{"id":1462,"date":"2013-06-05T12:20:05","date_gmt":"2013-06-05T16:20:05","guid":{"rendered":"http:\/\/blog.funio.com\/en\/?p=1462"},"modified":"2013-06-27T14:34:22","modified_gmt":"2013-06-27T18:34:22","slug":"a-new-addition-to-our-security-modules-cagefs","status":"publish","type":"post","link":"http:\/\/blog.funio.com\/en\/2013\/06\/a-new-addition-to-our-security-modules-cagefs\/","title":{"rendered":"A New Addition to Our Security Modules: CageFS"},"content":{"rendered":"<p>In a continuous effort to improve server security, we are gradually deploying a CloudLinux module (our operating system) called CageFS. This module allows us to further isolate hosting accounts one from another, in so preventing access to information of an account hosted on our servers through another malevolent account.<\/p>\n<p>Over the years we have setup multiple security measures on our servers to perform similar tasks that CageFS performs. By adding and using CageFS we are replacing certain of these security measures and standardizing our approach, which allows us to be more efficient when it comes to our security prevention methods.<\/p>\n<h2>CageFS Security Aspects<\/h2>\n<p>Primarily, CageFS allows us to limit the impact that a malicious account might have on our servers. Here are some of this module&#8217;s aspects:<\/p>\n<ul>\n<li>It prevents the access to files\/directories that have misconfigured permissions on other accounts<\/li>\n<li>It allows to hide processes in use by other users<\/li>\n<li>It restricts certain commands that we have determined as threats<\/li>\n<\/ul>\n<p>For example, CageFS is perfect to overcome the collateral effects of WordPress hacking, where a malicious script would be inserted in an account through a WordPress vulnerability. This script would then perform server detections in order to find other accounts with misconfigured permissions. Therefore CageFS restricts the malicious script inside the account where it is located and prevents it from accessing information on other accounts.<\/p>\n<h2>No Negative Impact Anticipated<\/h2>\n<p>In order for us to define our CageFS configurations, we have identified the most popular commands used by our customers on our servers, and we made sure they would not be blocked by CageFS. For this reason, we do not expect our customers to suffer from any repercussions after the deployment of CageFS. Unless you are a person who liked to observe user information on the server, and in which case we are sorry to inform you that those days are now over.<\/p>\n<p>Regardless of all precautions, should you meet any problems in regards to your scripts or other strange behaviours, <a href=\"http:\/\/hub.funio.com\/assistance\">please contact our support team<\/a> immediately.<\/p>\n<p>For those who are curious, here is the full <a href=\"http:\/\/docs.cloudlinux.com\/index.html?cagefs.html\">documentation on CageFS<\/a>. Happy (very technical) reading!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In a continuous effort to improve server security, we are gradually deploying a CloudLinux module (our operating system) called CageFS. This module allows us to further isolate hosting accounts one from another, in so preventing access to information of an account hosted on our servers through another malevolent account. Over the years we have setup [&#8230;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,25],"tags":[6,60],"class_list":["post-1462","post","type-post","status-publish","format-standard","hentry","category-funio","category-infrastructures","tag-default","tag-httpmedia-funio-comimageskbblogcloudlinux-gif"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>A New Addition to Our Security Modules: CageFS - Funio Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/blog.funio.com\/en\/2013\/06\/a-new-addition-to-our-security-modules-cagefs\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A New Addition to Our Security Modules: CageFS - Funio Blog\" \/>\n<meta property=\"og:description\" content=\"In a continuous effort to improve server security, we are gradually deploying a CloudLinux module (our operating system) called CageFS. This module allows us to further isolate hosting accounts one from another, in so preventing access to information of an account hosted on our servers through another malevolent account. Over the years we have setup [...]\" \/>\n<meta property=\"og:url\" content=\"http:\/\/blog.funio.com\/en\/2013\/06\/a-new-addition-to-our-security-modules-cagefs\/\" \/>\n<meta property=\"og:site_name\" content=\"Funio Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/FunioHosting\" \/>\n<meta property=\"article:published_time\" content=\"2013-06-05T16:20:05+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2013-06-27T18:34:22+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@funiohosting\" \/>\n<meta name=\"twitter:site\" content=\"@funiohosting\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"http:\\\/\\\/blog.funio.com\\\/en\\\/2013\\\/06\\\/a-new-addition-to-our-security-modules-cagefs\\\/#article\",\"isPartOf\":{\"@id\":\"http:\\\/\\\/blog.funio.com\\\/en\\\/2013\\\/06\\\/a-new-addition-to-our-security-modules-cagefs\\\/\"},\"author\":{\"name\":\"\",\"@id\":\"\"},\"headline\":\"A New Addition to Our Security Modules: CageFS\",\"datePublished\":\"2013-06-05T16:20:05+00:00\",\"dateModified\":\"2013-06-27T18:34:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"http:\\\/\\\/blog.funio.com\\\/en\\\/2013\\\/06\\\/a-new-addition-to-our-security-modules-cagefs\\\/\"},\"wordCount\":362,\"commentCount\":3,\"keywords\":[\"Default\",\"http:\\\/\\\/media.funio.com\\\/images\\\/kb\\\/blog\\\/cloudlinux.gif\"],\"articleSection\":[\"Funio\",\"infrastructures\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"http:\\\/\\\/blog.funio.com\\\/en\\\/2013\\\/06\\\/a-new-addition-to-our-security-modules-cagefs\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"http:\\\/\\\/blog.funio.com\\\/en\\\/2013\\\/06\\\/a-new-addition-to-our-security-modules-cagefs\\\/\",\"url\":\"http:\\\/\\\/blog.funio.com\\\/en\\\/2013\\\/06\\\/a-new-addition-to-our-security-modules-cagefs\\\/\",\"name\":\"A New Addition to Our Security Modules: CageFS - Funio Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blog.funio.com\\\/en\\\/#website\"},\"datePublished\":\"2013-06-05T16:20:05+00:00\",\"dateModified\":\"2013-06-27T18:34:22+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"http:\\\/\\\/blog.funio.com\\\/en\\\/2013\\\/06\\\/a-new-addition-to-our-security-modules-cagefs\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\\\/\\\/blog.funio.com\\\/en\\\/2013\\\/06\\\/a-new-addition-to-our-security-modules-cagefs\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\\\/\\\/blog.funio.com\\\/en\\\/2013\\\/06\\\/a-new-addition-to-our-security-modules-cagefs\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/blog.funio.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A New Addition to Our Security Modules: CageFS\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/blog.funio.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/blog.funio.com\\\/en\\\/\",\"name\":\"Funio Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/blog.funio.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"\",\"url\":\"http:\\\/\\\/blog.funio.com\\\/en\\\/author\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A New Addition to Our Security Modules: CageFS - Funio Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/blog.funio.com\/en\/2013\/06\/a-new-addition-to-our-security-modules-cagefs\/","og_locale":"en_US","og_type":"article","og_title":"A New Addition to Our Security Modules: CageFS - Funio Blog","og_description":"In a continuous effort to improve server security, we are gradually deploying a CloudLinux module (our operating system) called CageFS. This module allows us to further isolate hosting accounts one from another, in so preventing access to information of an account hosted on our servers through another malevolent account. Over the years we have setup [...]","og_url":"http:\/\/blog.funio.com\/en\/2013\/06\/a-new-addition-to-our-security-modules-cagefs\/","og_site_name":"Funio Blog","article_publisher":"https:\/\/www.facebook.com\/FunioHosting","article_published_time":"2013-06-05T16:20:05+00:00","article_modified_time":"2013-06-27T18:34:22+00:00","twitter_card":"summary_large_image","twitter_creator":"@funiohosting","twitter_site":"@funiohosting","twitter_misc":{"Written by":"","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"http:\/\/blog.funio.com\/en\/2013\/06\/a-new-addition-to-our-security-modules-cagefs\/#article","isPartOf":{"@id":"http:\/\/blog.funio.com\/en\/2013\/06\/a-new-addition-to-our-security-modules-cagefs\/"},"author":{"name":"","@id":""},"headline":"A New Addition to Our Security Modules: CageFS","datePublished":"2013-06-05T16:20:05+00:00","dateModified":"2013-06-27T18:34:22+00:00","mainEntityOfPage":{"@id":"http:\/\/blog.funio.com\/en\/2013\/06\/a-new-addition-to-our-security-modules-cagefs\/"},"wordCount":362,"commentCount":3,"keywords":["Default","http:\/\/media.funio.com\/images\/kb\/blog\/cloudlinux.gif"],"articleSection":["Funio","infrastructures"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["http:\/\/blog.funio.com\/en\/2013\/06\/a-new-addition-to-our-security-modules-cagefs\/#respond"]}]},{"@type":"WebPage","@id":"http:\/\/blog.funio.com\/en\/2013\/06\/a-new-addition-to-our-security-modules-cagefs\/","url":"http:\/\/blog.funio.com\/en\/2013\/06\/a-new-addition-to-our-security-modules-cagefs\/","name":"A New Addition to Our Security Modules: CageFS - Funio Blog","isPartOf":{"@id":"https:\/\/blog.funio.com\/en\/#website"},"datePublished":"2013-06-05T16:20:05+00:00","dateModified":"2013-06-27T18:34:22+00:00","author":{"@id":""},"breadcrumb":{"@id":"http:\/\/blog.funio.com\/en\/2013\/06\/a-new-addition-to-our-security-modules-cagefs\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/blog.funio.com\/en\/2013\/06\/a-new-addition-to-our-security-modules-cagefs\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/blog.funio.com\/en\/2013\/06\/a-new-addition-to-our-security-modules-cagefs\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.funio.com\/en\/"},{"@type":"ListItem","position":2,"name":"A New Addition to Our Security Modules: CageFS"}]},{"@type":"WebSite","@id":"https:\/\/blog.funio.com\/en\/#website","url":"https:\/\/blog.funio.com\/en\/","name":"Funio Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.funio.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"","url":"http:\/\/blog.funio.com\/en\/author\/"}]}},"_links":{"self":[{"href":"http:\/\/blog.funio.com\/en\/wp-json\/wp\/v2\/posts\/1462","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/blog.funio.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/blog.funio.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/blog.funio.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"http:\/\/blog.funio.com\/en\/wp-json\/wp\/v2\/comments?post=1462"}],"version-history":[{"count":8,"href":"http:\/\/blog.funio.com\/en\/wp-json\/wp\/v2\/posts\/1462\/revisions"}],"predecessor-version":[{"id":1589,"href":"http:\/\/blog.funio.com\/en\/wp-json\/wp\/v2\/posts\/1462\/revisions\/1589"}],"wp:attachment":[{"href":"http:\/\/blog.funio.com\/en\/wp-json\/wp\/v2\/media?parent=1462"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/blog.funio.com\/en\/wp-json\/wp\/v2\/categories?post=1462"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/blog.funio.com\/en\/wp-json\/wp\/v2\/tags?post=1462"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}