Understanding cPanel Security Advisor Notices

Posted on by dpepper
Reading Time: 2 minutes

In an effort to increase security, cPanel has modified the default notification settings for certain items that the control panel monitors. Due to the change in notification settings, cPanel users may receive notifications that they previously had not encountered. In particular, a number of changes were made to the notification options for Security Advisor beginning with the release of WHM 56.

‘New security advisor notifications with high importance’

All notifications and included recommendations should be duly noted, but it is important to understand that Security Advisor notifications come from cPanel, not Liquid Web, and they are based solely upon the limited information that their software is able to access. By design, certain software and security measures run outside of cPanel, leading Security Advisor to occasionally detect false positives or otherwise flag items which may not be applicable to your server.

This article, which will be updated periodically, is meant to serve as a point of reference for such notifications.

MySQL Listening on All Interfaces

Security Advisor Notice: The MySQL service is currently configured to listen on all interfaces: (bind-address=*) Configure bind-address=127.0.0.1 in /etc/my.cnf
This most often is a false positive. Liquid Web servers include an advanced firewall that drops traffic to all ports which have not specifically been allowed, but Security Advisor’s check is unable to take this into account. Moreover, Liquid Web’s 24/7 Sonar Monitoring™ needs to be able to connect to MySQL to monitor the service’s status. Sonar Monitoring™ uses a port which is not publicly accessible, but Security Advisor does not take that into account.

SSH Password Authentication is Enabled

Security Advisor Notice: Disable SSH password authentication in the “SSH Password Authorization Tweak” area
This message indicates only that you can log into your server with a password. For maximum security, SSH keys are typically recommended, but as long as you’re using strong passwords, you may prefer to continue the practice. In any case, you will not want to disable SSH password authentication until you have set up and tested SSH keys to connect to your server.

SSH direct root logins are permitted

Manually edit /etc/ssh/sshd_config and change PermitRootLogin to “no”, then restart SSH in the “Restart SSH” area
This message indicates only that the root user can log into your server with the proper password or SSH key. For maximum security, you ideally would want to disable the root user login and add another user for that purpose.

If you need further guidance, feel free to contact Heroic Support®.

Avatar for dpepper

About the Author: dpepper

Latest Articles

Blocking IP or whitelisting IP addresses with UFW

Read Article

CentOS Linux 7 end of life migrations

Read Article

Use ChatGPT to diagnose and resolve server issues

Read Article

What is SDDC VMware?

Read Article

Best authentication practices for email senders

Read Article