Security Advisor shows mysql bind warning after removing csf and running imunify360 stand alone
Now that csf is EOL I am running imunify360 standalone. Once I removed csf I am now getting a security advisor notification that is deceiving, and I think this is a false positive which I will explain. I see there is an internal cpanel ticket on this CPANEL-48877 but I would like to know when that will be updated or a fix released?
Since CSF is EOL many companies are probably going to be switching to imnify360 and this is going to come up a lot so I wanted to get this in a post for discussion.
my.cnf on my server was always configured to (bind-address=*) and with csf I never had an issue with security advisor so there must have been some integration with csf and security advisor.
With imunify360 I have the firewall ports set to "all close except" AND 33306 is NOT listed so I would assume that should be secure and the same as csf since I migrated all the settings to imunify360.
Now there is a workaround cpanel posted that will NOT work in my case because I have two accounts the need to access their database remotely. if I were to change my.cnf to bind-address=127.0.0.1 then my two accounts that need remote will not be able to access anymore.
The security advisor in this case looks to be a false positive and I would like to know what the recommendation is from cpanel at this stage?
cPanel please update us all to the internal case CPANEL-48877.
Has anyone else had this issue and handled it differently?
Should I be concerned about security in my current state as I explained?
-
Hey there! I'm not seeing any updates on CPANEL-48877 at this time, so I don't have anything to report there.
So currently Imunify is telling you that port 3306 is open to the public when it's not, is that what's happening here?
I'm assuming the workaround you're referring to is this one, correct? https://support.cpanel.net/hc/en-us/articles/360051220893-Security-Advisor-shows-the-warning-The-MySQL-service-is-currently-configured-to-listen-on-all-interfaces
The easiest way to check things would be with a tool like "telnet" or "nc" from a remote system to see is port 3306 is accessible on the server in question.
0 -
So currently Imunify is telling you that port 3306 is open to the public when it's not, is that what's happening here?
==Yes that is the issue.
I'm assuming the workaround you're referring to is this one, correct? https://support.cpanel.net/hc/en-us/articles/360051220893-Security-Advisor-shows-the-warning-The-MySQL-service-is-currently-configured-to-listen-on-all-interfaces
==yes that is the article I am referring to as the workaround that does not work when you need to allow remote connections and have the firewall handle the block.
The easiest way to check things would be with a tool like "telnet" or "nc" from a remote system to see is port 3306 is accessible on the server in question.
==already did this and the port 3306 is verified closed.
I had a ticket opened on this #95796124 and it was verified by cpanel that this is a false positive. I had imunify reach out to cpanel and imunify verified with cpanel it is a false positive.
Now that it is all verified as a false positive, the internal case CPANEL-48877 should be pushed to the front of the line. I would expect many companies will be moving to imunify360 and this will continue to come up. the security advisor was integrated with CSF and reported closed on 3306 so I would assume it security advisor can be tweaked / integrated with imunify360 a bit tighter.
0 -
I'm glad we were able to confirm that it is a false positive. I went ahead and linked that ticket to the case case as well for visibility.
0
Please sign in to leave a comment.
Comments
3 comments