Cloudlinux symlink security

anniesteephan · Feb 28, 2013

Hi,

We recently moved our servers to cloudlinux as many recommending it to
fix symlink security issue discussed in following thread.

http://forums.cpanel.net/f185/how-prevent-creating-symbolic-links-non-root-users-202242.html

After moving server to cloudlinux, i don't do the normal httpd.conf
disable FollowSymlink overide. After few days, our sites got hacked. We
fixed it by modifying httpd.conf as per the thread.

How do i make cloudlinux protect againest these type of attacks ?

I read many suggesting CageFS, this can be installed on live servers
or it is a file system like ext3/4 etc.. that need to be enabled
during OS installation ?

Thanks,

Annie

lldeepakll · Feb 28, 2013

Hi,

CageFS is a virtualized file system and a set of tools to contain each user in its own 'cage'. It can be install using simple Yum command. You can find the cagefs installation steps at below url.

CloudLinux Documentation

You can also enable securelinks as described at below url.

SecureLinks.

Thanks

AlexisMeroni · Mar 8, 2013

The cage don't work --'

iseletsk · Mar 8, 2013

Alexis,

Could you give a bit more details -- what exactly doesn't work?
CageFS by itself doesn't prevent symlink problem. You have to enable SecureLinks protection to solve it:
CloudLinux Documentation

Thread starter	Similar threads	Forum	Replies	Date
O	CloudLinux - Where to now?	Operating Systems	2	Mar 30, 2023
	What differentiates AlmaLinux from CloudLinux?	Operating Systems	3	Oct 3, 2022
	cloudlinux vs cloudlinux for cpanel	Operating Systems	8	Aug 6, 2022
F	Apache Symlink Protection: CloudLinux CageFS is installed but not currently running	Operating Systems	11	Dec 23, 2016
H	CloudLinux Symlink Protection AND PHP selector	Operating Systems	3	Oct 7, 2016

Search

Search

Cloudlinux symlink security

anniesteephan

Member

lldeepakll

Well-Known Member

AlexisMeroni

Active Member

iseletsk

Well-Known Member