Security Advisor: Symlink Ownership Attack Message with ModRUID2 and Jailed Apache

I am running CENTOS 6.8 x86_64 kvm – host cPanel & WHM 64.0 (build 15) with ModRUID2 and Jailed Apache enabled. When I run Security Advisor, I still get the warning:

I have noticed that the ModRUID2 + jailed Apache option has been removed from the documentation for symlink ownership attack protection. Technically, it's true that our kernel doesn't support prevention of symlink ownership attacks, but aren't we still adequately protected with ModRUID2 and jailed Apache?

We don't have the option of Cloudlinux or the cPanel-hardened kernel (neither are allowed on our host's VPS accounts) and the Bluehost patch doesn't provide sufficient protection, so ModRUID2 + jailed Apache has been our go-to solution.

Security Advisor does still give us green checkmarks for:

and

although we don't have the Bluehost patch enabled in Apache's global configuration.

 

Thanks Michael. I did read that article when I was researching our options, and for some time we were getting by with just setting all our configuration files to 600 permissions. When we were migrated to a KVM VPS from Virtuozzo, I was hopeful that we could use the cPanel-hardened kernel, but the new web host (Liquidweb) doesn't allow custom kernels on their VPS because they say custom kernels can adversely affect the host system. For now, mod_ruid2 and jailshell seem to be the way for us to go. I was really just hoping implementing them would get Security Advisor back to "all green." I miss our "all green" Security Advisor scan. : )