Apache Symlink Protection is enabled
I am getting error via Security Advisor. Also enabled jailshell and EXPERIMENTAL: Jailshell Virtual Hosts using mod_ruid2 but this error still are showing. Please let me know, How to fixing on this issue?
I am using EasyApache 4
Apache Symlink Protection: the Bluehost provided Apache patch is in effect
It appears that the Bluehost provided Apache patch is being used to provide symlink protection. This is less than optimal.I am using EasyApache 4
-
Hello, Documentation on the available options for symlink protection is available at: Symlink Race Condition Protection - EasyApache - cPanel Documentation It notes the following downsides for the BlueHost patch: [LIST] - Protection from this patch is not as good as a kernel-level or a filesystem-level solution.
- This patch may slow the performance of high-traffic servers.
- Incompatible with Mailman.
- Incompatible with CGI Center apps.
I recommend disabling that option in EasyApache since already have "EXPERIMENTAL: Jailshell Virtual Hosts" and Mod_Ruid2 enabled. Thank you.0 -
Hello, Documentation on the available options for symlink protection is available at:
How to disabling Symlink Race Condition via EasyApache 4?0 -
Hello, Information about symlink race protection with EasyApache 4 is discussed at: EasyApache4 symlink race protection Thank you. 0 -
Hello, Information about symlink race protection with EasyApache 4 is discussed at: EasyApache4 symlink race protection Thank you.
Then in Apache Configuration, Global Configuration. Under Directory "/" Options, disable FollowSymLinks and enable SymLinksIfOwnerMatch for disabling Symlink Race Condition Protection? I have enabled jailshell and EXPERIMENTAL: Jailshell Virtual Hosts using mod_ruid2. If not include the symlink protection patch in EasyApache 4 then why cPanel Security Advisor show me that i am using Apache Symlink Protection: the Bluehost provided Apache patch is in effect?0 -
Hello, Actually, the message you see in "WHM >> Security Advisor" is a false positive. You can safely ignore the message about the BlueHost patch, as internal case CPANEL-9914 is open to address an issue where Security Advisor falsely detects Bluehost Symlink Patch as "enabled" in EasyApache 4 and causes a false positive. I'll update this thread with more information on the status of this case as it becomes available. Thank you. 0 -
Great Michael, hopefully we don't need to migrate back to EasyApache 3 to disable this warning. 0 -
Hello, To update, this issue was addressed with the following changes in Security Advisor: Pull Request #54 " CpanelInc/addon_securityadvisor " GitHub CPANEL-9952 was included with cPanel version 60.0.26 to ensure Security Advisor is updated to include the most recent changes referenced on it's GitHub page: Fixed case CPANEL-9952: Update Security Advisor to the latest version. It's also scheduled for inclusion with cPanel version 58 during the next update to that build. Thank you. 0 -
Fixed case CPANEL-9952: Update Security Advisor to the latest version.
Still Security Advisor Version: 1.040 -
Still Security Advisor Version: 1.04
You won't see a new Security Advisor version number each time it's updated to include recent commits with bug resolutions or assessor changes. You can see it matches the value from addon_securityadvisor/Advisor.pm at master " CpanelInc/addon_securityadvisor " GitHub:our $VERSION = 1.04;
Do you see the same message regarding the BlueHost patch when running a new scan in Security Advisor? Thank you.0 -
Do you see the same message regarding the BlueHost patch when running a new scan in Security Advisor?
No ... :-D:-D:-D0
Please sign in to leave a comment.
Comments
10 comments