Apache Symlink Protection: Problems with CloudLinux sysctl settings

Crimpshrine

• September 12, 2025 15:57

When I ran Security Advisor scan in WHM today, it said:

Apache Symlink Protection: Problems with CloudLinux sysctl settings

Your sysctl values appear to not be set appropriately for your Apache configuration. To resolve this, please see the documentation on SecureLinks

But when I check it in terminal it says:

[root@host03 ~]# cldiag --symlinksifowner
Check fs.enforce_symlinksifowner is correctly enabled in sysctl conf: OK: fs.enforce_symlinksifowner = 1
There are 0 errors found.

Is this a false-positive?  I didn't think I saw this when I run the scan last week.

• 

  cPRex Jurassic Moderator

  • September 15, 2025 12:08

  Hey there!  What happens if you run this command instead?  Does that show any issues?

  cldiag --check-symlinkowngid

  0
• 

  Crimpshrine

  • September 15, 2025 15:05
  • Edited

  It says:

  [root@host03 ~]# cldiag --check-symlinkowngid
  Check fs.symlinkown_gid:
      OK: Web-server user is protected by Symlink Owner Match Protection
  
  There are 0 errors found.
  
  

  But then when I ran the Security Advisor scan again this morning, this did not pop up.  I did not do anything over the weekend.

  0
• 

  cPRex Jurassic Moderator

  • September 15, 2025 15:24

  I'm glad to hear it's no longer an issue, but I also don't have a good explanation for that either.  Maybe CloudLinux resolved something over the last few days that caused this?

  0
• 

  Crimpshrine

  • September 15, 2025 16:27

  Thanks.  I do not know exactly what happened, but our server runs updates around 4am everyday so that might have automatically fixed the issue without my knowledge.  Thanks for your assistance.

  0

Please sign in to leave a comment.