A New Addition to Our Security Modules: CageFS

In a continuous effort to improve server security, we are gradually deploying a CloudLinux module (our operating system) called CageFS. This module allows us to further isolate hosting accounts one from another, in so preventing access to information of an account hosted on our servers through another malevolent account.

Over the years we have setup multiple security measures on our servers to perform similar tasks that CageFS performs. By adding and using CageFS we are replacing certain of these security measures and standardizing our approach, which allows us to be more efficient when it comes to our security prevention methods.

CageFS Security Aspects

Primarily, CageFS allows us to limit the impact that a malicious account might have on our servers. Here are some of this module’s aspects:

  • It prevents the access to files/directories that have misconfigured permissions on other accounts
  • It allows to hide processes in use by other users
  • It restricts certain commands that we have determined as threats

For example, CageFS is perfect to overcome the collateral effects of WordPress hacking, where a malicious script would be inserted in an account through a WordPress vulnerability. This script would then perform server detections in order to find other accounts with misconfigured permissions. Therefore CageFS restricts the malicious script inside the account where it is located and prevents it from accessing information on other accounts.

No Negative Impact Anticipated

In order for us to define our CageFS configurations, we have identified the most popular commands used by our customers on our servers, and we made sure they would not be blocked by CageFS. For this reason, we do not expect our customers to suffer from any repercussions after the deployment of CageFS. Unless you are a person who liked to observe user information on the server, and in which case we are sorry to inform you that those days are now over.

Regardless of all precautions, should you meet any problems in regards to your scripts or other strange behaviours, please contact our support team immediately.

For those who are curious, here is the full documentation on CageFS. Happy (very technical) reading!

Published on at by in: Funio, infrastructures

Funio Community

Funio on Google+