In Progress CPANEL-41951 - LiteSpeed segmented chroot()ed spam on server that don't have LiteSpeed

eugenevdm.host

Well-Known Member
Oct 21, 2019
92
14
8
Cape Town
cPanel Access Level
DataCenter Provider
As of late I'm getting email warnings from WHM which appears to be spam as I'm not interesting in CloudLinux nor Litespeed.
These servers don't even have LiteSpeed on

Sample below:

MediumApacheLiteSpeed vhosts are not segmented or chroot()ed. Consider a more robust solution by using “CageFS on CloudLinux”.

What's pretty irritating is there warnings are almost daily and on all of many of my servers.

How do I turn these off without compromising the entire system of notifications of problems?

The links provided below is for global, not to switch of individual spammy messages about products I don't use or want to use.

What am I missing?


1671433298380.png



 
Last edited by a moderator:
  • Like
Reactions: rivermobster

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
17,470
2,843
363
cPanel Access Level
Root Administrator
Hey there! If you aren't running Litespeed, it doesn't make sense to me that you are receiving that message. Is it possible that any Litespeed packages are installed on the server? If not, could you create a ticket with our team so we can take a look?
 

rivermobster

Well-Known Member
Dec 16, 2020
137
35
28
SoCal
cPanel Access Level
Root Administrator
So tonight, I came across this (updated 17 hours ago)...

.

I thought I would follow the instructions, to see what happens. When I went to enable mod_ruid2, this is the message I got:

___________________________________________________________________________________
mod_ruid2
0.9.8-19.23.2.cpanel


Run all httpd process under user's access right.

The following conflicts are installed on this machine. They will be removed as part of this package selection:
  • mod_mpm_worker
  • mod_cgid
  • mod_http2
  • mod_suphp
  • mod_suexec
The following requirements are not installed on this machine. They will be added as part of this package selection:
  • mod_mpm_prefork
  • mod_cgi
  • mod_ruid2
Do you want to proceed with this selection?
_________________________________________________________________________________

Do I want to proceed? Or wait for further instructions in this thread?

Thanks in advance,

-Joe
 
Dec 12, 2022
10
6
3
United States
cPanel Access Level
Root Administrator
Joe the solution you are asking about is related to securing "Apache vhosts" which will give you a bill of clean health if you use the Security Advisor direction. (This will be seen if you continue. We are setup to use prefork since we relied on the Security Advisor to secure the WHM/CPanel installation. It will let you know if your Apache shell accounts are not jailed, aloong with other security recommendations. You will also see upsells for other products.

The current issue is related to a "Litespeed vhosts" system notification. LiteSpeed Web Server is an Apache alternative which requires a paid license, Note: There is a free version which is limited to one domain and 2gb of memory. The security advisor does not show this as a problem hence the big question: Why are we getting this particular message?
 

rivermobster

Well-Known Member
Dec 16, 2020
137
35
28
SoCal
cPanel Access Level
Root Administrator
Joe the solution you are asking about is related to securing "Apache vhosts" which will give you a bill of clean health if you use the Security Advisor direction. (This will be seen if you continue. We are setup to use prefork since we relied on the Security Advisor to secure the WHM/CPanel installation. It will let you know if your Apache shell accounts are not jailed, aloong with other security recommendations. You will also see upsells for other products.

The current issue is related to a "Litespeed vhosts" system notification. LiteSpeed Web Server is an Apache alternative which requires a paid license, Note: There is a free version which is limited to one domain and 2gb of memory. The security advisor does not show this as a problem hence the big question: Why are we getting this particular message?
Interesting...

Your warning: LiteSpeed vhosts are not segmented or chroot()ed.
My warning: Apache vhosts are not segmented or chroot()ed.

I guess I'll go make a new thread? Thanks for the clarification.
 

rivermobster

Well-Known Member
Dec 16, 2020
137
35
28
SoCal
cPanel Access Level
Root Administrator
Nah, no need for a new thread. The Apache warning is expected. The LiteSpeed warning is not, especially if you don't have it installed.
More confusion...

This is in the Security Advisor:

Apache vhosts are not segmented or chroot()ed.
Enable “mod_ruid2” in the “EasyApache 4” area, enable “Jail Apache” in the “Tweak Settings” area, and change users to jailshell in the “Manage Shell Access” area. Consider a more robust solution by using “CageFS on CloudLinux”. Note that this may break the ability to access mailman via Apache.

This came in my email:

LiteSpeed vhosts are not segmented or chroot()ed. Consider a more robust solution by using “CageFS on CloudLinux”.



See why I'm confused?!?!?!? lol
 

Dosmage

Registered
Dec 31, 2022
2
0
1
United States
cPanel Access Level
Root Administrator
I've been going over these alerts and applying the recommendations. I rolled my eyes so hard about a security alert, if I don't make a purchase I'm insecure, that I think I blew out some ocular ligaments. I'm glad that this is a "bug" and that it's active and open! I do have, hopefully, a non vapid comment on the problem. I see that there is a php litespeed cpanel rpm installed. If we're not running a CloudLinux kernel, CloudLinux or LiteSpeed daemon, is it possible that the check might be triggering on this rpm?
 

eugenevdm.host

Well-Known Member
Oct 21, 2019
92
14
8
Cape Town
cPanel Access Level
DataCenter Provider
I've given up on this issue after logging a ticket. Reasons hereunder:

Ticket reply was (not a public article you have to log on):

- Security Advisor can reference Litespeed even when it is not installed.

Apparently cPanel has already admitted this is an issue over a month ago, with no fix in sight.

The workaround they present is also unacceptable, I have to vote to turn off specific security messages:

- Disable specific Security Advisor State Change notifications

How about I vote to turn off all broken and spammy messages?

Ticket 94515863

When you've been using software for years and you spot obvious issues voting is a frivolous activity because it's logical to you and the rest of the community.

So instead of enjoying my holidays every morning I log on to find lots of messages that I have to ignore.

The issue is my systems are carefully tuned across many mediums, Slack, PRTG, Email, WhatsApp, etc. Any kind of noise means I can't focus on the real problems.

EDIT:

After having typed this reply I see the title of this forum post now has a "In Progress" moniker attached to it. Not sure what that means but hopefully something is being done behind the scenes with regards to this.
 
  • Like
Reactions: yatesf

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
17,470
2,843
363
cPanel Access Level
Root Administrator
@eugenevdm.host - I was going to say, there is a case open, and CPANEL-41951 is titled "Security Advisor can reference Litespeed even when not installed." Once the case is resolved, that will fix that area of Security Advisor, and that support article will no longer be necessary.

That specific feature is five years old, but I'll bring that up with the team today to get some fresh eyes on it.

Is there another area of Security Advisor you'd like to see improved?
 

robhooper

Member
Jul 21, 2015
15
4
53
Farnborough
cPanel Access Level
Root Administrator
+1 also effected by this issue.

We received a security alert for both Apache and LiteSpeed, we only have Apache installed.
I've actioned the recommended changes for Apache which resolved those alerts.

Even if I had LiteSpeed installed I'm not sure what a LS user could do? the email message says rebuild on a new operating system which isn't happening.
Seems like an abuse of this notification system IMO :/
 

WorkinOnIt

Well-Known Member
Aug 3, 2016
322
56
78
UK
cPanel Access Level
Root Administrator
@cPRex - thanks for clarification on this matter. I also have the same issue.

Meanwhile, the other question (perhaps needs a new thread?) is why is jail apache using mod_ruid2 experimental (after what, a decade or more?) Does cPanel not care about security? Instead of offering a robust jailed segmented vhosts option, we are still being sold another upgrade / spend more money and purchase CageFS ?