The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Symlink Protection Options

Discussion in 'Security' started by durangod, Jul 24, 2014.

  1. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    251
    Likes Received:
    10
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    thanks michael, Unfortunately the problem is that the first option of jailing does not work for me because that option is subdued and not even active on my panel, i can see the option but there is no way for me to get it off the default value of disabled because it is subdued and will not allow me to change it. Unfortunately i did not see

    https://forums.cpanel.net/f185/solutions-handling-symlink-attacks-202242-p23.html#post1397221

    on this page

    Symlink Race Condition Protection

    so i was getting frustrated trying to find out how to install the mod.

    and the second option on that page is not even an option because quite honestly im not spending a dime to cover a bug. At the time i felt like every doc i went to just sent me to another doc and at one time i must have had 10 tabs open trying to find what i needed.. Thats part of the reason i got upset sir.

    So to assist me now that i have a valid license, are you able to tell me how to take that jail option off of subdued so that i can enable it? thanks
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    I moved this post into it's own thread because it's not related to SSH authentication (the topic of the thread you posted this reply to). You have to enable Mod_Ruid2 via EasyApache before the "EXPERIMENTAL: Jail Apache Virtual Hosts using mod_ruid2 and cPanel® jailshell." option becomes available in "Tweak Settings".

    Thank you.
     
  3. Shavaun

    Shavaun Well-Known Member

    Joined:
    Aug 15, 2013
    Messages:
    106
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Just as a note, if you install Mod Ruid2 and the tweak settings option that Michael mentioned, make sure that you do not select suPHP as your PHP handler.

    After your EasyApache build completes, the window for setting your PHP handler will pop up and allow you to change it if it was previously set to suPHP. If it is already set to something else, then you don't need to change anything. You can also change this option in WHM, via the "Configure PHP and suEXEC" interface.

    Also, please keep in mind that we are no longer updating the documentation at docs.cpanel.net. To view our current documentation, make sure to go to documentation.cpanel.net.

    For example, here is the current documentation for the symlink protection:
    http://documentation.cpanel.net/display/EA/Symlink+Race+Condition+Protection
     
  4. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    251
    Likes Received:
    10
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    @shavaun thanks for the extra tip, thats important to mention, thats nice of you.

    So what your saying is that i dont have to start from scratch with apache, i can just select the apache configuration option again from whm menu and then select the mod_ruid2 mod from there?

    here is my config
     

    Attached Files:

    #4 durangod, Jul 24, 2014
    Last edited: Jul 24, 2014
  5. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    251
    Likes Received:
    10
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    ok finally i found some text wheeewww lol

    https://documentation.cpanel.net/di...ule:ModRuid2-Howtoinstalloruninstallmod_ruid2



     
  6. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    251
    Likes Received:
    10
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    here is what the doc says

    ok so my bad ok, i read that as select... not deselect..


    I still think however on the MPM itk config there needs to be a note that says this will not work with mod ruid2.

    UPDATE: I think i may have finally gotten it this time. After you rebuild apache following the guide above then you need to select dso option from the Configure PHP and suEXEC if you did not already, then check the easy apache to see if your option to choose the profile with the ruid2 is available, it should be.

    Then choose that profile and then go thru the process again each step and make sure you verify at every page if it shows anywhere about the ruid2 that you select that. Then rebuild and i think that will do it.

    Then your option under tweaks will finally be available to select. There is also a selection under service manager that i stumbled upon for ruid2 so check that as well.

    Whole lot of doing stuff for one change ill tell ya. Its like stuff is scattered all over the place, i think there should be one switch. Do you want ruid2, yes or no.. And thats it, everything else is done lol
     
    #6 durangod, Jul 24, 2014
    Last edited: Jul 24, 2014
  7. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    251
    Likes Received:
    10
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    nothing i read for the ruid2 tonight said anything about bluehost.


    oh it came from this...

    To apply the patch, select Symlink Race Condition Protection from the Exhaustive Options List stage of the EasyApache interface.

    son of a gun folks, bouncing here and there all over the freaken place.. uggggggggg

    rebuild one more time and not choose that.

    - - - Updated - - -

    does Apache suEXEC need to be on or off with ruid2?


    all that option says is this

    there is no link to more info and no doc attache to it, thats why i chose it. Does not say anything about blue host option.

    I guess what i should have done is taken a month or so before doing this and read then entire cpanel doc first cover to cover.. Who really has time for that ya now.. I doubt if anyone other than the devs and maybe a few top support techs have even done so...
     
    #7 durangod, Jul 24, 2014
    Last edited: Jul 24, 2014
  8. durangod

    durangod Well-Known Member

    Joined:
    May 12, 2012
    Messages:
    251
    Likes Received:
    10
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    suEXEC - Wikipedia, the free encyclopedia

    ok off then.. :)

    scratch that lol.... yes then because if its no then youll get a flag on security advisor lmao... i feel like a rubber ball bouncing endlessly down the tunnel to nowhere lmao :)

    - - - Updated - - -

    yes thank goodness, finally i can call that one done... lets have a party lol... ill invite myself... :)
     
    #8 durangod, Jul 24, 2014
    Last edited: Jul 24, 2014
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    I am happy to see you were able to address the issue. I just want to clarify, the forum thread you referenced does not mean you have to enable "ALL" of those solutions. It's giving you options. Thus, if you were to choose mod_ruid + jailshell, then the BluePatch is not necessary at all.

    Thank you.
     
Loading...

Share This Page