The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel Security Advisor Questions

Discussion in 'Security' started by AdamDresch, Feb 25, 2014.

  1. AdamDresch

    AdamDresch Well-Known Member

    Joined:
    Jun 22, 2006
    Messages:
    80
    Likes Received:
    0
    Trophy Points:
    6
    I'm running a VPS using OpenVZ and I too get the Kernel unknown message

    Unable to determine kernel version

    Ensure that yum and rpm are working on your system.

    Yum update doesn't find any updated kernels, so I assume..it's ok to ignore it?

    - - - Updated - - -

    Another bit of feedback, I get this in the security advisory:

    Enable “Jail Apache” in the “Tweak Settings” area, and change users to jailshell in the “Manage Shell Access” area

    I actually have Apache running in Prefork with FastCGI, rather than RUID 2, because it still says "Experimental".
    But I also have all users Shell access set to disabled
    So wouldn't it be better to accept such a setup as secure/aok?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    1. Could you let us know the output of "uname -a" so we can see which kernel you are running?

    2. The Security Advisor is intended to offer guidelines, but if you have an existing solution that works better for your own preferences then it's okay to ignore the warning.

    Thank you.
     
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    A lot of times on VZ systems the kernel modules are managed by the parent server and not your virtual server.

    Prefork/FCGI is fine, just make sure you're using some sort of cross-account symlink protection if you're hosting multiple domains. Since you're not using SuPHP I'd recommend the rack911 patch as opposed to the EasyApache "Symlink race condition protection" patch. The reason for this is that the EA patch checks ownership of every file it serves, and if you're not using SuPHP, the server might refuse to serve "nobody" owned files which would be created when web applications upload or update files. The Rack911 patch, while not perfect, is usually good enough and works with any PHP handler.
     
Loading...

Share This Page