cPanel Security Advisor Questions

AdamDresch

• February 25, 2014 07:23

I'm running a VPS using OpenVZ and I too get the Kernel unknown message Unable to determine kernel version Ensure that yum and rpm are working on your system. Yum update doesn't find any updated kernels, so I assume..it's ok to ignore it? [COLOR="silver">- - - Updated - - - Another bit of feedback, I get this in the security advisory: Enable "Jail Apache" in the "Tweak Settings" area, and change users to jailshell in the "Manage Shell Access" area I actually have Apache running in Prefork with FastCGI, rather than RUID 2, because it still says "Experimental". But I also have all users Shell access set to disabled So wouldn't it be better to accept such a setup as secure/aok?

• 

  cPanelMichael

  • February 25, 2014 18:13

  Hello :) 1. Could you let us know the output of "uname -a" so we can see which kernel you are running? 2. The Security Advisor is intended to offer guidelines, but if you have an existing solution that works better for your own preferences then it's okay to ignore the warning. Thank you.

  0
• 

  quizknows

  • February 25, 2014 19:43

  A lot of times on VZ systems the kernel modules are managed by the parent server and not your virtual server. Prefork/FCGI is fine, just make sure you're using some sort of cross-account symlink protection if you're hosting multiple domains. Since you're not using SuPHP I'd recommend the rack911 patch as opposed to the EasyApache "Symlink race condition protection" patch. The reason for this is that the EA patch checks ownership of every file it serves, and if you're not using SuPHP, the server might refuse to serve "nobody" owned files which would be created when web applications upload or update files. The Rack911 patch, while not perfect, is usually good enough and works with any PHP handler.

  0

Please sign in to leave a comment.