cPanel error logs
When I look at my cPanel logs I get the following but I'm not sure where to start.
Under server check I see the following:
Check for cxs
Under SSH/Telnet Check:
Check SSH UseDNS
Mail check:
Check root forwarder
PHP Check:
Check php version
Check php for disable_functions
WHM Settings Check:
Check popbeforesmtp is disabled
Check Reset Password for cPanel accounts
Check proxy subdomains
Check accounts that can access a cPanel user
Check nameservers
Server Services Check:
Check server startup for portreserve
1 Reply
I'm going to go message by message to see if we can these log messages sorted out.
Check for CXS:
CXS is a third party security software you can use to check for malware and things of that nature. You should consider using cxs to scan webscript and ftp uploads and user accounts for exploits uploaded to the server
I would advise taking a look at cPanel's security document as it outlines various tools you can use to keep your system secure: Additional Security Software Once you have one of those installed you can scan your system to make sure there aren't any vulnerabilities uploaded to your server.
Check ssh useDNS:
This line is referencing hardening your security. You should disable UseDNS by editing /etc/ssh/sshd_config and setting: UseDNS no. Otherwise lfd will be unable to track SSHD login failures successfully as the log files will not report IP addresses.
cPanel has an excellent guide in regards to securing SSH which will walk you through the process: How to Secure SSH
Check root forwarder:
The root account should have a forwarder set so that you receive essential email from your server.
You can edit your mail preferences by following the guide found here:Edit System Mail Preferences
Check php version:
Any version of PHP older than v5.6 is now obsolete and should be considered a security threat.
If you'd like to update your PHP you can follow this guide to get that on the newest version: How do I update the instance of PHP that cPanel uses?
Check php for disable_functions
:
You should consider disabling commonly abused php functions, e.g.
disable_functions = show_source, system, shell_exec, passthru, exec, open, proc_open
To disable these functions you will edit your php.ini files. To do that you can follow this guide from the cPanel documentation site. How to edit your php.ini file
Check popbeforesmtp is disabled:
Using pop before smtp is considered a security risk, SMTP AUTH should be used instead. You can change your security settings within WHM - Tweak Settings section.
I'd recommend checking out cPanel's Recommended Security Settings for more help on configuring this.
Check reset password for cPanel accounts:
This poses a potential security risk and should be disabled unless necessary. You will use the same security link to make these changes.
I'd recommend following cPanel's recommended security settings as outlined in this guide: Recommended Security Settings
Checking proxy subdomains:
This option can mask a users real IP address and hinder security. WHM advises disabling this as well.
That information can also be updated in cPanel's Recommended Security Settings.
Check accounts that can access a cPanel user:
WHM advises setting this option to user after use. You can do this from the tweak settings section as well.
This error is also covered in the cPanel Recommended Security Settings guide.
Check nameservers:
This signifies that your nameservers are not resolving
The Resolver Configuration interface allows you to use a configuration wizard to edit the /etc/resolv.conf file. This file contains the nameservers that your server queries to resolve domain names into IPv4 or IPv6 addresses.
Check server startup for portreserve:
On most servers port serve is not needed and should be stopped and disabled from starting if it is not required. This service is currently enabled in init and can usually be disabled using:
Service port serve stop
Chkconfig port serve off
I'd recommend running those two commands as shown.
I hope this helps!