The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Symlink Race Protection - EA4

Discussion in 'EasyApache' started by hicom, Sep 30, 2016.

  1. hicom

    hicom Well-Known Member

    Joined:
    May 23, 2003
    Messages:
    272
    Likes Received:
    0
    Trophy Points:
    16
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,765
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    That document is intended for EasyApache 3. Information about symlink race protection with EasyApache 4 is found at:

    EasyApache4 symlink race protection

    It's not just Mod_Ruid2, but the combination of Mod_Ruid2 with the "EXPERIMENTAL: Jailshell Virtual Hosts using mod_ruid2 and cPanel jailshell in WHM's Tweak Settings interface" option that adds the protection.

    Thank you.
     
  3. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    276
    Likes Received:
    21
    Trophy Points:
    18
    Location:
    corning, ny
    cPanel Access Level:
    Website Owner
    Sorry to butt in and hijack this thread a bit, but I just want to make sure I understand what you're saying cPanelMichael. You're saying if I'm running EasyApache4 and have Mod_Ruid2 enabled and the cPanel "EXPERIMENTAL: Jailshell Virtual Hosts" enabled under the Tweak Settings, I have symlink race protection? Thanks.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,765
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Yes, that's considered a filesystem solution and offers protection:

    Symlink Race Condition Protection - EasyApache - cPanel Documentation

    Thank you.
     
    Spork Schivago likes this.
  5. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    276
    Likes Received:
    21
    Trophy Points:
    18
    Location:
    corning, ny
    cPanel Access Level:
    Website Owner
    Thanks. I wanted a little more clarification. If I'm using ModSecurity2, I cannot enable the Apache Mod_RUID2 module, correct? Because ModSecurity2 has the DBM issues when Mod_RUID2 is enabled, right? ModSecurity3 (which should be coming out in the very near future (I believe) has this issue fixed...it'd be nice to have Mod_RUID2 and ModSecurity enabled again.

    Right now, if I have to choose between the two, I think the ModSecurity might be more beneficial than the Mod_RUID2. Thanks.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,765
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Installing Mod_Security and Mod_Ruid2 together is no longer blocked in EasyApache 4, but you are correct in stating there are existing DBM issues with Mod_Security when using Mod_Ruid2. The following thread offers a user-submitted workaround you could try:

    ModSecurity - SecDataDir

    Thank you.
     
    Spork Schivago likes this.
Loading...

Share This Page