not work...
i followed guide.
fs.enforce_symlinksifowner = 1
fs.symlinkown_gid = 99
added to /etc/sysctl.conf
this is results of sysctl -p:
sysctl: cannot stat /proc/sys/fs/enforce_symlinksifowner: No such file or directory
sysctl: cannot stat /proc/sys/fs/symlinkown_gid: No such file or directory
i followed guide.
fs.enforce_symlinksifowner = 1
fs.symlinkown_gid = 99
added to /etc/sysctl.conf
this is results of sysctl -p:
sysctl: cannot stat /proc/sys/fs/enforce_symlinksifowner: No such file or directory
sysctl: cannot stat /proc/sys/fs/symlinkown_gid: No such file or directory
It was for cloulinux based as there are several options for symlink patch , please revert , since you installed gr security patch just enable the settings as mentioned in the advisor just do a
sysctl -a | egrep 'symlinksifowner|symlinkown'
Will identify the right values
reboot is required .
sysctl -a | egrep 'symlinksifowner|symlinkown'
Will identify the right values
reboot is required .
sorry but that didnt help... 
... is it possible to remove/delete/disable this warning or to uninstall that patch?
... is it possible to remove/delete/disable this warning or to uninstall that patch?
Hello,
Please post the output from the following commands:
Thank you.
Please post the output from the following commands:
Code:
cat /usr/local/cpanel/version
sysctl -n kernel.grsecurity.symlinkown_gid
sysctl -n kernel.grsecurity.enforce_symlinksifowner[[email protected] ~]# cat /usr/local/cpanel/version
11.62.0.16
[[email protected] ~]# sysctl -n kernel.grsecurity.symlinkown_gid
sysctl: cannot stat /proc/sys/kernel/grsecurity/symlinkown_gid: No such file or directory
[[email protected] ~]# sysctl -n kernel.grsecurity.enforce_symlinksifowner
sysctl: cannot stat /proc/sys/kernel/grsecurity/enforce_symlinksifowner: No such file or directory
[[email protected] ~]#
11.62.0.16
[[email protected] ~]# sysctl -n kernel.grsecurity.symlinkown_gid
sysctl: cannot stat /proc/sys/kernel/grsecurity/symlinkown_gid: No such file or directory
[[email protected] ~]# sysctl -n kernel.grsecurity.enforce_symlinksifowner
sysctl: cannot stat /proc/sys/kernel/grsecurity/enforce_symlinksifowner: No such file or directory
[[email protected] ~]#
Hello,
Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.
Thank you.
Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.
Thank you.
Hello,
Per the ticket, it looks like you were advised to seek out the support from your provider regarding the configuration of your kernel. Could you update us on the outcome of how that went?
Thank you.
Per the ticket, it looks like you were advised to seek out the support from your provider regarding the configuration of your kernel. Could you update us on the outcome of how that went?
Thank you.
From: OVH Support
Hello,
Thank you for contacting OVH regarding your custom configuration.
This issue is pretty well know by cpanel and you
will able able to find solutions on internet or internet forums. I found some
information that can help as an start in the cpanel website her e is the link
for that:
Apache Symlink Protection Advisor
Hello,
Thank you for contacting OVH regarding your custom configuration.
This issue is pretty well know by cpanel and you
will able able to find solutions on internet or internet forums. I found some
information that can help as an start in the cpanel website her e is the link
for that:
Apache Symlink Protection Advisor
Hello,
That thread links to:
CloudLinux Documentation
Were you able to follow the steps in that document, as advised by your provider, to see if the issue persists?
Thank you.
That thread links to:
CloudLinux Documentation
Were you able to follow the steps in that document, as advised by your provider, to see if the issue persists?
Thank you.
yes...we follow all steps... whatever we done problem is still present...
Your support said that the problem is with OVH custom kernel, and OVH support said that the problem is with CPanel.
Your support said that the problem is with OVH custom kernel, and OVH support said that the problem is with CPanel.
Last edited by a moderator:
Hello,
Could you respond to your provider to let them know that enabling the settings on the provided document did not help? You can have them open a ticket directly with us if they are unable to troubleshoot the issue further.
Thank you.
Could you respond to your provider to let them know that enabling the settings on the provided document did not help? You can have them open a ticket directly with us if they are unable to troubleshoot the issue further.
Thank you.
Answer from OVH:
It is my pleasure to assist you to have this issue clarify. In case that you
are having problems with the custom kernel from OVH. Our support is completely
dedicated to the infrastructure of the service, so we wont be able to provide
advised on this.
It is my pleasure to assist you to have this issue clarify. In case that you
are having problems with the custom kernel from OVH. Our support is completely
dedicated to the infrastructure of the service, so we wont be able to provide
advised on this.
Hello,
It's possible you have not added to the correct entries to the /etc/sysctl.conf file on the system. Could you let us know the contents of that file? EX:
The specific entries you need to add are documented at:
Grsecurity/Appendix/Grsecurity and PaX Configuration Options - Wikibooks, open books for an open world
EX:
You'd then run the following command:
Thank you.
It's possible you have not added to the correct entries to the /etc/sysctl.conf file on the system. Could you let us know the contents of that file? EX:
Code:
cat /etc/sysctl.confGrsecurity/Appendix/Grsecurity and PaX Configuration Options - Wikibooks, open books for an open world
EX:
Code:
kernel.grsecurity.enforce_symlinksifowner = 1
kernel.grsecurity.symlinkown_gid = 99
Code:
sysctl -p[[email protected] ~]# cat /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
# Disable IPv6 autoconf
net.ipv6.conf.all.autoconf = 0
net.ipv6.conf.default.autoconf = 0
net.ipv6.conf.eth0.autoconf = 0
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.default.accept_ra = 0
net.ipv6.conf.eth0.accept_ra = 0
kernel.enforce_symlinksifowner = 1
kernel.symlinkown_gid = 99[[email protected] ~]#
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
# Disable IPv6 autoconf
net.ipv6.conf.all.autoconf = 0
net.ipv6.conf.default.autoconf = 0
net.ipv6.conf.eth0.autoconf = 0
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.default.accept_ra = 0
net.ipv6.conf.eth0.accept_ra = 0
kernel.enforce_symlinksifowner = 1
kernel.symlinkown_gid = 99[[email protected] ~]#
Try replacing these values with:
Code:
kernel.grsecurity.enforce_symlinksifowner = 1
kernel.grsecurity.symlinkown_gid = 99
Code:
sysctl -p[[email protected] ~]# sysctl -p
net.ipv6.conf.all.autoconf = 0
net.ipv6.conf.default.autoconf = 0
net.ipv6.conf.eth0.autoconf = 0
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.default.accept_ra = 0
net.ipv6.conf.eth0.accept_ra = 0
sysctl: cannot stat /proc/sys/kernel/grsecurity/enforce_symlinksifowner: No such file or directory
sysctl: cannot stat /proc/sys/kernel/grsecurity/symlinkown_gid: No such file or directory
[[email protected] ~]#
net.ipv6.conf.all.autoconf = 0
net.ipv6.conf.default.autoconf = 0
net.ipv6.conf.eth0.autoconf = 0
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.default.accept_ra = 0
net.ipv6.conf.eth0.accept_ra = 0
sysctl: cannot stat /proc/sys/kernel/grsecurity/enforce_symlinksifowner: No such file or directory
sysctl: cannot stat /proc/sys/kernel/grsecurity/symlinkown_gid: No such file or directory
[[email protected] ~]#
Hello,
This is a limitation of the kernel offered by your provider. You may want to contact them to see if it's possible to boot into a stock kernel, or request assistance from additional members of their support team if they are unable to provide you with a reliable answer.
Thank you.
This is a limitation of the kernel offered by your provider. You may want to contact them to see if it's possible to boot into a stock kernel, or request assistance from additional members of their support team if they are unable to provide you with a reliable answer.
Thank you.
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| W | SOLVED CPANEL-39815 - Not receiving security advisor notifications | Security | 52 | |
| H | cPanel Security Advisor - Scan ERROR | Security | 4 | |
| S | SOLVED [CPANEL-26566] Security Advisor's PermitRootLogin check is inaccurate | Security | 12 | |
| N | SOLVED Security Advisor scrolling in cPanel 66 | Security | 4 | |
|
cPanel Security Advisor | Security | 3 |