The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Case 72109] Jail Apache Virtual Hosts using mod_ruid2 and cPanel jailshell Error

Discussion in 'Security' started by Evolve, Jul 24, 2013.

  1. Evolve

    Evolve Well-Known Member

    Joined:
    Jan 31, 2007
    Messages:
    47
    Likes Received:
    0
    Trophy Points:
    6
    Hello,

    I decided to switch over to mod_ruid2 and jailshell last night from suPHP. I went through all of my php.ini and htaccess files and had everything working before trying to enable Jail Apache Virtual Hosts. When I try to enable it I get the following error when trying to enable or disable the feature:
    It's blank after the colon.

    When I try to visit some of the sites i'm hosting some work and some don't. I get a 404 not found on some and 403 forbidden on others. Any ideas?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Check to see if the following option is enabled under the "Domains" tab in "WHM Home » Server Configuration » Tweak Settings":

    "Thunderbird and Outlook autodiscover and autoconfig support (enables proxy subdomain and SRV record creation)"

    If it's not enabled, try enabling it and clicking on "Save" to see if the "Tweak Settings" page is able to update. If it does, you can go back in and disable this setting again.

    As far as the 404 errors, those are not likely related to this error. Check the Apache error log (/usr/local/apache/logs/error_log) for the specific error message when browsing these websites.

    Thank you.
     
  3. Evolve

    Evolve Well-Known Member

    Joined:
    Jan 31, 2007
    Messages:
    47
    Likes Received:
    0
    Trophy Points:
    6
    Hi Michael,

    I tried changing the setting for "Thunderbird and Outlook..." just to see if it would work and it gave me another error:
    It was not enabled when i went back into Tweak setting so I tried enabling it again and it seemed to work fine. Not sure what happened there.

    In my error log i'm seeing:
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Check the permissions/ownership values on the public_html directory and the .htaccess file itself:

    Code:
    stat /home/username/public_html
    stat /home/username/public_html/.htaccess
    Ensure they match the standard permissions/ownership values that are used on other accounts.

    Thank you.
     
  5. Evolve

    Evolve Well-Known Member

    Joined:
    Jan 31, 2007
    Messages:
    47
    Likes Received:
    0
    Trophy Points:
    6
    Hi Michael,

    I took a look through a few of the accounts that had those errors and they appear to have the same settings as when they were under suPHP.

    public_html = 750 and the account owns it
    .htaccess = 640 and the account owns it

    I don't want to enable it again during the day and take my clients websites offline.

    I also found errors like this when jailshell was enabled:
    I should probably mention i'm on CentOS 5.9 but I only have around 40 accounts.
     
    #5 Evolve, Jul 24, 2013
    Last edited: Jul 24, 2013
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Please open a support ticket if you would like us to take a closer look:

    Submit A Ticket

    You can post the ticket number here and we can update this thread with the outcome.

    Thank you.
     
  7. Evolve

    Evolve Well-Known Member

    Joined:
    Jan 31, 2007
    Messages:
    47
    Likes Received:
    0
    Trophy Points:
    6
    Ticket # 4302737
     
  8. Evolve

    Evolve Well-Known Member

    Joined:
    Jan 31, 2007
    Messages:
    47
    Likes Received:
    0
    Trophy Points:
    6
    It looks like this is a known bug for cPanel and it is being worked on.

    Even though the fix was easy enough to implement I ultimately decided to go back to suPHP and just install the Symlink Race Condition Protection patch through EasyApache so I could continue using mod_security. I look forward to the day when mod_ruid2 is more robust. I'll miss those low load averages I had for such a brief amount of time =P

    Thanks for your help Michael.
     
    #8 Evolve, Jul 24, 2013
    Last edited: Jul 24, 2013
  9. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Proabably a good call. Running without modsecurity is ridiculous, no way I'll use mod_ruid2 in production until that's worked out. I literally cannot afford to run servers without modsecurity. I've gotten them to work together for the most part, but with settings I'm not really proud of.
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    A resolution for case 72109 was implemented with cPanel version 11.38.2.0. This version is currently available in the "Current" build tier, and will work it's way down to the other build tiers over time per standard protocol. The change log is available at:

    cPanel - Change Log

    Thank you.
     
  11. grayloon

    grayloon Well-Known Member

    Joined:
    Oct 31, 2007
    Messages:
    98
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Evansville, IN
    cPanel Access Level:
    Root Administrator
    Twitter:
    Isn't there a huge performance impact with mod_security?
     
  12. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    It pretty well breaks ModSecurity. It's listed as incompatible in this information:

    Apache Module: Ruid2

    Until mod_ruid2 playes nicely with ModSecurity, there's absolutely no way I'd consider using ruid2. I have gotten it to work, but you have to make the logs world writeable so multiple UID's can write to them (among other "tweaks"), which is a huge step backwards and not something I'd advise. I had to in that case to defend a DoS attack against a server already running mod_ruid2.

    Personally, I lean toward cloudlinux with cagefs and securelinks on, and SuPHP. A lot friendlier and secure enough for most shared hosting applications.
     
Loading...

Share This Page