You are viewing this forum as a guest. Login to an existing account, or create a new account, to reply to topics and to create new topics.
I have got tired of seeing this security advisor message in WHM
"Apache vhosts are not segmented or chroot()ed.
Enable “Jail Apache” in the “Tweak Settings” area, and change users to jailshell in the “Manage Shell Access” area. Consider a more robust solution by using “CageFS on CloudLinux”. Note that this may break the ability to access mailman via Apache."
It is not possible to "Enable “Jail Apache” in the “Tweak Settings” area" as checkbox is greyed out. It appears that we need to instal mod_ruid2 and in the process mod_suexec will be removed. It also appears to mean changing file permissions for the php to run.
Do you think it is worth doing or just too much trouble?
Offline
We run mod_suexec here and have no issues or reports of issues concerning security or passing PCI scans. mod_ruid2 is basically a drop-in replacement for mod_suexec that may run faster or more securely (likely marginally). It might be worth doing on a dev machine to test things out and see if you like it, but I see no real world advantage at this time to switch away from mod_suexec. I'd question why there is a security advisor message you posted. Are you still running mod_php and not making use of mod_suexec? You can tell straight away by looking at any files created by PHP scripts - they will likely be owned by nobody or apache instead of the actual vhost account.
Offline
OK thanks. If you mean mod_suphp, that is not installed. The sitemap.xml file in utilities folder is owned by the account. I will ask our hosting company to advise on this.
While looking at EasyApache4 I saw a couple of uninstalled PHP extensions:
php71-php-gettext (https://www.gnu.org/software/gettext/ma … t.html#Why)
php71-php-intl (https://www.php.net/manual/en/intro.intl.php)
Would either of those help to fix the UTF-8 encoding issue we tried to resolve last year?
The PHP extensions installed are
php71-libc-client
php71-pear
php71-php-bcmath
php71-php-calendar
php71-php-cli
php71-php-common
php71-php-curl
php71-php-devel
php71-php-fpm
php71-php-ftp
php71-php-gd
php71-php-imap
php71-php-litespeed
php71-php-mcrypt
php71-php-mysqlnd
php71-php-pdo
php71-php-posix
php71-php-sockets
php71-php-xml
php71-runtime
Would any others be beneficial?
Offline
If the sitemap.xml file is being written out with ownership equal to the vhost account, you're good to go and I wouldn't make any changes. Concerning the UTF-8 encoding issues encountered last year, if you have 9.0.3 installed and have this in your .htaccess file:
AddDefaultCharset Off
Then you shouldn't see any encoding issues. We went through that in depth last year when dealing with the encoding issues that cropped up due to changes in PHP default encoding.
Offline