Did you have any specific questions about the recommendations?Enable “Jail Apache” in the “Tweak Settings” area, and change users to jailshell in the “Manage Shell Access” area. Consider a more robust solution by using “CageFS on CloudLinux”
mod_ruid2 is enabled in Apache. To ensure that this aids in protecting from symlink attacks, Jailed Apache needs to be enabled. If this not set properly, you should see an indication in Security Advisor (this page) in the sections for “Apache vhosts are not segmented or chroot()ed” and “Users running outside of the jail”. If those are not present, your users should be properly jailed. Review Symlink Race Condition Protection for further information.
If bind-address is set to a non-localhost value and there are no iptables reject/deny rules in place for the MySQL port, then a warning will be issued. Could you let us know the contents of the /etc/my.cnf file on this system?The MySQL service is currently configured to listen on all interfaces: (bind-address=*)
And I don't changed my.cnf or close port 3306,...
Internal case (SWAT-733) open to ensure that specific Security Advisor alert reflects the fact that Mod_Ruid2 is required in order to use the "Jail Apache" option in "WHM >> Tweak Settings".Apache vhosts are not segmented or chroot()ed.
No advice about "Enable “Jail Apache” in the “Tweak Settings” are,...
We do recommend you protect your system against symlink attacks. We provide a list of available solutions at:I read that it's not fundamental to security and may lower the performance,...
Can you verify if you still see this message? If so, could you open a support ticket using the link in my signature so we can take a closer look?The system cannot check the KernelCare promotion preferences: Cannot determine company ID.
You should be able to remove that entry and restart MySQL to solve that issue.bind-address=127.0.0.1
Could you open a support ticket using the link in my signature so we can take a closer look?The system cannot check the KernelCare promotion preferences: Cannot determine company ID.
As far as the separate issue with SSH, please open a new thread so we can investigate that separately.SSH Server...Waiting for “sshd” to start ……Job for sshd.service failed because the control process exited with error code. See "systemctl status sshd.service" and "journalctl -xe" for details.
|Thread starter||Similar threads||Forum||Replies||Date|
|M||No aparece sección Correo electrónico en cPanel||Discusión en Español||1|
|M||Aplicación cPanel/WHM en Play Store.||Discusión en Español||1|
|C||Configurar cpanel para usar varios servidores de correo||Discusión en Español||3|
|K||SOLVED cPanel Security Advisor & EA4||Discusión en Español||13|
|M||ModSecurity : collections_remove_stale: Failed deleting collection cpanel||Discusión en Español||3|