Securing shared hosting using CageFS - CloudLinux

bemutefrogtownSecurity

Nov 18, 2013 (3 years and 11 months ago)

138 views

Igor Seletskiy
CEO, CloudLinux
Securing shared hosting
using
CageFS

Linux OS based on RHEL source RPMs

Binary compatible with RHEL 5.x/6.x
and
CentOS
5.x/6.x

Made for Shared Hosting Companies

Focus on Stability and Security

Excellent, free 24/7 support

Affordable for Companies of any Size
CloudLinux delivered patches for several local exploits
days before RHEL and
CentOS

Single customer is the most common
cause of downtime

Getting read of spikes would prevent issues
for other customers

Hard & expensive to investigate

Takes time to track, which results in downtime
for the server.

Lightweight resource limits

CPU/Concurrent Connection/Memory limits

Virtualized file system
-
CageFS

Transparent to administrator

Easy to deploy to
CentOS
/RHEL servers

No need to setup per customer limits

Easy to monitor resources usage on per user bases

Works with ANY control panel

Better stability

Improved security

No server slow downs

No need to suspend customers due to resource
abuse

Simplifies up sell to higher plans / VPS

Removes the need to
upsell
to VPS

Ability to track usage on per customer bases

Less support

Better density

Exploit vulnerability in web applications

Outdated

Buggy

Insecure

Brute force passwords

Attack 0
-
day vulnerability in apache/
php
, etc…

Signup using stolen credit card
Shared Host cannot prevent hackers from executing
arbitrary code on their server

One compromised account is often
enough to take over the whole server

Find out all users on the server

Symbolic link attacks against
wordpress
config
files

ln
-
s ~user1/
public_html
/wp
-
config.php ~hacker/
public_html
/read.html

Scan for bad permissions

Privilege escalation attacks

Anything that can be done via shell, can
be done via CGI

Majority of things can be done via PHP

PHP is not secure

Cron
is another way to execute scripts
The first thing hacker does after gaining access
to end user account:
Installs PHP shell

mod_php
depends on safe mode

Not Reliable

Deprecated as of PHP 5.3.0, removed in PHP
5.4.0
The PHP safe mode is an attempt to solve the shared
-
server security
problem. It is
architecturally incorrect
to try to solve this problem at the
PHP level, but since the alternatives at the web server and OS levels
aren't very realistic, many people, especially ISP's, use safe mode for now.
--
php.net

Per user, virtualized file system

User can see only their own files / safe system files

Virtualized /etc, including
passwd
file

No
config
files with all the users

Only one user in /home

No presence of other users.

Virtualized /proc

user can see only their own processes

No SUID software

Virtualized /dev file system

One user cannot see any other users

Protects shell,
cron
& web sessions

Can support any PAM enabled service

Cannot see other user’s processes

Provides safe environment

Users can feel protected

Can be deployed to production servers
with live users

Easily switched on / off

Web interface for most control panels

Powerful command line tool

Very flexible, supports highly customized
deployments
cPanel
,
Plesk
, ISP Manager,
DirectAdmin
,
InterWorx

Protection against symbolic link attacks.

Part of
CageFS

Better then
SymlinksIfOwnerMatch

Doesn’t suffer from race condition

Better Performance
This option should not be considered a security restriction,
since
symlink
testing is subject to race conditions that make it
circumventable
.
Apache Documentation http://httpd.apache.org/docs/2.2/mod/core.html
Type
CPU
Memory
IO
Number of
connections
CageFS
mod_php
Yes
No
Maybe
Yes
No*
mod_php
+
mod_ruid2
Yes
No
Maybe
Yes
No*
mod_php
+
MPM
_ITK
Yes
Maybe
Maybe
Yes
Yes
mod_suPHP
Yes
Yes
Apr
2012
Yes
Yes
mod_fcgid
Yes
Yes
Apr
2012
Yes
Yes
mod_cgi
Yes
Yes
Apr
2012
Yes
Yes
FPM
Yes
Yes
Apr
2012
Yes
Yes
LiteSpeed
Yes
Yes
Apr
2012
Yes
Yes
Most Customers Deploy CloudLinux

To Existing Production Servers
Visit Us At CloudLinux Booth
http://www.cloudlinux.com