Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Apache Symlink Protection is enabled

Discussion in 'General Discussion' started by Nirjonadda, Nov 18, 2016.

  1. Nirjonadda

    Nirjonadda Well-Known Member

    Joined:
    May 8, 2013
    Messages:
    418
    Likes Received:
    10
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I am getting error via Security Advisor. Also enabled jailshell and EXPERIMENTAL: Jailshell Virtual Hosts using mod_ruid2 but this error still are showing. Please let me know, How to fixing on this issue?

    Code:
    Apache Symlink Protection: the Bluehost provided Apache patch is in effect
    
        It appears that the Bluehost provided Apache patch is being used to provide symlink protection. This is less than optimal.
    I am using EasyApache 4
     

    Attached Files:

  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Documentation on the available options for symlink protection is available at:

    Symlink Race Condition Protection - EasyApache - cPanel Documentation

    It notes the following downsides for the BlueHost patch:

    I recommend disabling that option in EasyApache since already have "EXPERIMENTAL: Jailshell Virtual Hosts" and Mod_Ruid2 enabled.

    Thank you.
     
  3. Nirjonadda

    Nirjonadda Well-Known Member

    Joined:
    May 8, 2013
    Messages:
    418
    Likes Received:
    10
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    How to disabling Symlink Race Condition via EasyApache 4?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
  5. Nirjonadda

    Nirjonadda Well-Known Member

    Joined:
    May 8, 2013
    Messages:
    418
    Likes Received:
    10
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Then in Apache Configuration, Global Configuration. Under Directory “/” Options, disable FollowSymLinks and enable SymLinksIfOwnerMatch for disabling Symlink Race Condition Protection? I have enabled jailshell and EXPERIMENTAL: Jailshell Virtual Hosts using mod_ruid2. If not include the symlink protection patch in EasyApache 4 then why cPanel Security Advisor show me that i am using Apache Symlink Protection: the Bluehost provided Apache patch is in effect?
     
    #5 Nirjonadda, Nov 18, 2016
    Last edited: Nov 18, 2016
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Actually, the message you see in "WHM >> Security Advisor" is a false positive. You can safely ignore the message about the BlueHost patch, as internal case CPANEL-9914 is open to address an issue where Security Advisor falsely detects Bluehost Symlink Patch as "enabled" in EasyApache 4 and causes a false positive. I'll update this thread with more information on the status of this case as it becomes available.

    Thank you.
     
  7. Duplika

    Duplika Well-Known Member

    Joined:
    Feb 26, 2005
    Messages:
    56
    Likes Received:
    0
    Trophy Points:
    156
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    Great Michael, hopefully we don't need to migrate back to EasyApache 3 to disable this warning.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    To update, this issue was addressed with the following changes in Security Advisor:

    Pull Request #54 · CpanelInc/addon_securityadvisor · GitHub

    CPANEL-9952 was included with cPanel version 60.0.26 to ensure Security Advisor is updated to include the most recent changes referenced on it's GitHub page:

    Fixed case CPANEL-9952: Update Security Advisor to the latest version.

    It's also scheduled for inclusion with cPanel version 58 during the next update to that build.

    Thank you.
     
  9. Nirjonadda

    Nirjonadda Well-Known Member

    Joined:
    May 8, 2013
    Messages:
    418
    Likes Received:
    10
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Still Security Advisor Version: 1.04
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,427
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    You won't see a new Security Advisor version number each time it's updated to include recent commits with bug resolutions or assessor changes. You can see it matches the value from addon_securityadvisor/Advisor.pm at master · CpanelInc/addon_securityadvisor · GitHub:

    Code:
    our $VERSION = 1.04;
    Do you see the same message regarding the BlueHost patch when running a new scan in Security Advisor?

    Thank you.
     
  11. Nirjonadda

    Nirjonadda Well-Known Member

    Joined:
    May 8, 2013
    Messages:
    418
    Likes Received:
    10
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    No ... :-D:-D:-D
     
    cPanelMichael likes this.
Loading...

Share This Page