Symlink race condition protection
The last 2 errors in the Security Advisor are
1. No symlink protection detected
2. SSH direct root logins are permitted.
For the second one i've limited shhd to my ip address, i disabled user shell access and connect only trough key. Is that a sufficient way or is there better for security?
Now on to my main question. I've read couple of threads here about symlink protection.
I use WHM on CentOS 7. The problem is easy apache 2.2 + mod_ruid2 dosn't support CentOS 7 and Apache 2.4 which is supported doesn't work with mod_ruid2.
Can you help me with ideas how to fix this issue.
Best regards
-
Hello, Now on to my main question. I've read couple of threads here about symlink protection. I use WHM on CentOS 7. The problem is easy apache 2.2 + mod_ruid2 dosn't support CentOS 7 and Apache 2.4 which is supported doesn't work with mod_ruid2.
The following is a list of the preferred solutions: Cloudlinux SecureLinks Cloudlinux CageFS Grsecurity Kernel Symlink Protection LitespeedTech Mod_Ruid2 Note that internal case EA-4430 will allow for the combined use of Mod_Security and Mod_Ruid2/mod_mpm_itk, despite the minor bugs currently associated with using them together.For the second one i've limited shhd to my ip address, i disabled user shell access and connect only trough key. Is that a sufficient way or is there better for security?
That's generally sufficient, but the warning message is suggesting you authenticate as another user first, and then use sudo or su to access "root". Thank you.0 -
Hello, To update, the following case is now published as part of EasyApache 4: 814b990: EA-4632 - Remove mod_mpm_itk and mod_ruid2 conflicts The full change log is documented at: EasyApache 4 Change Log - EasyApache 4 - cPanel Documentation Note the DBM issues persist, but we no longer prevent users from enabling both modules at the same time. Thank you. 0
Please sign in to leave a comment.
Comments
2 comments