Securing shared hosting using CageFS Igor Seletskiy CEO, CloudLinux
Linux OS based on RHEL source RPMs Binary compatible with RHEL 5.x/6.x and CentOS 5.x/6.x Made for Shared Hosting Companies Focus on Stability and Security Excellent, free 24/7 support Affordable for Companies of any Size CloudLinux delivered patches for several local exploits days before RHEL and CentOS
Single customer is the most common cause of downtime Getting read of spikes would prevent issues for other customers Hard & expensive to investigate Takes time to track, which results in downtime for the server.
Lightweight resource limits CPU/Concurrent Connection/Memory limits Virtualized file system - CageFS Transparent to administrator Easy to deploy to CentOS/RHEL servers No need to setup per customer limits Easy to monitor resources usage on per user bases Works with ANY control panel
Better stability Improved security No server slow downs No need to suspend customers due to resource abuse Simplifies up sell to higher plans / VPS Removes the need to upsell to VPS Ability to track usage on per customer bases Less support Better density
Exploit vulnerability in web applications Outdated Buggy Insecure Brute force passwords Attack 0-day vulnerability in apache/php, etc Signup using stolen credit card Shared Host cannot prevent hackers from executing arbitrary code on their server
One compromised account is often enough to take over the whole server Find out all users on the server Symbolic link attacks against wordpress config files ln -s ~user1/public_html/wp-config.php ~hacker/public_html/read.html Scan for bad permissions Privilege escalation attacks
Anything that can be done via shell, can be done via CGI Majority of things can be done via PHP PHP is not secure Cron is another way to execute scripts The first thing hacker does after gaining access to end user account: Installs PHP shell
The PHP safe mode is an attempt to solve the shared-server security problem. It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server and OS levels aren't very realistic, many people, especially ISP's, use safe mode for now. -- php.net mod_php depends on safe mode Not Reliable Deprecated as of PHP 5.3.0, removed in PHP 5.4.0
Per user, virtualized file system User can see only their own files / safe system files Virtualized /etc, including passwd file No config files with all the users Only one user in /home No presence of other users. Virtualized /proc user can see only their own processes No SUID software Virtualized /dev file system
One user cannot see any other users Protects shell, cron & web sessions Can support any PAM enabled service Cannot see other user s processes Provides safe environment Users can feel protected
Can be deployed to production servers with live users Easily switched on / off Web interface for most control panels Powerful command line tool Very flexible, supports highly customized deployments cpanel, Plesk, ISP Manager, DirectAdmin, InterWorx
Protection against symbolic link attacks. Part of CageFS Better then SymlinksIfOwnerMatch Doesn t suffer from race condition Better Performance This option should not be considered a security restriction, since symlink testing is subject to race conditions that make it circumventable. Apache Documentation http://httpd.apache.org/docs/2.2/mod/core.html
Type CPU Memory IO Number of connections CageFS mod_php Yes No Maybe Yes No* mod_php + mod_ruid2 mod_php + MPM_ITK Yes No Maybe Yes No* Yes Maybe Maybe Yes Yes mod_suphp Yes Yes Apr 2012 Yes Yes mod_fcgid Yes Yes Apr 2012 Yes Yes mod_cgi Yes Yes Apr 2012 Yes Yes FPM Yes Yes Apr 2012 Yes Yes LiteSpeed Yes Yes Apr 2012 Yes Yes
Most Customers Deploy CloudLinux To Existing Production Servers
Visit Us At CloudLinux Booth http://www.cloudlinux.com