CloudLinux was founded in 2009 to address the distinctive needs of web hosting providers. The company’s headquarters is in Princeton, New Jersey, and its development team, which is composed of employees with an appreciable proficiency in the hosting business, is based in Donetsk, Ukraine. CloudLinux is a stable privately funded company geared toward providing the ideal OS to make even the most intricate and divergent hosting needs more straightforward and less complicated.
Cleaning up a hacked server is a nightmare. Yet, defacement and hacked accounts is something hosters battle on a daily basis. Beyond taking your support team’s time, it also tarnishes your company image and causes customers to leave in droves.The main reason hacking is so easy on shared hosting servers is because Linux was never meant to be used by a large number of not vetted users. It is too easy for a hacker to obtain an account on your server (by using a stolen credit card and signing up or by abusing some outdated script one of your customers has not updated for years). After that, a hacker has inside access to the server and can begin poking around, finding low hanging fruit and hacking your server.
CloudLinux stops that. With our CageFS and SecureLinks technologies, users are virtualized to their own file systems, preventing any individual user from seeing any other users on the server.
Beyond that we
· Allow user access only to safe files
· Remove user’s access to ALL SUID scripts
· Limit customer’s access to /proc filesystem
· Prevent symbolic links attacks
· Customer can see only his or her own processes
All that without the need for the customer to change his or her scripts or to adjust anything at all. CageFS is completely transparent for the end user, yet impregnable to a hacker.
How To Install
To install CageFS:
$ yum install cagefs
$ /usr/sbin/cagefsctl –init
That last command will create skeleton directory that might be around 7GB in size. If you don’t have enough disk space in /usr/share, use following commands to have cagefs-skeleton being placed in a different location:
$ mkdir /home/cagefs-skeleton
$ ln -s /home/cagefs-skeleton /usr/share/cagefs-skeleton
On cPanel servers, if you will be placing skeleton into /home directory, you must configure the following option in:
cPanel WHM WHM -> Server Configuration -> Basic cPanel/WHM Setup -> Basic Config -> Additional home directories
Change the value to blank (not default “home”)
Without changing this option, cPanel will create new accounts in incorrect places.
CageFS will automatically detect and configure all necessary files for:
Web interface to manage CageFS is available for cPanel, Plesk 10+, DirectAdmin, ISPmanager & Interworx. Command line tool would need to be used for other control panels.
Once you initialized the template you can start enabling users. By default CageFS is disabled for all users.