The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security Warning: Enable “Jail Apache” in the “Tweak Settings” ?

Discussion in 'Security' started by MinaIsaac, Dec 19, 2013.

  1. MinaIsaac

    MinaIsaac Member

    Joined:
    Dec 19, 2013
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello,

    I have VPS running WHM on CentOS 6.5 and I have root access. A security warning appearing in the Security Advisor.

    Warning: Enable “Jail Apache” in the “Tweak Settings” area.

    I entered the tweak settings but I can't enable the "Jail Apache". It is "Off" by default and I can't tick the "On" option. I contacted the VPS provider, and they enabled the "Jailed Shell" for all accounts on the VPS but still can't edit the option in tweak settings, and I think this is what makes the security warning appears.

    Is there anyway I can enable this settings from the WHM in order to hide the warning?

    Here is a screenshot of the “Tweak Settings”:

    tweaksettings_jailapache.png

    Another screenshot of the security warning:

    security_advisor_jailapache.png

    Any suggestions?
    Thank you.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    671
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  3. MinaIsaac

    MinaIsaac Member

    Joined:
    Dec 19, 2013
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator

    Thank you for your reply Michael :)

    I got two replies from the VPS provider,

    First message:

    That would require us to recompile Apache with mod_ruid2 and switch the PHP handler over to DSO. The only issue with this setup is that it uses a vastly different set of file permissions from the current PHP handler on the vps, suPHP. Sites may not resolve properly until their permissions are fixed after making that sort of change.

    Second message:

    This is in an experimental state at this time and we would be unable to assist you with it short of compiling it into apache. If you would like us to compile it in we would need to recompile the server again.

    I became so confused after these 2 messages. I'm providing hosting services to customers under my VPS and don't want to affect any of my customers' websites resolving, permissions, etc.. So, can you give me advice whether to proceed with the compile or not?

    Thank you.
    Best Regards.
     
  4. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    DSO normally needs different permissions than SuPHP for webapps to write to their own files, however, with ruid2 since Apache is jailed it should run with proper permissions for the sites to function.

    You wont have issues with sites resolving, as this does nothing to DNS. You might run into file permission issues but that is doubtful in my opinion.

    That being said RUID2 is still experimental and I personally would recommend using CloudLinux instead, until the issues with modsecurity and ruid2 are resolved (at the very least).
     
Loading...

Share This Page