cPanel patched Kernel + mod_ruid2 + jailshell and still have a notification of the Bluehost Patch

EneTar

• November 18, 2016 12:36

I used to have Mod_ruid2 + Apache Jailshell enabled and following this Kernel symlink ownership attacks, while Jailshell & mod_ruid2 enabled I'm using the cPanel patched kernel
uname -r 2.6.32-642.6.199.2.cpanel6.x86_64
So currently I have cPanel Patched kernel, mod_ruid2 and jailshell all up and running. The last few days the security advisor showed the Bluhost Patch that is enabled while it dhouldn't be. I contacted my host (Hostgator) and asked them to remove the Bluehost patch and so they did. However the security advisor still shows the respective notice and tells me that the Bluehost patch is active. They opened up a ticket with cpanel describing the situation and here is what we got. "Based off what I understood from the cPanel technician is that they patched the bluehost patch into the apache rpm. In order for the patch to be used however there does need to be some modifications to the apache configuration files that have not been done. From my understanding this is sort of a false positive from the security advisory. "
So what I am asking is the following: Is it a false positive from security advisor and does anybody else experience this?

• 

  cPanelMichael

  • November 18, 2016 20:05

  Hello, This is answered on the following thread: Apache Symlink Protection is enabled Hello, Actually, the message you see in "WHM >> Security Advisor" is a false positive. You can safely ignore the message about the BlueHost patch, as internal case CPANEL-9914 is open to address an issue where Security Advisor falsely detects Bluehost Symlink Patch as "enabled" in EasyApache 4 and causes a false positive. I'll update this thread with more information on the status of this case as it becomes available. Thank you.
  Thank you.

  0

Please sign in to leave a comment.