Melih Sarioglu

Registered
Jun 18, 2015
4
0
1
Turkey
cPanel Access Level
Root Administrator
Hello,

There is a problem with Mod_ruid2 settings on Tweak settings since a few weeks. When yum upgrades Mod_ruid2 module inside the cpanel, the system set disabled "Jail Apache" on tweak settings. This causes very high security issue on the servers.

For example a few minutes ago yum upgraded mod_ruid2. From yum

tail -200 yum.log | grep ruid
Feb 07 22:55:35 Updated: ea-apache24-mod_ruid2-0.9.8-16.16.10.cpanel.x86_64


After this happen, I went to "cPanel Security Advisor" on WHM and i see the error:

Apache vhosts are not segmented or chroot()ed.Enable “Jail Apache” in the “Tweak Settings” area, and change users to jailshell in the “Manage Shell Access” area. Consider a more robust solution by using “CageFS on CloudLinux”. Note that this may break the ability to access mailman via Apache.


This setting was enabled before.

This is very serious BUG on WHM. We reported it a few days ago but nothing changed yet.

Is there anyone face this issue like me?

Thanks,
Melih
 
Last edited by a moderator:

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
Hello,


Can one of you please open a ticket using the link in my signature, if this is an ongoing issue we're not aware of it right now and I'd like to see if it's possible for one of our analysts to view an affected server? Please update this thread with the ticket ID once opened as well.


Thanks!
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,271
313
Houston
Hello,

I have already created a ticket for this. I hope you can fix the issue close future.

Thanks,
Melih
Can you provide the Ticket ID please? I'd like to check in on the ticket.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,227
463
Hello,

To update, this was fixed as part of the 2019-2-13 EA4 maintenance release:

ea-mod_ruid2
  • EA-8192 - When mod_ruid2 upgrades or downgrades via yum, the Apache jail vhost tweak gets disabled.
You can upgrade your EA4 packages via the "yum update" command if automatic updates are disabled.

Thank you.