The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

DSO+mod_ruid2 running as nobody

Discussion in 'General Discussion' started by linuxguy123, Apr 5, 2015.

  1. linuxguy123

    linuxguy123 Registered

    Joined:
    Apr 5, 2015
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Root Administrator
    Hey Guys

    Just switched to mod_ruid2 with DSO as handler after checking the process logs and monitoring in command line (top). PHP is running as nobody.

    Can anyone help with a fix for this?
     
  2. Benjade77

    Benjade77 Member

    Joined:
    Nov 15, 2015
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Brussels
    cPanel Access Level:
    Root Administrator
    Hello, I have this error on my cPanel Security Advisor, and i dont find anwser to this problem:
    Code:
    Apache Symlink Protection: Grsecurity sysctl valuesIt seems that your sysctl keys, enforce_symlinksifowner, and symlinkown_gid, may not be configured correctly for a cPanel server. Typically, enforce_symlinksifowner is set to 1, and symlinkown_gid is set to 99 on a cPanel server. For further information, see the Grsecurity Documentation.
    
    I have CentOs 6 X86_64 with last stable whm 11.52.22.

    Running with Apache 2.4, PHP 5.6 DSO SuExec, MPM Prefork, Mod Ruid2, Symlink Race Condition Protection, Mod security with OWASP activated and mod_ruid + jailshell.
    .

    I tried to add :

    fs.enforce_symlinksifowner = 1
    fs.symlinkown_gid = 99

    to /etc/sysctl.conf and type sysctl -p but it give the error unknow key.


    Can you help me please ?

    Thanks !
     
    #3 Benjade77, Nov 15, 2015
    Last edited by a moderator: Nov 15, 2015
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    The following command should provide you with the correct variables to edit:

    Code:
    sysctl -a | egrep 'symlinksifowner|symlinkown'
    Note that you may need to reboot the machine after adding in the new values.

    Thank you.
     
  4. Benjade77

    Benjade77 Member

    Joined:
    Nov 15, 2015
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Brussels
    cPanel Access Level:
    Root Administrator
    I have the same error, nothing changed. And i have the error too :

    Code:
    An error occurred while attempting to check whether running executables are up-to-date: Could not open /proc/1/smaps Could not open /proc/2/smaps Could not open /proc/3/smaps Could not open /proc/4/smaps Could not open /proc/5/smaps Could not open /proc/6/smaps Could not open /proc/7/smaps Could not open /proc/8/smaps Could not open /proc/9/smaps Could not open /proc/10/smaps Could not open /proc/11/smaps Could not open /proc/12/smaps Could not open /proc/13/smaps Could not open /proc/14/smaps Could not open /proc/15/smaps Could not open /proc/16/smaps Could not open /proc/17/smaps Could not open /proc/18/smaps Could not open /proc/19/smaps Could not open /proc/20/smaps Could not open /proc/21/smaps Could not open /proc/22/smaps Could not open /proc/23/smaps Could not open /proc/24/smaps Could not open /proc/25/smaps Could not open /proc/26/smaps Could not open /proc/27/smaps........ 
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you elaborate on which steps you have taken to address the issue thus far? Also, please ensure you open new threads for separate warning messages.

    Thank you.
     
  6. Benjade77

    Benjade77 Member

    Joined:
    Nov 15, 2015
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Brussels
    cPanel Access Level:
    Root Administrator
    Using ssh on root i typed
    sysctl -a | egrep 'symlinksifowner|symlinkown' and after looked into cpanel security advisor and i have the error:

    Apache Symlink Protection: Grsecurity sysctl valuesIt seems that your sysctl keys, enforce_symlinksifowner, and symlinkown_gid, may not be configured correctly for a cPanel server. Typically, enforce_symlinksifowner is set to 1, and symlinkown_gid is set to 99 on a cPanel server. For further information, see the Grsecurity Documentation.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  8. Benjade77

    Benjade77 Member

    Joined:
    Nov 15, 2015
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Brussels
    cPanel Access Level:
    Root Administrator
    i already tried that but it doenst work, always the error
     
  9. Benjade77

    Benjade77 Member

    Joined:
    Nov 15, 2015
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Brussels
    cPanel Access Level:
    Root Administrator
    the problem is resolved and we can close this topic. Thank you.
     
  10. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    I am happy to see the issue is now resolved. Would you mind sharing the solution?

    Thank you.
     
  11. Benjade77

    Benjade77 Member

    Joined:
    Nov 15, 2015
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Brussels
    cPanel Access Level:
    Root Administrator
    Hello, i just buy CloudLinux and asked him to update my kernel. Thanks to him for great job and to cPanel for best support :)
     
Loading...

Share This Page