Jail Apache or disabled

toplisek

• December 06, 2017 03:05

I like to know if Enable "Jail Apache" and also change users to jailshell in the "Manage Shell Access" area will be better solution and advised as the current setting for users: Disabled Shell.

• 

  cPanelMichael

  • December 06, 2017 16:44

  Hello, No, that option is applied in both cases (jailed shell and disabled shell). There's no need to enable jailed shell access. Thank you.

  0
• 

  toplisek

  • December 06, 2017 19:27

  Security Advisor> mod_ruid2 is enabled in Apache. To ensure that this aids in protecting from symlink attacks, Jailed Apache needs to be enabled. If this not set properly, you should see an indication in Security Advisor (this page) in the sections for "Apache vhosts are not segmented or chroot()ed" and "Users running outside of the jail". Also security issue: Apache vhosts are not segmented or chroot()ed. Enable "Jail Apache" in the Tweak settings and and change users to jailshell. What is actually the correct way in this examples?

  0
• 

  cPanelMichael

  • December 06, 2017 19:32

  Hello, Yes, that's referring to the following option under the "Security" tab in "WHM >> Tweak Settings": EXPERIMENTAL: Jail Apache Virtual Hosts using mod_ruid2 and cPanel" jailshell. Per it's description: If mod_ruid2 is compiled in via EasyApache, mod_ruid2 is enabled, and a user has their shell set to jailshell or noshell, enabling this option will chroot() a user's Apache Virtual Host into the cPanel" jailshell environment. Each user will require 14 bind mounts. While modern Linux supports a very large number of bind mounts, many processes read /proc/mounts (even mkdir on RHEL 5 and CentOS 5). Reading /proc/mounts can be quite expensive when it becomes large. We strongly recommend that you do not exceed 256 jailed users unless you use RHEL, CentOS, or CloudLinux" 6 or higher. Thank you.

  0
• 

  toplisek

  • December 07, 2017 17:48

  So, due to security is the best to disable mod_ruid2 in Apache. 1. What will actually happen when I disable this option? 2. Which command to use to disable this or perform inside WHM?

  0
• 

  cPanelMichael

  • December 08, 2017 19:24

  Hello, Could you elaborate further on how disabling Mod_Ruid2 is better for security? I want to make sure you are correctly understanding the previous responses. Thank you.

  0

Please sign in to leave a comment.