cPanel Security Advisor

Start Time: Tue Jan 22 2019 18:26:05 Version: 1.04 Finish Time: Tue Jan 22 2019 18:26:16
Apache vhosts are not segmented or chroot()ed.
Enable “Jail Apache” in the “Tweak Settings” area, and change users to jailshell in the “Manage Shell Access” area. Consider a more robust solution by using “CageFS on CloudLinux”. Note that this may break the ability to access mailman via Apache.
ClamAV is not installed.
Install ClamAV within "Manage Plugins".
Add KernelCare's Free Symlink Protection.
This free patch set protects your system from symlink attacks. Add KernelCare's Free Patch Set. Add KernelCare's Free Symlink Protection. NOTE: This is not the full KernelCare product and service.

You can protect against this in multiple ways. Please review the following documentation to find a solution that is suited to your needs.
The MySQL service is currently configured to listen on all interfaces: (bind-address=*)
Configure bind-address=127.0.0.1 in /etc/my.cnf, or close port 3306 in the server’s firewall.
The system’s core libraries or services have been updated.
Reboot the server to ensure the system benefits from these updates.
Outbound SMTP connections are unrestricted.
Enable SMTP Restrictions in the “SMTP Restrictions” area
Use KernelCare to automate kernel security updates without reboots.
KernelCare provides an easy and effortless way to ensure that your operating system uses the most up-to-date kernel without the need to reboot your server. After you purchase and install KernelCare, you can obtain and install the KernelCare "Extra" Patchset, which includes symlink protection.

Get KernelCare for $3.00/month.

Apache Symlink Protection: mod_ruid2 loaded in Apache
mod_ruid2 is enabled in Apache. To ensure that this aids in protecting from symlink attacks, Jailed Apache needs to be enabled. If this not set properly, you should see an indication in Security Advisor (this page) in the sections for “Apache vhosts are not segmented or chroot()ed” and “Users running outside of the jail”. If those are not present, your users should be properly jailed. Review Symlink Race Condition Protection for further information.
cPHulk Brute Force Protection is enabled.
The system kernel is up-to-date at version “3.10.0-957.1.3.el7.x86_64”.
MySQL test database doesn't exist.
MySQL check for anonymous users
Password strength requirements are strong.
SCGI is disabled, currently using the recommended suEXEC.
The pseudo-user “nobody” is not permitted to send email.
Apache is being queried to determine the actual sender when mail originates from the “nobody” pseudo-user.