Apache Symlink Protection

jackaldu

• July 25, 2014 05:00

In security advisor i got this message [QUOTE]Apache Symlink Protection: mod_ruid2 loaded in Apache mod_ruid2 is enabled in Apache. To ensure that this aids in protecting from symlink attacks, Jailed Apache needs to be enabled. If this not set properly, you should see an indication in Security Advisor (this page) in the sections for "Apache vhosts are not segmented or chroot()ed" and "Users running outside of the jail". If those are not present, your users should be properly jailed. Review Symlink Race Condition Protection for further information.
Should i change something more if i installed mod_ruid2 and enabled it ?

• 

  Infopro

  • July 25, 2014 10:40

  You may find this thread useful: Symlink Protection Advisory - cPanel Forums If not, there are more just like it available on these forums.

  0
• 

  jackaldu

  • July 25, 2014 12:32

  Thank you but i didn't find the answer to my question there.

  0
• 

  cPanelMichael

  • July 25, 2014 17:10

  It's telling you to browse to "WHM Home " Server Configuration " Tweak Settings" and enable the following option under the "Security" tab: EXPERIMENTAL: Jail Apache Virtual Hosts using mod_ruid2 and cPanel" jailshell. Thank you.

  0

Please sign in to leave a comment.