Question
Why does Security Advisor report "Apache vhosts are not segmented or chroot()ed"?
Answer
You will see this notice when your server is not configured to load user sites in a jailed environment. When a server is configured without jailed users, users may have access to data outside of their environment. The notice can be removed by following the procedure below.
Procedure
- Check to see if mod_ruid2 is installed on your server. This can be done from the command line or WHM.
From the command line, run the following command.
rpm -qa|grep mod_ruid2
From WHM:
- Navigate to "Home » Software » EasyApache 4."
- Click the "View all Packaged" button in the "Currently Installed Packages" box.
- Look for "mod_ruid" in the "Apache 2.4" section.
- If mod_ruid2 is not installed, it can be installed from "EasyApache 4" in WHM.
- Navigate to "Home » Software » EasyApache 4."
- Click the "Customize" button in the "Currently Installed Packages" box.
- Click "Apache Modules."
- Enter "mod_ruid2" in the "Search" box.
- Click the toggle to the right of "mod_ruid2."
- Click "Review."
- Click the "Provision" button.
- Navigate to "Home » Server Configuration » Tweak Settings" in WHM.
- Click on the "Security" tab.
- Scroll down to "EXPERIMENTAL: Jail Apache Virtual Hosts using mod_ruid2 and cPanel® jailshell."
- Select the "On" option next to "EXPERIMENTAL: Jail Apache Virtual Hosts using mod_ruid2 and cPanel® jailshell."
- Click the "Save" button.
- Navigate to "Home » Account Functions » Manage Shell Access" in WHM.
- Deselect the "Jailed" and "Disabled" checkboxes.
- Click the "Apply to" button under "Jailed Shell" to change the shell of accounts from Normal to Jailed.
- Click the "OK" button in the "Are you sure?" pop-up.