Security Warning: Enable “Jail Apache” in the “Tweak Settings” ?

[MinaIsaac]

Hello,

I have VPS running WHM on CentOS 6.5 and I have root access. A security warning appearing in the Security Advisor.

Warning: Enable “Jail Apache” in the “Tweak Settings” area.

I entered the tweak settings but I can't enable the "Jail Apache". It is "Off" by default and I can't tick the "On" option. I contacted the VPS provider, and they enabled the "Jailed Shell" for all accounts on the VPS but still can't edit the option in tweak settings, and I think this is what makes the security warning appears.

Is there anyway I can enable this settings from the WHM in order to hide the warning?

Here is a screenshot of the “Tweak Settings”:



Another screenshot of the security warning:



Any suggestions?
Thank you.

 

[cPanelMichael]

Hello

Mod_ruid2 must be compiled in via EasyApache, and then enabled, before this additional security option is available.

Thank you.

 

[MinaIsaac]

Hello

Mod_ruid2 must be compiled in via EasyApache, and then enabled, before this additional security option is available.

Thank you.

Thank you for your reply Michael

I got two replies from the VPS provider,

First message:

That would require us to recompile Apache with mod_ruid2 and switch the PHP handler over to DSO. The only issue with this setup is that it uses a vastly different set of file permissions from the current PHP handler on the vps, suPHP. Sites may not resolve properly until their permissions are fixed after making that sort of change.

Second message:

This is in an experimental state at this time and we would be unable to assist you with it short of compiling it into apache. If you would like us to compile it in we would need to recompile the server again.

I became so confused after these 2 messages. I'm providing hosting services to customers under my VPS and don't want to affect any of my customers' websites resolving, permissions, etc.. So, can you give me advice whether to proceed with the compile or not?

Thank you.
Best Regards.

 

[quizknows]

DSO normally needs different permissions than SuPHP for webapps to write to their own files, however, with ruid2 since Apache is jailed it should run with proper permissions for the sites to function.

You wont have issues with sites resolving, as this does nothing to DNS. You might run into file permission issues but that is doubtful in my opinion.

That being said RUID2 is still experimental and I personally would recommend using CloudLinux instead, until the issues with modsecurity and ruid2 are resolved (at the very least).