Secure Private information

[coursevector]

I have a cPanel server where the main disk is unencrypted. I've attached an encrypted disk to the server to store all customer private information. My plan was to mount the disk as /home and then symlink all necessary folders to that /home partition.

- Mount the new drive as /home
- Symlink /var/lib/mysql to /home/mysql (configure MariaDB ProtectHome=false)
- Symlink /var/log to /home/log
- Symlink /usr/local/apache/domlogs/ to /home/local/apache/domlogs/
- Symlink /usr/local/apache/logs/ to /home/local/apache/logs/
- Set backups to /home/backup

Would this work? Am I missing anything? Anything wrong with this plan?
The goal is to have all customer information (logs, files, database) all stored physically on the encrypted drive and not the unencrypted drive.

 

[cPanelMichael]

Hello @coursevector,

Can you share more information about how the additional disk is encrypted?

Thank you.

 

[coursevector]

It is an attached EBS disk on an AWS EC2. So it's hardware encrypted at rest.

 

[cPanelMichael]

Hello @coursevector,

It's my understanding that as long as the disk is attached to the server as a block device, then the OS and by extension cPanel & WHM, should treat it as a normal storage device.

That said, creating symbolic links the way you described in your first post isn't recommended or tested. Have you considered setting up a new cPanel & WHM instance using EBS elusively and then transferring the accounts on the existing instance to the new one?

Thank you.

 

[coursevector]

I would if it was a normal EC2. But unfortunately this is running on a Lightsail instance where the root disk is unencrypted by default but attached disks are encrypted by default. Which means in order to have the data secured, I need to move as much as I can to the secondary disk.
I do understand that if I mount the disk to /home2 (or something to that effect), it would take advantage of it automatically. I could even default it to use /home2. But my concern is then tat that point that the database, logs, (anything else?) that is not stored in the /home directory would be unencrypted. Do you have a better way to handle it?

 

[cPanelMichael]

Hello @coursevector,

While unsupported and untested, setting up a bind mount to point directories such as /var/lib/mysql/ to the desired /new-storage/ location is one option to consider. I recommend setting up a temporary instance that duplicates your current environment, attaching EBS storage to the duplicated instance, and then add the bind mounts to verify everything works as intended before applying the same changes to your production server. Here's a link to a post that links to an example of how to setup a bind mount:

Change MariaDB tmp folder?

Let me know if you have any questions.

Thank you.

 

[coursevector]

Do you know all the locations that a user's information may be stored in cPanel? As mentioned in my first post, I know the user databases are stored in the /var/lib/mysql/ folder. The user files are stored in /home/username/ , but is that it? Email is stored in /home/username/ as well correct? That would just leave what, logs? Am I missing anything?

 

[cPanelMichael]

Hello @coursevector,

While it's not directly related to your question, the third step on the following document include a list of paths where common cPanel account data is stored:

How to Manually Migrate Accounts to cPanel from Unsupported Control Panels - cPanel Knowledge Base - cPanel Documentation

However, there are additional locations where account-specific data is stored outside the account's home directory. For example:

/var/named/ - includes the domain's DNS zones;
/var/cpanel/userdata/username/ - includes the account's cPanel/Apache configuration data.

You can backup an account using Pkgacct and then manually extract the archive to see which files/directories the account data is pulled from.

Thank you.

 

[coursevector]

@cPanelMichael ,
Thanks for the insight, that's helpful to know. I think i can work with this.

 

[coursevector]

@cPanelMichael
I do have one more question. You suggested to to package and account and "see which files/directories the account data is pulled from". But I can't tell where these files come from based on the backup itself. While the link you sent is helpful, it lists about 10 paths, but a backup has about 50 folders. So I feel like it's not a 1:1 match up. Do you have any documentation that maps a backup file in more detail?

 

[cPanelMichael]

Hello @coursevector,

cPanel & WHM isn't currently designed with the intent to isolate account-specific data to specific parts of the filesystem. Thus, we don't have a document that provides a list of every location on the filesystem where account-specific can potentially exist, and existing paths could change in the future as new features are added. A feature request for the ability to isolate account-level data to specific parts of the filesystem is likely the best approach here:

Submit A Feature Request

In the meantime, the paths you noted earlier in this thread look to encompass the traditional account-specific data paths. The one addition I can think of is the /var/spool/ directory. While emails are stored in the account's /home/username/mail/ directory upon successful delivery, account-specific email data could exist in the Exim queue (e.g. in the corresponding sub-directory under /var/spool/) if a message is rejected or held. Additionally, a user's cron job syntax is stored in the /var/spool/cron/ directory.

Thank you.