "suggestion" : "This free patch set protects your system from symlink attacks. Add KernelCare's Free Patch Set. <a target=\"_parent\" href=\"https://example.com:2087/scripts12/add_kernelcare_free_symlink_protection\">Add KernelCare's Free Symlink Protection</a>. NOTE: This is not the full KernelCare product and service.<br/><br/>You can protect against this in multiple ways. Please review the following <a target=\"_blank\" href=\"https://go.cpanel.net/EA4Symlink\">documentation</a> to find a solution that is suited to your needs.",
               "key" : "Kernel_kernelcare_suggest_free_symlink_protection"
            }
         },
         {
            "advice" : {
               "suggestion" : "KernelCare provides an easy and effortless way to ensure that your operating system uses the most up-to-date kernel without the need to reboot your server. After you purchase and install KernelCare, you can obtain and install the KernelCare \"Extra\" Patchset, which includes symlink protection. <p/><p/><a target=\"_parent\" href=\"https://example.com:2087/scripts12/purchase_kernelcare_init\">Get KernelCare</a> for $3.00/month.",
               "summary" : "Use KernelCare to automate kernel security updates without reboots.",
               "type" : "ADVISE_WARN",
               "key" : "Kernel_kernelcare_purchase"
            },
            "type" : "mod_advice",
            "module" : "Cpanel::Security::Advisor::Assessors::Kernel"
         },
         {
            "type" : "mod_advice",
            "module" : "Cpanel::Security::Advisor::Assessors::Kernel",
            "advice" : {
               "key" : "Kernel_running_is_current",
               "type" : "ADVISE_GOOD",
               "summary" : "The system kernel is up-to-date at version “3.10.0-957.5.1.el7.x86_64”.",
               "suggestion" : null
            }
         },
         {
            "type" : "mod_advice",
            "module" : "Cpanel::Security::Advisor::Assessors::Mysql",
            "advice" : {
               "summary" : "MySQL test database doesn't exist.",
               "suggestion" : null,
               "type" : "ADVISE_GOOD",
               "key" : "Mysql_test_database_does_not_exist"
            }
         },
         {
            "module" : "Cpanel::Security::Advisor::Assessors::Mysql",
            "type" : "mod_advice",
            "advice" : {
               "key" : "Mysql_no_anonymous_users",
               "type" : "ADVISE_GOOD",
               "summary" : "MySQL check for anonymous users",
               "suggestion" : null
            }
         },
         {
            "advice" : {
               "summary" : "The MySQL service is currently configured to listen on all interfaces: (bind-address=*)",
               "suggestion" : "Configure bind-address=10.0.0.1 in /etc/my.cnf, or close port 3306 in the server’s firewall.",
               "type" : "ADVISE_BAD",
               "key" : "Mysql_listening_on_all_interfaces"
            },
            "type" : "mod_advice",
            "module" : "Cpanel::Security::Advisor::Assessors::Mysql"
         },
         {
            "type" : "mod_advice",
            "module" : "Cpanel::Security::Advisor::Assessors::Passwords",
            "advice" : {
               "key" : "Passwords_weak_permitted",
               "suggestion" : "Configure Password Strength requirements in the “<a target=\"_blank\" href=\"https://example.com:2087/scripts/minpwstrength\">Password Strength Configuration</a>” area",
               "summary" : "Trivially weak passwords are permitted.",
               "type" : "ADVISE_BAD"
            }
         },
         {
            "advice" : {
               "key" : "Processes_detected_running_outdated_services",
               "summary" : "Detected 10 services that are running outdated executables: dnsadmin.service cphulkd.service queueprocd.service tailwatchd.service httpd.service cpgreylistd.service cpdavd.service exim.service cpanellogd.service cpanel_php_fpm.service",
               "suggestion" : "You must take one of the following actions to ensure the system is up-to-date:<ul><li>Restart the listed services using “systemctl restart dnsadmin.service cphulkd.service queueprocd.service tailwatchd.service httpd.service cpgreylistd.service cpdavd.service exim.service cpanellogd.service cpanel_php_fpm.service”; then click “Scan Again” to check non-service processes.</li><li><a target=\"_blank\" href=\"https://example.com:2087/scripts/dialog?dialog=reboot\">Reboot the server</a>.</li></ul>",
               "type" : "ADVISE_BAD"
            },
            "type" : "mod_advice",
            "module" : "Cpanel::Security::Advisor::Assessors::Processes"
         },
         {
            "type" : "mod_run",
            "module" : "Cpanel::Security::Advisor::Assessors::SSH",
            "message" : "Can't call method \"get_raw_conf\" on an undefined value at /usr/local/cpanel/Whostmgr/Services/SSH/Config.pm line 160.\n"
         },
         {
            "advice" : {
               "summary" : "SCGI is disabled, currently using the recommended suEXEC.",
               "suggestion" : null,
               "type" : "ADVISE_GOOD",
               "key" : "Scgiwrap_SCGI_is_disabled"
            },
            "type" : "mod_advice",
            "module" : "Cpanel::Security::Advisor::Assessors::Scgiwrap"
         },
         {
            "advice" : {
               "suggestion" : "Enable “Prevent \"nobody\" from sending mail” in the “<a target=\"_blank\" href=\"https://example.com:2087/scripts2/tweaksettings?find=nobodyspam\">Tweak Settings</a>” area",
               "summary" : "The pseudo-user “nobody” is permitted to send email.",
               "type" : "ADVISE_BAD",
               "key" : "Spam_user_nobody_can_send_email"
            },
            "type" : "mod_advice",
            "module" : "Cpanel::Security::Advisor::Assessors::Spam"
         },
         {
            "type" : "mod_advice",
            "module" : "Cpanel::Security::Advisor::Assessors::Spam",
            "advice" : {
               "key" : "Spam_smtp_unrestricted",
               "type" : "ADVISE_BAD",
               "suggestion" : "Enable SMTP Restrictions in the “<a target=\"_blank\" href=\"https://example.com:2087/scripts2/smtpmailgidonly\">SMTP Restrictions</a>” area",
               "summary" : "Outbound SMTP connections are unrestricted."
            }
         },
         {
            "advice" : {
               "key" : "Spam_apache_not_queried_for_sender",
               "suggestion" : "Enable “Query Apache server status to determine the sender of email sent from processes running as nobody” in the “<a target=\"_blank\" href=\"https://example.com:2087/scripts2/displayeximconfforedit\">Exim Configuration Manager</a>” area's “Basic Editor”",
               "summary" : "Apache is not being queried to determine the actual sender when mail originates from the “nobody” pseudo-user.",
               "type" : "ADVISE_BAD"
            },
            "type" : "mod_advice",
            "module" : "Cpanel::Security::Advisor::Assessors::Spam"
         },
         {
            "message" : "Undefined subroutine &Cpanel::SafeRun::Timed::timedsaferun called at /usr/local/cpanel/Cpanel/Security/Advisor/Assessors/Trojans.pm line 567.\n",
            "module" : "Cpanel::Security::Advisor::Assessors::Trojans",
            "type" : "mod_run"
         }
      ]
   }
}


Note:

Use WHM's API Shell interface (WHM >> Home >> Development >> API Shell) to directly test WHM API calls.

Parameters

This function does not accept parameters.

Returns

ReturnTypeDescriptionPossible valuesExample
payloadarray of hashes

An array of hashes that contains messages from the Security Advisor.

Each hash contains the module and type returns.

Note:

  • This function only returns the the advice array of hashes when the type return is the mod_advice value.
  • This function only returns the message return when the type return is the mod_load or mod_run value.

advice

hash

A hash that contains a message from the Security Advisor.

This function returns this value in the payload hash.

Each hash contains the key, suggestion, summary, and type returns.

Note:

This function only returns this hash when the type return is the mod_advice value.


key

string

A unique check identifier in the module that returns a status message.

This function returns this value in the advice hash.

A valid identifier.ClamAV_not_installed

suggestion

string

A message that suggests how to resolve the security issue.

This function returns this value in the advice hash.

  • A valid HTML string.
  • null — There is not a suggestion.

 Click to view...

Install ClamAV within \"<a target=\"_blank\" href=\"https://example.com:2087/scripts2/manage_plugins\">Manage Plugins</a>\".

summary

string

A summary about the module's current security status.

This function returns this value in the advice hash.

An HTML string.ClamAV is not installed.

type

string

The level at which the module returns a specific security message.

This function returns this value in the advice hash.

  • ADVISE_GOOD — There are no security issues.
  • ADVISE_INFO — This hash contains an informational message.
  • ADVISE_WARN — The hash contains a warning.
  • ADVISE_BAD — The hash contains a security issue.
ADVISE_BAD

message

string

A message that describes an error.

This function returns this value in the payload hash.

An error message.

Note:

This function only returns this value for the type return's mod_load and mod_run values.

 Click to view...

Can't call method \"get_raw_conf\" on an undefined value at /usr/local/cpanel/Whostmgr/Services/SSH/Config.pm line 160.\n

module

string

The module that the Security Advisor checked.

This function returns this value in the payload hash.

The name of a module.Cpanel::Security::Advisor::Assessors::ClamAV

type

string

The type of security message.

This function returns this value in the payload hash.

  • mod_advice — There is a message from the Security Advisor module.

    Note:

    This value returns the advice hash.

  • mod_load — There was an error preventing the loading of the module.
  • mod_run — There was an error preventing the system from completing one of the module's checks.
mod_advice