Enable “Jail Apache” | cPanel Security Advisor
In some cases you have to provide WHM server shell access to your cpanel users. But providing bash shell access to cpanel users is quite risky and you can change users to Jailed shell access in WHM for extra protection. In order to function Jailed Shell access, “Jail Apache” module must be enabled in the WHM and you will see the below cPanel Security Advisor recommendation to enable it.
Apache vhosts are not segmented or chroot()ed.
Enable “Jail Apache” in the “Tweak Settings” area, and change users to jailshell in the “Manage Shell Access” area. Consider a more robust solution by using “CageFS on CloudLinux”. Note that this may break the ability to access mailman via Apache.
Here is the steps that you need to follow up to enable “Jail Apache”.
First login to WHM and navigate to Home >> Software >> EasyApache 4 section. Then click on the Customize button in the Currently Installed Packages section.
EasyApache 4 customization wizard will now opened and go to Apache Modules section and search for “mod_ruid2” module. Then mark it to install and click on Review section.
In Review section you will see the list of packages ready to install and some packages will be uninstalled as part of this change. Now click on the Provision button.
You will see little later the provision process is completed and click on the Done button to exit.
You have successfully installed required modules for Jail Apache. It is time to Enable Jail Apache now. Navigate to Home >> Server Configuration >> Tweak Settings section. Then search for jailapache in the Find box. Set the bellow tweak to On and click Save button.
EXPERIMENTAL: Jail Apache Virtual Hosts using mod_ruid2 and cPanel® jailshell.
Now go back to Home >> Security Center >> Security Advisor section and start a scan again. You will see the Jail Apache is now enabled.
Now you can enable Jailed Shell access for your cpanel users. Go to Home >> Account Functions >> Manage Shell Access and apply Jailed Shell for the users.
That’s all. 😉