cPanel patched Kernel + mod_ruid2 + jailshell and still have a notification of the Bluehost Patch

EneTar

Well-Known Member
Dec 19, 2015
157
12
68
Greece
cPanel Access Level
Root Administrator
I used to have Mod_ruid2 + Apache Jailshell enabled and following this Kernel symlink ownership attacks, while Jailshell & mod_ruid2 enabled I'm using the cPanel patched kernel

Code:
uname -r
2.6.32-642.6.199.2.cpanel6.x86_64
So currently I have cPanel Patched kernel, mod_ruid2 and jailshell all up and running. The last few days the security advisor showed the Bluhost Patch that is enabled while it dhouldn't be. I contacted my host (Hostgator) and asked them to remove the Bluehost patch and so they did. However the security advisor still shows the respective notice and tells me that the Bluehost patch is active. They opened up a ticket with cpanel describing the situation and here is what we got.

"Based off what I understood from the cPanel technician is that they patched the bluehost patch into the apache rpm. In order for the patch to be used however there does need to be some modifications to the apache configuration files that have not been done. From my understanding this is sort of a false positive from the security advisory. "
So what I am asking is the following: Is it a false positive from security advisor and does anybody else experience this?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,245
463
Hello,

This is answered on the following thread:

Apache Symlink Protection is enabled

Hello,

Actually, the message you see in "WHM >> Security Advisor" is a false positive. You can safely ignore the message about the BlueHost patch, as internal case CPANEL-9914 is open to address an issue where Security Advisor falsely detects Bluehost Symlink Patch as "enabled" in EasyApache 4 and causes a false positive. I'll update this thread with more information on the status of this case as it becomes available.

Thank you.
Thank you.