Apache Symlink Protection: CloudLinux CageFS is installed but not currently running

[FastHive]

Hello,

I get the following warning in cPanel's Security Advisor.

"Apache Symlink Protection: CloudLinux CageFS is installed but not currently runningCageFS appears to be installed but is not currently running. CageFS adds filesystem level security to your users by isolating their filesystems from each other and many other parts of the system. You can start CageFS at the command line with “/etc/init.d/cagefs start”. For further information, see the CageFS Documentation."

When I try to run the command I get '-bash: /etc/init.d/cagefs: No such file or directory'

Any Ideas ?

Best Regards.

 

[SysSachin]

Can you please try with following command.

yum install cagefs

/usr/sbin/cagefsctl --init

OR
/usr/sbin/cagefsctl --reinit

And Enable cagefs for all accounts.

/usr/sbin/cagefsctl --enable-all

 

[ChrisI]

Hello!

There is a known issue with Cloudlinux 7 and the Security Advisor that causes the message that you showed. That is open as internal case CPANEL-9923, which has been marked as resolved in cPanel 62. Can you verify that you are running Cloudlinux 7 and cPanel 60 or below?

Thanks!

 

[BizzHost]

WHM has been updated to WHM 62.0 (build 7), however this issue persists.

Apache Symlink Protection: CloudLinux CageFS is installed but not currently runningCageFS appears to be installed but is not currently running. CageFS adds filesystem level security to your users by isolating their filesystems from each other and many other parts of the system.

 

[cPanelMichael]

WHM has been updated to WHM 62.0 (build 7), however this issue persists.

Apache Symlink Protection: CloudLinux CageFS is installed but not currently runningCageFS appears to be installed but is not currently running. CageFS adds filesystem level security to your users by isolating their filesystems from each other and many other parts of the system.

Hello,

An additional case, CPANEL-10580, is open to address the issue where Security Advisor still reports that CageFS is not running on CloudLinux 7 systems. I'll update this thread with more information on the status of this case as it becomes available.

Thank you.

 

[diWhile1]

Useful discussions, the message persists even in CL7 + 62.0.10 version

 

[ChrisI]

Hello!

Case CPANEL-10580 is still currently open so there is no fix for that out yet. I would recommend keeping an eye on our changelog here for when that case is pushed out.

Change Logs - Change Logs - cPanel Documentation

Thanks!

 

[m0rpheu5]

I´m having the same issue, i´m using Cloudlinux 7.3, with cPane/WHM 62.0 (build 17), and on my Security Advisor i´m receiving this information:

Apache Symlink Protection: CloudLinux CageFS is installed but not currently runningCageFS appears to be installed but is not currently running. CageFS adds filesystem level security to your users by isolating their filesystems from each other and many other parts of the system. For further information, see the CageFS Documentation.

Can i do anything to resolve this?

 

[cPanelMichael]

Can i do anything to resolve this?

Hello,

This is a false positive, as the resolution stemming from CPANEL-10580 is not yet published to cPanel version 62. I'll update this thread once we've published a new Security Advisor build to cPanel 62.

Thank you.

 

[m0rpheu5]

Ok, thanks

 

[Kikloo]

When this will be fixed ???

 

[cPanelMichael]

When this will be fixed ???

Hello @Kikloo,

The most recent version of Security Advisor was published to cPanel version 64:

Fixed cases CPANEL-11799,CPANEL-11794: Update Security Advisor to the latest version.

I don't have a specific time frame to offer on when a cPanel version 62 build will include the most recent Security Advisor changes, but I'll update this thread again once that happens. In the meantime, you could try manually updating Security Advisor on your system per the instructions under "Installation" at:

GitHub - CpanelInc/addon_securityadvisor: Security Advisor for cPanel 11.40 and later (canonical upstream repo)

Thank you.

Update: cPanel 64 is now published to the "Release" build tier and should address this issue.