CPANEL-39815 - Not receiving security advisor notifications
I have reported this to cPanel support and wanting to create a thread here so that I can follow it.
Re: Not receiving "New Security Advisor notifications"
After checking, I was able to get a Security Advisor state change notification 'sent' by briefly making a change that would warrant the notification and running the script that performs this task manually:
# /scripts/check_security_advice_changes --notify
? New Security Advisor notifications with High importance
This notification was fired off successfully:
2022-01-21 14:52:50 1nAj6g-0006no-Co <= cpanel@ example.com H=(localhost.localdomain) [127.0.0.1]:40716 P=esmtpa A=dovecot_plain:__cpanel__service__auth__icontact__jkt6hpgcwi5glmgs S=37379 id=164272 T="42\233\224 New Security Advisor notifications with High importance" for redacted]
However, I do see the kernel update Security Advisor notification in the cPanel error log, and that there is no corresponding notification email for it.
There does seem to be an issue with the automated notification process.
You can "follow" the article provided by tech support to receive updates on the case.
-
Today I ran a manual check in the WHM security advisor and it came up with : Detected 1 service that is running outdated executables: httpd.service You must take one of the following actions to ensure the system is up-to-date:
- Restart the listed service using "systemctl restart httpd.service"; then click "Scan Again" to check non-service processes.
- Reboot the server.
There are still several possible reasons why you may not have received a notification. As one example, note that the/var/cpanel/security_advisor_history.json
file is not updated by the Security Advisor itself but rather by the/scripts/check_security_advice_changes
script run during the maintenance phase of the nightly cPanel update. Furthermore, the new behavior only makes an advice item eligible for a new notification if that script notices that the condition went away: if the file says that it saw an item last time, but it's not seeing it this time, it removes it from the file, as if the previous notification never happened. Thus, it's possible that Apache was restarted, but an update to the EasyApache packages returned the issue of Apache needing a restart just prior to the next running of the script. In this case, it would not have noticed a change, so that item would still not be eligible for a new notification. This is not to say that this is definitely what is happening. We would have to know the specifics from your server. It may be time for another support ticket. (Something I'm considering as a further improvement is to have/scripts/check_security_advice_changes
keep a copy of the previous history file before it writes the new one. Comparing these would be an easier way to know whether the script saw a change (and genuinely failed to notify) or not.)0 -
@cPSloaneB @cPRex Hi both I am still not receiving the update email notifications at all. I did a cPanel Security Advisor manual check on one of my 5 servers. It showed the The system kernel is at version...... message - basically - never received the notification..... and nothing for the other servers either. I have re-opened the previous ticket. Request #94427824 0 -
Thanks for that - I'm following along with that ticket now. 0 -
I checked the ticket this morning, and it looks like we recommended renaming or moving the /var/cpanel/security_advisor_history.json file to see if this allows future notifications to be sent. Have you tried doing that yet? 0 -
I just looked at one of the the servers attached to your ticket. What I see makes me believe that the Security Advisor is for certain handing its request for a contact event off to the iContact system, as the messages being printed to the error log are from the iContact template belonging to the "change in Security Advisor state" notification. However, if iContact is generating an error, it is not being recorded anywhere. I'm going to have someone investigate further with this in mind. 0 -
I just looked at one of the the servers attached to your ticket... I'm going to have someone investigate further with this in mind.
Hello @cPSloaneB and @cPRex I have today opened a further ticket: 94487970 I am still not getting any notifications on my 5 servers. I did a test "manual run" on one of the servers and all the notifications are there - just not getting anything on the emails... This is getting a bit tedious, but I do appreciate your assistance. I am surprised I am the only one that's brought it up! I assume I am not the only one affected !! Could you change the status of this thread to something other than solved? It's a bit inaccurate. Thank you0 -
The original issue we thought this may be, CPANEL-39815, has been solved in version 104. However, there is likely something else going on here, and we'll get that tracked down through the ticket. I'm following along with that now as well. 0 -
As I have been saying all along, cPanel notifications are broken - and this has been the case for almost a year. It is frustrating to have to raise the matter several times, then be told "it's solved" when it clearly isn't. 0 -
I did read through the ticket and it was definitely an odd issue, but I'm glad we were able to track it down. Our developers are working on that now so that will get taken care of in a future release. 0 -
Quick follow-up on CPANEL-41626: The issue turns out to be an extremely subtle logic inversion in the check_security_advice_changes script. Specifically, near the top of that file, there should be the following lines: [CODE=perl]sub _run_from_command_line { my (@args) = @_; if ( grep { index( $_, '-background' ) > -1 } @args ) { @args = grep { index( $_, '-background' ) != -1 } @args;
That last line cited above is the problem. It's supposed to filter out command line arguments which contain "-background", because the code that handles this argument is running early, but instead it filters out the ones which do not contain that match, meaning that the --notify flag being passed to the script to tell it to issue notifications is never noticed later on in the script, because this earlier mistake effectively erases it. Changing that line to the following should fix it: [CODE=perl] @args = grep { index( $_, '-background' ) == -1 } @args;0 -
Hey @cPSloaneB I am pleased to see the progress - I've been a bit too busy to follow up - but was wondering if I should start a new thread.... I could try that mod myself in the /scripts/check_security_advice_changes script, but I assume it will get overwritten in nightly updates? When will your fix make it into the release? 0 -
I could try that mod myself in the /scripts/check_security_advice_changes script, but I assume it will get overwritten in nightly updates? When will your fix make it into the release?
The script file is not controlled by an RPM package, so it will only be updated when cPanel itself updates to a new version. Because of the way our internal development process works, the farthest back I can directly put this fix is into 108. I can mark it with a request to backport to earlier versions, but that is entirely at the discretion of the people in charge of issuing releases. As usual, it will be in our0 -
The script file is not controlled by an RPM package, so it will only be updated when cPanel itself updates to a new version.
OK I will try it. Once I have updated the file, what other actions do you recommend I do, to test if it's working?0 -
OK I will try it. Once I have updated the file, what other actions do you recommend I do, to test if it's working?
It should be the last time you need to remove /var/cpanel/security_advisor_history.json. Presuming you still have items with sufficient severity, the notification should be issued next time cPanel performs its nightly maintenance.0 -
It should be the last time you need to remove /var/cpanel/security_advisor_history.json. Presuming you still have items with sufficient severity, the notification should be issued next time cPanel performs its nightly maintenance.
Hey, I have now set up the test and gave it a week. This morning I ran the security advisor in WHM and saw the following: The system"s core libraries or services have been updated. Reboot the server to ensure the system benefits from these updates. However, I did not receive any notice in email.0 -
Hey, I have now set up the test and gave it a week. This morning I ran the security advisor in WHM and saw the following: The system"s core libraries or services have been updated. Reboot the server to ensure the system benefits from these updates. However, I did not receive any notice in email.
When exactly were packages updated? If cPanel updated them automatically, you should be able to find this among the last week's worth of update logs in /var/cpanel/updatelogs/. The same log should also indicate when scripts/check_security_advice_changes ran on that day.0 -
When exactly were packages updated? If cPanel updated them automatically, you should be able to find this among the last week's worth of update logs in /var/cpanel/updatelogs/. The same log should also indicate when scripts/check_security_advice_changes ran on that day.
cPanel updated them automatically. The log says the following have run every day - but no emails. [2022-10-20 02:41:29 +1300] - Processing command `/usr/local/cpanel/scripts/check_security_advice_changes --notify --background` [2022-10-20 02:41:29 +1300] - Finished command `/usr/local/cpanel/scripts/check_security_advice_changes --notify --background` in 0.065 seconds [2022-10-21 02:41:29 +1300] - Processing command `/usr/local/cpanel/scripts/check_security_advice_changes --notify --background` [2022-10-21 02:41:29 +1300] - Finished command `/usr/local/cpanel/scripts/check_security_advice_changes --notify --background` in 0.127 seconds [2022-10-22 02:41:49 +1300] - Processing command `/usr/local/cpanel/scripts/check_security_advice_changes --notify --background` [2022-10-22 02:41:49 +1300] - Finished command `/usr/local/cpanel/scripts/check_security_advice_changes --notify --background` in 0.155 seconds etc Let me know the email address and I can forward them to you if you wish.0 -
Hello. This issue is still not resolved. I am on version 1.04. I did receive a "New Security Advisor notification email..." one ! It said " Detected 1 process that is running outdated executables: You must take one of the following actions to ensure the system is up-to-date: " Which is great, but then when I checked in the server, there was a system kernel update notice, but that had not been sent in the email. I run multiple servers. the issue persists across all servers. 0 -
Further to the above, after performing a restart last night, I got this this morning: alt="?">https://fonts.gstatic.com/s/e/notoemoji/15.0/26a0/32.png
MediumKernel The system cannot check the kernel status: "/usr/bin/yum" reported error code "1" when it ended: Error: Failed to download metadata for repo 'MariaDB103': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried alt="?">https://fonts.gstatic.com/s/e/notoemoji/15.0/26a0/32.png
MediumKernel The system cannot check the kernel status: "/usr/bin/yum" reported error code "1" when it ended: If above article doesn't help to resolve this issue please use 0 -
@cPSloaneB 0 -
Hello. This issue is still not resolved. I am on version 1.04. I did receive a "New Security Advisor notification email..." one ! It said " Detected 1 process that is running outdated executables: You must take one of the following actions to ensure the system is up-to-date: " Which is great, but then when I checked in the server, there was a system kernel update notice, but that had not been sent in the email. I run multiple servers. the issue persists across all servers.
Issues depending on external data and/or timing of events have a way of being difficult to track down. I know this isn't what you would like to hear, but if the issue persists even after the most recent fix, then you will need to open yet another support ticket, so that we can continue to investigate. Thank you for your continued patience and understanding.Further to the above, after performing a restart last night, I got this this morning:
alt="?">https://fonts.gstatic.com/s/e/notoemoji/15.0/26a0/32.png
MediumKernel The system cannot check the kernel status: "/usr/bin/yum" reported error code "1" when it ended: Error: Failed to download metadata for repo 'MariaDB103': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried alt="?">https://fonts.gstatic.com/s/e/notoemoji/15.0/26a0/32.png
MediumKernel The system cannot check the kernel status: "/usr/bin/yum" reported error code "1" when it ended: If above article doesn't help to resolve this issue please use 0
Please sign in to leave a comment.
Comments
52 comments