A fully-powered security suite with comprehensive protection from attacks. Keep your servers safe with six layers of defense and AI detection of malware and viruses, Proactive Defense™, advanced firewall, and simple integration right in your dashboard.
Learn More »
Enable “mod_ruid2” in the “EasyApache 4” area, enable “Jail Apache” in the “Tweak Settings” area, and change users to jailshell in the “Manage Shell Access” area. Consider a more robust solution by using “CageFS on CloudLinux”. Note that this may break the ability to access mailman via Apache.
Install ImunifyAV to scan your websites for malware.
This free patch set protects your system from symlink attacks. Add KernelCare’s Free Patch Set. Add KernelCare’s Free Symlink Protection. NOTE: This is not the full KernelCare product and service.
You can protect against this in multiple ways. Please review the following documentation to find a solution that is suited to your needs.
The system kernel is at version “3.10.0-1160.49.1.el7.x86_64”, but an update is available: 3.10.0-1160.62.1.el7.x86_64
Update the system (run “yum -y update” on the command line), and reboot the system.
The MySQL service is currently configured to listen on all interfaces: (bind-address=*)
Configure bind-address=127.0.0.1 in /etc/my.cnf or use the server’s firewall to restrict access to TCP port “3306”.
PHP 7.2 and PHP 7.3 reached EOL
We strongly recommend that you use a version that is still supported upstream.
If you do continue to use it, you will be susceptible to any remaining bugs or security issues.
We recommend that you use the MultiPHP Manager interface to upgrade your domains to a supported version. Then, uninstall these versions in the EasyApache 4 interface. For more information, read PHP EOL Documentation.
The system’s core libraries or services have been updated.
Manually edit /etc/ssh/sshd_config and change PermitRootLogin to “without-password” or “no”, then restart SSH in the “Restart SSH” area
Recommendations
Users running outside of the jail:
example.
Change these users to jailshell or noshell in the “Manage Shell Access” area.
Information
Apache Symlink Protection: mod_ruid2 loaded in Apache
mod_ruid2 is enabled in Apache. To ensure that this aids in protecting from symlink attacks, Jailed Apache needs to be enabled. If this not set properly, you should see an indication in Security Advisor (this page) in the sections for “Apache vhosts are not segmented or chroot()ed” and “Users running outside of the jail”. If those are not present, your users should be properly jailed. Review Symlink Race Condition Protection for further information.
Use Imunify360 for complete protection against attacks on your servers.
Use Imunify360 for a comprehensive suite of protection against attacks on your servers.
Multi-layered defense stops attacks with advanced firewall, herd immunity, Intrusion Prevention System, and more.
Powered by AI with advanced detection of brute force attacks, zero-day, and unknown security threats.
Proactive Defense™ recognizes malicious code in real-time and stops malware in its tracks.
Use ImunifyAV+ to scan for malware and clean up infected files with one click.
ImunifyAV+ brings you the advanced scanning of ImunifyAV and adds more options to make protecting servers from malicious code almost effortless. Enhanced features include:
Use KernelCare to automate kernel security updates without reboots.
KernelCare provides an easy and effortless way to ensure that your operating system uses the most up-to-date kernel without the need to reboot your server. After you purchase and install KernelCare, you can obtain and install the KernelCare “Extra” Patchset, which includes symlink protection.