Apache Symlink Protection False positive?
Hello, on my new VPS ( mochahost cPanel v70.0.48) In Home "Security Center "Security Advisor I can see this message:
[QUOTE]Kernel does not support the prevention of symlink ownership attacks.You do not appear to have any symlink protection enabled through a properly patched kernel on this server, which provides additional protections beyond those solutions employed in userland. Please review
[QUOTE]Apache Symlink Protection: the Bluehost provided Apache patch is in effect It appears that the Bluehost provided Apache patch is being used to provide symlink protection. This is less than optimal. Please review
-
Hi @Skin Can you please run the following via SSH on your server? kcarectl --patch-info
uname -r
0 -
Hello, here is the result: root@vps [~]# kcarectl --patch-info -bash: kcarectl: command not found root@vps [~]# uname -r 2.6.32-042stab128.2
Thanks P.S is an OpenVZ VPS0 -
Hello, In that case you can request that your provider give you the output. The command needs to be run on the host node as it'd be the only way to determine if it's actually protected. Thanks! 0
Please sign in to leave a comment.
Comments
3 comments