Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED Symlink Protection patchset

Discussion in 'Security' started by John Schmerold, Oct 15, 2017.

  1. John Schmerold

    John Schmerold Well-Known Member

    Joined:
    Apr 21, 2004
    Messages:
    60
    Likes Received:
    3
    Trophy Points:
    158
    Location:
    st. louis
    cPanel Access Level:
    Root Administrator
    #1 John Schmerold, Oct 15, 2017
  2. Muhammed Fasal

    Muhammed Fasal Active Member

    Joined:
    Aug 9, 2017
    Messages:
    40
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hi,

    You need to login to your server via SSH as root user and then execute below command to know UID and GID of Apache Process:

    ps -o euid,egid --ppid `netstat --inet --inet6 -pln|awk '/:80 / { split($7,tmp, "/"); print tmp[1]; }'`|sort |uniq|grep -v EUID
     
    #2 Muhammed Fasal, Oct 15, 2017
  3. 24x7server

    24x7server Well-Known Member

    Joined:
    Apr 17, 2013
    Messages:
    1,728
    Likes Received:
    78
    Trophy Points:
    78
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hi,

    You can also check this via executing below command directly on your server.

    # id apache
    The output of this command would be like:
    uid=48(apache) gid=48(apache) groups=48(apache)
     
    #3 24x7server, Oct 16, 2017
  4. John Schmerold

    John Schmerold Well-Known Member

    Joined:
    Apr 21, 2004
    Messages:
    60
    Likes Received:
    3
    Trophy Points:
    158
    Location:
    st. louis
    cPanel Access Level:
    Root Administrator
    OK, in my case it appears to be running as user "nobody" is that optimal?
    [root@cp ~]# ps -o euid,egid --ppid `netstat --inet --inet6 -pln|awk '/:80 / { split($7,tmp, "/"); print tmp[1]; }'`|sort |uniq|grep -v EUID
    99 99
    EUID EGID
    [root@cp ~]# id nobody
    uid=99(nobody) gid=99(nobody) groups=99(nobody)

    id apache does not exist
     
    #4 John Schmerold, Oct 16, 2017
  5. cPWilliamL

    cPWilliamL cP Technical Analyst II
    Staff Member

    Joined:
    May 15, 2017
    Messages:
    257
    Likes Received:
    29
    Trophy Points:
    103
    Location:
    America
    cPanel Access Level:
    Root Administrator
    Hi,

    The internal Apache configuration will also denote this:
    Code:
    # grep -E ' (user|group):' /var/cpanel/conf/apache/main
  group:
      group: nobody
  user:
      user: nobody
    This is normal. I also wouldn't recommend trying to change the Apache user, as there are certain safeguards in place to prevent abuse by the Apache user `nobody'.

    Thanks,
     
    #5 cPWilliamL, Oct 16, 2017
(You must log in or sign up to post here.)
Loading...
Similar Threads - Symlink Protection patchset
  1. thanasis

    No symlink protection detected?

    thanasis, Feb 6, 2018, in forum: Security
    Replies:
    3
    Views:
    212
    cPWilliamL
    Feb 7, 2018
  2. zeeb0t

    SOLVED Security Advisor "No symlink protection detected" Message When KernelCare + Extras Is Installed

    zeeb0t, Jan 27, 2018, in forum: Security
    Replies:
    2
    Views:
    296
    cPanelMichael
    Jan 30, 2018
  3. Skin

    Symlink Race Condition Protection

    Skin, Jan 9, 2018, in forum: Security
    Replies:
    10
    Views:
    303
    cPWilliamL
    Jan 16, 2018
  4. dvk01uk

    Kernel symlink protection warning in security advisor

    dvk01uk, Oct 18, 2017, in forum: Security
    Replies:
    5
    Views:
    609
    quizknows
    Oct 22, 2017
  5. ottdev

    How can VPS end user verify for symlink protection

    ottdev, Sep 23, 2017, in forum: Security
    Replies:
    3
    Views:
    339
    cPanelMichael
    Sep 25, 2017

Share This Page