CPANEL-39815 - Not receiving security advisor notifications
I have reported this to cPanel support and wanting to create a thread here so that I can follow it.
Re: Not receiving "New Security Advisor notifications"
After checking, I was able to get a Security Advisor state change notification 'sent' by briefly making a change that would warrant the notification and running the script that performs this task manually:
# /scripts/check_security_advice_changes --notify
? New Security Advisor notifications with High importance
This notification was fired off successfully:
2022-01-21 14:52:50 1nAj6g-0006no-Co <= cpanel@ example.com H=(localhost.localdomain) [127.0.0.1]:40716 P=esmtpa A=dovecot_plain:__cpanel__service__auth__icontact__jkt6hpgcwi5glmgs S=37379 id=164272 T="42\233\224 New Security Advisor notifications with High importance" for redacted]
However, I do see the kernel update Security Advisor notification in the cPanel error log, and that there is no corresponding notification email for it.
There does seem to be an issue with the automated notification process.
You can "follow" the article provided by tech support to receive updates on the case.
-
Thanks for posting this! 0 -
I still have not had any update on this 0 -
I don't see any updates on my end for that case. I did just add a comment to the case that you're looking for an update. 0 -
Hi there @cPRex Any update to this ? 0 -
I poked the security team about this issue just now, and while they are aware of it and plan to get it resolved, they haven't been able to fix this just yet. It's definitely on their radar though. 0 -
I have reported this to cPanel support and wanting to create a thread here so that I can follow it. Re: Not receiving "New Security Advisor notifications" After checking, I was able to get a Security Advisor state change notification 'sent' by briefly making a change that would warrant the notification and running the script that performs this task manually: # /scripts/check_security_advice_changes --notify ? New Security Advisor notifications with High importance This notification was fired off successfully: 2022-01-21 14:52:50 1nAj6g-0006no-Co <= cpanel@ example.com H=(localhost.localdomain) [127.0.0.1]:40716 P=esmtpa A=dovecot_plain:__cpanel__service__auth__icontact__jkt6hpgcwi5glmgs S=37379 id=164272 T="42\233\224 New Security Advisor notifications with High importance" for redacted] However, I do see the kernel update Security Advisor notification in the cPanel error log, and that there is no corresponding notification email for it. There does seem to be an issue with the automated notification process. You can "follow" the article provided by tech support to receive updates on the case. sitio Internal case: CPANEL-39815
I have the same issue here. Any updates on this case?0 -
I still don't have any updates on this one. 0 -
Yes it is super annoying. I can't be the only one! 0 -
Yes it is super annoying. I can't be the only one!
what version of cPanel are you using ? just wondering thanks0 -
I have the same issue here. Any updates on this case?
just asking, what cPanel version are you using0 -
just asking, what cPanel version are you using
The latest build 102.0.8 But this issue has been present for at least the last year. Has the title of this thread been updated? I am sure it never used to say "In Progress" - does that mean it's now actively being worked on @cPRex0 -
The latest build 102.0.8 But this issue has been present for at least the last year. Has the title of this thread been updated? I am sure it never used to say "In Progress" - does that mean it's now actively being worked on @cPRex
Where can I look for these error logs if you don"t mind letting me know thanks I have 1 production server using 102.08 as well . Never noticed this and 2 dev using edge one AlmaLinux 102.09 and 1 Ubuntu 102.09 so I wanted to check those and see if the error is on my servers as well. Thanks for your time0 -
Where can I look for these error logs if you don"t mind letting me know thanks I have 1 production server using 102.08 as well . Never noticed this and 2 dev using edge one AlmaLinux 102.09 and 1 Ubuntu 102.09 so I wanted to check those and see if the error is on my servers as well. Thanks for your time
You can check:user_notifications/root/history/ error_log
From cPanel support (Brian) [QUOTE]"kernel update Security Advisor notification is in the cPanel error log, BUT there is no corresponding notification email for it. There does seem to be an issue with the automated notification process. After some further testing I've been able to reproduce this issue on my own server. The Security Advisor State Change notifications are not reliably sent to the administrator. Oddly enough on my test server, the notifications were always written to cPanel's error_log. I have filed internal case ID CPANEL-39815 for our developers regarding this issue. While I cannot offer an ETA of action on the case, I encourage you to follow this support article in order to receive updates on the case's status:
So basically, if you are not receiving the Kernel Update Notification email notification, then you know you have the same issue. Which means waiting for the fix. Otherwise, you will need to open a support ticket with cPanel0 -
You can check:
user_notifications/root/history/ error_log
From cPanel support (Brian) So basically, if you are not receiving the Kernel Update Notification email notification, then you know you have the same issue. Which means waiting for the fix. Otherwise, you will need to open a support ticket with cPanel
Thanks so much for posting this. I am going to check this as soon as I get home. And I have never received an email for kernel update on the dev servers. I have not vetted thst on production server either but I use keenelcare for as well. So not sure if I should still get notifications from cPanel kernel update if using keenelcare ? I will post my findings as well as soon as I get home and check. Thank you so much @WorkinOnIt for this information. Ver much appreciated:)0 -
I do not see this on production or any server possibly kernelcare on production ? or I missed it in the update logs. 0 -
@cPRex Any update for us ? 0 -
I don't have anything to add at this time. 0 -
Hi there Any update on when issue will be fixed? I am really concerned that this issue is being ignored.... There does not seem to be any indication on when this will be attended to. When I query the team on the support ticket, they say - sorry no idea - and then mark it as resolved. I think that is poor practice as it is not resolved. I consider this fault to be a major flaw as I rely on system notifications to keep me informed as to system performance - I don't think that is unreasonable. However, cPanel is broken from my perspective. I first reported it in January. How much time is reasonable? Should I be asking for a refund of my monthly fees? When can I expect an ETA in fix? Thank you 0 -
@WorkinOnIt - I spoke with the developers about this issue and they are going to bring up the case in this afternoon's meeting to see what the plan is to get it handled. You're always welcome to request a partial refund through a support ticket. 0 -
@WorkinOnIt, as the root user, if you rename the /var/cpanel/security_advisor_history.json
file to something else and then run/scripts/check_security_advice_changes --notify
once again, does it re-issue all, some, or none of the missing notifications you are expecting?0 -
@cPRex Thank you for your integrity. I have replied to the ticket to see what they say about a partial refund - although to be honest, the money is not really the issue (although when refunds are involved it does sharpen the focus somewhat, so that might help ;-) Did you hear anything from your colleagues following the meeting? I've just discovered another kernel update is ready in the manual security scan (of course, once again, no notification received !) 0 -
@WorkinOnIt, as the root user, if you rename the
/var/cpanel/security_advisor_history.json
file to something else and then run/scripts/check_security_advice_changes --notify
once again, does it re-issue all, some, or none of the missing notifications you are expecting?
Thank you @cPSloaneB - yes, that actually worked! I also received the email notification o_O I updated on four servers and they all responded the same. Of course, it remains to be seen if this will fix future auto-generated notices - I guess will have to wait and see if I still receive the email the next time there are new security advisor notifications ? Do you think this is now fixed - or does this need further steps? I have no idea why renaming that file fixed it - would you care to explain further?0 -
Deleting the history file and forcing the run to happen again forces all notifications to be sent again. I did talk with the development team about this earlier this week, and there is work actively happening on the issue now. 0 -
Of course, it remains to be seen if this will fix future auto-generated notices - I guess will have to wait and see if I still receive the email the next time there are new security advisor notifications ? Do you think this is now fixed - or does this need further steps? I have no idea why renaming that file fixed it - would you care to explain further?
This by itself will not fix future notifications, unless the file is removed again continually. The Security Advisor currently remembers the internal names of each advice item, a hash of the text of the advice, and the severity of the item in that file, and it carries over this information across runs of the script. Unless the severity of the item was increased since the script last saw the item, it will not issue the same notification twice. Removing the history file makes the script forget about all previous notifications, which may work for you but would be too noisy for other users. (In principle, removing just the information pertaining to the notification you expect to be re-issued will also work.) At this time, I have submitted a fix which changes this behavior so that the history file only remembers the notices which appeared the last time the script ran. This way, it should notify whenever the state of the item degrades since the last notification; if it stays the same, improves, or disappears, then this should still not trigger a notification, which I am hoping is not too noisy of a policy. Furthermore, it doesn't require changing the data format of the history file. This change is being targeted for a 104 release. A backport to 102 may be possible, but we would likely want to see whether we get negative feedback for this change in 104, which might make necessary further changes to the kind of data recorded in the history file, so that the Security Advisor could apply more complicated hysteresis to the policy of when to issue notifications.0 -
At this time, I have submitted a fix which changes this behavior so that the history file only remembers the notices which appeared the last time the script ran. This way, it should notify whenever the state of the item degrades since the last notification; if it stays the same, improves, or disappears, then this should still not trigger a notification, which I am hoping is not too noisy of a policy. Furthermore, it doesn't require changing the data format of the history file. This change is being targeted for a 104 release. A backport to 102 may be possible, but we would likely want to see whether we get negative feedback for this change in 104, which might make necessary further changes to the kind of data recorded in the history file, so that the Security Advisor could apply more complicated hysteresis to the policy of when to issue notifications.
Good one thanks. I am rather surprised that I am the only person who seems to have noticed / reported this matter..... I guess I must be old school ! I think another useful way to handle this is some kind of dashboard notification / flashing icon that says "hey something needs attention!" There is already a notification menu icon in the new layout at top right - I would suggest showing new security state change notices in there would be sensible?0 -
Update - this is resolved in version 104.0.4 0 -
Hi there I am now upgraded to 104.0.4 and will report back when / if I receive the notifications 0 -
Hi there @cPRex and @cPSloaneB Today I ran a manual check in the WHM security advisor and it came up with : Detected 1 service that is running outdated executables: httpd.service You must take one of the following actions to ensure the system is up-to-date: - Restart the listed service using "systemctl restart httpd.service"; then click "Scan Again" to check non-service processes.
- Reboot the server.
0 -
@cPRex @cPSloaneB, just checking you saw this as your usernames did not seem to get tagged? 0 -
We've got it - Sloane will check this out later today. 0
Please sign in to leave a comment.
Comments
52 comments