Apache Symlink Protection is enabled

Hello,

Documentation on the available options for symlink protection is available at:

Symlink Race Condition Protection - EasyApache - cPanel Documentation

It notes the following downsides for the BlueHost patch:

I recommend disabling that option in EasyApache since already have "EXPERIMENTAL: Jailshell Virtual Hosts" and Mod_Ruid2 enabled.

Thank you.

 

Hello,

Information about symlink race protection with EasyApache 4 is discussed at:

EasyApache4 symlink race protection

Thank you.

 

Hello,

Actually, the message you see in "WHM >> Security Advisor" is a false positive. You can safely ignore the message about the BlueHost patch, as internal case CPANEL-9914 is open to address an issue where Security Advisor falsely detects Bluehost Symlink Patch as "enabled" in EasyApache 4 and causes a false positive. I'll update this thread with more information on the status of this case as it becomes available.

Thank you.

 

Hello,

To update, this issue was addressed with the following changes in Security Advisor:

Pull Request #54 · CpanelInc/addon_securityadvisor · GitHub

CPANEL-9952 was included with cPanel version 60.0.26 to ensure Security Advisor is updated to include the most recent changes referenced on it's GitHub page:

Fixed case CPANEL-9952: Update Security Advisor to the latest version.

It's also scheduled for inclusion with cPanel version 58 during the next update to that build.

Thank you.

 

You won't see a new Security Advisor version number each time it's updated to include recent commits with bug resolutions or assessor changes. You can see it matches the value from addon_securityadvisor/Advisor.pm at master · CpanelInc/addon_securityadvisor · GitHub:

Code:

our $VERSION = 1.04;

Do you see the same message regarding the BlueHost patch when running a new scan in Security Advisor?

Thank you.