@WorkinOnIt - I think the short answer to that is that the CloudLinux tools are amazing and do MUCH more than just jail accounts, so we don't want to reinvent the wheel when such a good tool is available.
The issue is about an error message that is not accurate which leads to wasted support hours troubleshooting a problem that does not exist, not to mention questioning confidence in the "system". The longer it takes to fix this errant notification does not help the situation.
We are also getting the annoying daily email saying:
All our user accounts have either jailed or disabled shells.
Do we expect the Security Centre to stop incorrectly identifying this as a security risk?
| LiteSpeed vhosts are not segmented or chroot()ed. Consider a more robust solution by using “CageFS on CloudLinux”. |
Do we expect the Security Centre to stop incorrectly identifying this as a security risk?
When the case is resolved, the messages will stop being sent in error. I did reach out to our developers to let them know that many users are still seeing this warning, and while there has been some action on the case internally, I don't have much I can share at this point, other than it is being worked on.
Update - this is going to be resolved in 110. I haven't heard if this will make it into the 108 changes just yet.
Version 110? Holy cow, that seems pretty far out.
Is there a best recommendation of which notification(s) to turn off or reconfigure in the interim (as a workaround) to stop getting these "litespeed vhost" false alarms? I've been getting the warnings almost daily.
The fake warning is gone now. But now, I'm getting this warning that I'm being told to ignore! lol
Apache vhosts are not segmented or chroot()ed. Enable “mod_ruid2” in the “EasyApache 4” area, enable “Jail Apache” in the “Tweak Settings” area, and change users to jailshell in the “Manage Shell Access” area. Consider a more robust solution by using “CageFS on CloudLinux”. Note that this may break the ability to access mailman via Apache.
What do to, what to do....
Apache vhosts are not segmented or chroot()ed. Enable “mod_ruid2” in the “EasyApache 4” area, enable “Jail Apache” in the “Tweak Settings” area, and change users to jailshell in the “Manage Shell Access” area. Consider a more robust solution by using “CageFS on CloudLinux”. Note that this may break the ability to access mailman via Apache.
What do to, what to do....
