The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Symlink race condition protection

Discussion in 'Security' started by Wiched, May 12, 2016.

  1. Wiched

    Wiched Registered

    Joined:
    Oct 13, 2015
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Bulgaria
    cPanel Access Level:
    Root Administrator
    The last 2 errors in the Security Advisor are

    1. No symlink protection detected
    2. SSH direct root logins are permitted.

    For the second one i've limited shhd to my ip address, i disabled user shell access and connect only trough key. Is that a sufficient way or is there better for security?

    Now on to my main question. I've read couple of threads here about symlink protection.
    I use WHM on CentOS 7. The problem is easy apache 2.2 + mod_ruid2 dosn't support CentOS 7 and Apache 2.4 which is supported doesn't work with mod_ruid2.

    Can you help me with ideas how to fix this issue.

    Best regards
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,694
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    The following is a list of the preferred solutions:

    Cloudlinux SecureLinks
    Cloudlinux CageFS
    Grsecurity Kernel Symlink Protection
    LitespeedTech
    Mod_Ruid2

    Note that internal case EA-4430 will allow for the combined use of Mod_Security and Mod_Ruid2/mod_mpm_itk, despite the minor bugs currently associated with using them together.

    That's generally sufficient, but the warning message is suggesting you authenticate as another user first, and then use sudo or su to access "root".

    Thank you.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,694
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    To update, the following case is now published as part of EasyApache 4:

    814b990: EA-4632 - Remove mod_mpm_itk and mod_ruid2 conflicts

    The full change log is documented at:

    EasyApache 4 Change Log - EasyApache 4 - cPanel Documentation

    Note the DBM issues persist, but we no longer prevent users from enabling both modules at the same time.

    Thank you.
     
Loading...

Share This Page