Start Time: Fri Oct 23 2015 17:12:24 GMT+0500 (Pakistan Standard Time) Version: 1.03 Finish Time: Fri Oct 23 2015 17:12:44 GMT+0500 (Pakistan Standard Time)
Apache vhosts are not segmented or chroot()ed.
Enable “Jail Apache” in the “Tweak Settings” area, and change users to jailshell in the “Manage Shell Access” area. Consider a more robust solution by using “CageFS on CloudLinux
No symlink protection detected
You do not appear to have any symlink protection enabled on this server. You can protect against this in multiple ways. Please review the following documentation to find a solution that is suited to your needs.
ClamAV is not installed.
Install ClamAV within "Manage Plugins".
Current kernel version does not match the kernel version for boot. running kernel: 3.10.0-229.1.2.el7.x86_64, boot kernel:
Reboot the system in the "Graceful Server Reboot" area. Check the boot configuration in grub.conf if the new kernel is not loaded after a reboot.
SSH password authentication is enabled.
Disable SSH password authentication in the “SSH Password Authorization Tweak” area
SSH direct root logins are permitted.
Manually edit /etc/ssh/sshd_config and change PermitRootLogin to “no”, then restart SSH in the “Restart SSH” area
The pseudo-user “nobody” is permitted to send email.
Enable “Prevent "nobody" from sending mail” in the “Tweak Settings” area
EasyApache3 has updates available.
EasyApache3 needs to be run periodically to update Apache, PHP and other public server functionality to the latest versions. Updates to EasyApache3 often fix security vulnernabilities in this software.
Users running outside of the jail: example.
Change these users to jailshell or noshell in the “Manage Shell Access” area.
Password strength requirements are low.
Configure a Default Password Strength of at least 50 in the “Password Strength Configuration” area
cPHulk Brute Force Protection is enabled.
Entropy Chat is disabled.
MySQL test database doesn't exist.
MySQL check for anonymous users
Current SSH version is up to date: 6.6.1p1-12.el7_1
SCGI is disabled, currently using the recommended suEXEC.
Outbound SMTP connections are restricted.
Apache is being queried to determine the actual sender when mail originates from the “nobody” pseudo-user.