⛔ New Security Advisor notifications with High importance

[stokmu]

High

Apache

Apache vhosts are not segmented or chroot()ed. Enable "mod_ruid2" in the "EasyApache 4" area, enable "Jail Apache" in the "Tweak Settings" area, and change users to jailshell in the "Manage Shell Access" area. Consider a more robust solution by using "CageFS on CloudLinux". Note that this may break the ability to access mailman via Apache.

And

Medium

Apache

LiteSpeed vhosts are not segmented or chroot()ed. Consider a more robust solution by using "CageFS on CloudLinux".

how to solve this?
Thank you very much

 

[Web City Media]

Same situation. Mod_ruid2 and Jail Apache previously enabled and all Cpanel accounts jailed. And we are not using LiteSpeed.

 

[cPRex]

@stokmu - those are recommendations for the best security on your system. It's up to you to decide if you want to make that change.

@Web City Media - it's odd that it would be reporting that if they are already in place. Could you make a ticket with our team so we can check the system directly?

 

[Web City Media]

@stokmu - those are recommendations for the best security on your system. It's up to you to decide if you want to make that change.

@Web City Media - it's odd that it would be reporting that if they are already in place. Could you make a ticket with our team so we can check the system directly?

Thanks. The ticket has been submitted.

 

[cPRex]

Can you post the number here so I can follow along?

 

[Web City Media]

https://support.cpanel.net/hc/requests/94511641.

 

[cPRex]

Thanks for that - I'm following along on my end now.

 

[Web City Media]

I manage other WHMs and I am getting similar messages on them too. I have them all setup the same way. I noticed after a recent update the shell access was changed from jailed to disabled. I moved them back to jailed for ssh access. To be safe we use the security advisor after any yum update requiring a reboot.

 

[bigadmin]

Hi ,
We are also facing the same issue in almost every WHM/cpanel installed machine . As @cPRex wisely suggested that its up to us to enable it or not , but then the Jailshell feature Apache is an Experimental Feature and not announced as stable so as to enable it and use . In such case what do you suggest.

 

[Web City Media]

We have been using it for years without any issues. Though in your screenshot it is greyed out. To use it you have to run mod_mpm_prefork in the Apache4 setup. We are WordPress folks and minimal WHM admins looking to get away from the traditional shared hosting since 2008. Things like the world are getting a little squirrelly. And then there is the constant upsell. Just trying to keep it simple, safe and affordable for our customers.

 

[cPRex]

Even though it's been marked as experimental, this one has been around for years. I'd try it, and you can always disable it if it does cause issues.

 

[jcbfergie]

Hi ,
We are also facing the same issue in almost every WHM/cpanel installed machine . As @cPRex wisely suggested that its up to us to enable it or not , but then the Jailshell feature Apache is an Experimental Feature and not announced as stable so as to enable it and use . In such case what do you suggest.

I enabled mod_ruid2, and I changed to jailshell, but I also can't enable this item because it is grayed out. I found where to enable mod_mpm_prefork, but it has beside it "2.4.54-2.el7.cloudlinux" - Do I need to have cloudlinux to enable this feature? Because I don't have it..

 

[Web City Media]

Just checked ours: 2.4.54-2.3.3.cpanel All depends on your service. Best to contact the hosting company support.

 

[stokmu]

Thank you friends,
now the problem is solved.
Go to Home >> Account Functions >> Manage Shell Access and apply Jailed Shell for the users.