Skip to main content

cPanel Security Advisor Issue

Comments

22 comments

  • sktest123
    Below thread will guide you Apache Symlink Protection Advisor
    0
  • Boris Horvat
    not work... i followed guide. fs.enforce_symlinksifowner = 1 fs.symlinkown_gid = 99 added to /etc/sysctl.conf this is results of sysctl -p: sysctl: cannot stat /proc/sys/fs/enforce_symlinksifowner: No such file or directory sysctl: cannot stat /proc/sys/fs/symlinkown_gid: No such file or directory
    0
  • sktest123
    It was for cloulinux based as there are several options for symlink patch, please revert, since you installed gr security patch just enable the settings as mentioned in the advisor just do a sysctl -a | egrep 'symlinksifowner|symlinkown' Will identify the right values reboot is required .
    0
  • Boris Horvat
    sorry but that didnt help... :( ... is it possible to remove/delete/disable this warning or to uninstall that patch?
    0
  • cPanelMichael
    Hello, Please post the output from the following commands:
    cat /usr/local/cpanel/version sysctl -n kernel.grsecurity.symlinkown_gid sysctl -n kernel.grsecurity.enforce_symlinksifowner
    Thank you.
    0
  • Boris Horvat
    [root@server ~]# cat /usr/local/cpanel/version 11.62.0.16 [root@server ~]# sysctl -n kernel.grsecurity.symlinkown_gid sysctl: cannot stat /proc/sys/kernel/grsecurity/symlinkown_gid: No such file or directory [root@server ~]# sysctl -n kernel.grsecurity.enforce_symlinksifowner sysctl: cannot stat /proc/sys/kernel/grsecurity/enforce_symlinksifowner: No such file or directory [root@server ~]#
    0
  • cPanelMichael
    Hello, Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome. Thank you.
    0
  • Boris Horvat
    Support Request ID is: 8292381
    0
  • cPanelMichael
    Hello, Per the ticket, it looks like you were advised to seek out the support from your provider regarding the configuration of your kernel. Could you update us on the outcome of how that went? Thank you.
    0
  • Boris Horvat
    From: OVH Support Hello, Thank you for contacting OVH regarding your custom configuration. This issue is pretty well know by cpanel and you will able able to find solutions on internet or internet forums. I found some information that can help as an start in the cpanel website her e is the link for that: Apache Symlink Protection Advisor
    0
  • cPanelMichael
    Hello, That thread links to: CloudLinux Documentation Were you able to follow the steps in that document, as advised by your provider, to see if the issue persists? Thank you.
    0
  • Boris Horvat
    yes...we follow all steps... whatever we done problem is still present... Your support said that the problem is with OVH custom kernel, and OVH support said that the problem is with CPanel.
    0
  • cPanelMichael
    Hello, Could you respond to your provider to let them know that enabling the settings on the provided document did not help? You can have them open a ticket directly with us if they are unable to troubleshoot the issue further. Thank you.
    0
  • Boris Horvat
    Answer from OVH: It is my pleasure to assist you to have this issue clarify. In case that you are having problems with the custom kernel from OVH. Our support is completely dedicated to the infrastructure of the service, so we wont be able to provide advised on this.
    0
  • cPanelMichael
    Hello, It's possible you have not added to the correct entries to the /etc/sysctl.conf file on the system. Could you let us know the contents of that file? EX:
    cat /etc/sysctl.conf
    The specific entries you need to add are documented at: Grsecurity/Appendix/Grsecurity and PaX Configuration Options - Wikibooks, open books for an open world EX:
    kernel.grsecurity.enforce_symlinksifowner = 1 kernel.grsecurity.symlinkown_gid = 99
    You'd then run the following command:
    sysctl -p
    Thank you.
    0
  • Boris Horvat
    [root@server ~]# cat /etc/sysctl.conf # sysctl settings are defined through files in # /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/. # # Vendors settings live in /usr/lib/sysctl.d/. # To override a whole file, create a new file with the same in # /etc/sysctl.d/ and put new settings there. To override # only specific settings, add a file with a lexically later # name in /etc/sysctl.d/ and put new settings there. # # For more information, see sysctl.conf(5) and sysctl.d(5). # Disable IPv6 autoconf net.ipv6.conf.all.autoconf = 0 net.ipv6.conf.default.autoconf = 0 net.ipv6.conf.eth0.autoconf = 0 net.ipv6.conf.all.accept_ra = 0 net.ipv6.conf.default.accept_ra = 0 net.ipv6.conf.eth0.accept_ra = 0 kernel.enforce_symlinksifowner = 1 kernel.symlinkown_gid = 99[root@server ~]#
    0
  • cPanelMichael
    kernel.enforce_symlinksifowner = 1 kernel.symlinkown_gid = 99

    Try replacing these values with:
    kernel.grsecurity.enforce_symlinksifowner = 1 kernel.grsecurity.symlinkown_gid = 99
    Then run the following command:
    sysctl -p
    Thank you.
    0
  • Boris Horvat
    [root@server ~]# sysctl -p net.ipv6.conf.all.autoconf = 0 net.ipv6.conf.default.autoconf = 0 net.ipv6.conf.eth0.autoconf = 0 net.ipv6.conf.all.accept_ra = 0 net.ipv6.conf.default.accept_ra = 0 net.ipv6.conf.eth0.accept_ra = 0 sysctl: cannot stat /proc/sys/kernel/grsecurity/enforce_symlinksifowner: No such file or directory sysctl: cannot stat /proc/sys/kernel/grsecurity/symlinkown_gid: No such file or directory [root@server ~]#
    0
  • cPanelMichael
    Hello, This is a limitation of the kernel offered by your provider. You may want to contact them to see if it's possible to boot into a stock kernel, or request assistance from additional members of their support team if they are unable to provide you with a reliable answer. Thank you.
    0
  • Boris Horvat
    ok...tnx...
    0
  • jokers
    Hello, I have exactly the same problem Do you had a solution to this problem "Boris Horvat"?
    0
  • cPanelMichael
    Hello, I have exactly the same problem Do you had a solution to this problem "Boris Horvat"?

    I don't see any updates from the user, but here's the latest response regarding this topic if you are facing the same issue: Hello, This is a limitation of the kernel offered by your provider. You may want to contact them to see if it's possible to boot into a stock kernel, or request assistance from additional members of their support team if they are unable to provide you with a reliable answer. Thank you.
    I suggest contacting your provider to see if it's possible to boot into a stock kernel if possible. Thank you.
    0

Please sign in to leave a comment.