Home > Cpanel, Linux Security > Cagefs Security why ?

Cagefs Security why ?

1) What is cageFS ?

CageFS is a kernel level security which enable the separate environment for user level and protect from been hacked on different level such as symbolic link, openbase dir etc. More on CageFS is a virtualized file system and a set of tools to contain each user in its own 'cage'. Each customer will have its own fully functional CageFS, with all the system files, tools, etc.

2) What are the requirements for Installing CageFS

•kernel: lve0.8.54 or later
•7GB of disk space
CageFS will automatically detect and configure all necessary files for:
•cPanel
•Plesk
•DirectAdmin
•ISPmanager
•Interworx
•MySQL
•PostgreSQL
•LiteSpeed

3) Why we need CageFS ?

•       Per user, virtualized file system
–       User can see only their own files / safe system files
–       Virtualized /etc, including passwd file
–       No config files with all the users
–       Only one user in /home
–       No presence of other users.
•       Virtualized /proc – user can see only their own processes
•               Virtualized /dev file system

4) What is the command to update cagefs Skeleton Directory

/usr/sbin/cagefsctl --init

5) Can I install CageFS on Windows ?

No

6) After Enabling the CageFS does User get access to view other users process

No

7) CageFS Can support any PAM enabled service? True Or False

yes

8) How can I disable CageFS for User

/usr/sbin/cagefsctl --disable username

9) What resources I can restrict with help of CageFS

Ram , CPU , number of concurrent process.

10) How I can add newly install service to cageFS

/usr/sbin/cagefsctl --update

11) “/etc/cagefs/exclude/systemuserlist” is use for

Exclude users from CageFS

12) “/etc/cagefs/black.list “ is content ?

Excluding files from CageFS

13) To enable PostgreSQL support in CageFS what custom changes I need to done ?

1.make sure you have updated to latest version of PostgreSQL
2.Edit file /etc/sysconfig/postgres, and uncomment SOCK_DIR line
3. Restart PostgreSQL by running: 
        service restart postgresql

If you are using cPanel, you would also need to modify file: /etc/cron.daily/tmpwatch
And update line 
flags=-umc 
to:
flags=-umcl

14) How to enable Custom /etc files per user ?

To create custom file in /etc directory for end user, create a directory:
/etc/cagefs/custom.etc/[username]
 Put all custom files, and sub-directories into that direcotry.
 For example, if you want to create custom /etc/hosts file for USER1, create a directory:
/etc/cagefs/custom.etc/USER1
 Inside that directory, create a file hosts, with the content for that user.
 After that execute: 
$ cagefsctl --update-etc USER1

If you are making changing for multiple users, you can run:
$ cagefsctl --update-etc
 To remove custom file, remove it from /etc/cagefs/custom.etc/[USER] directory, and re-run
$ cagefsctl --update-etc

15) CageFS can be easily uninstall ? True Or false.

True

16) How to add/remove RPM from cagefs skeleton Directory

cagefsctl --addrpm ffmpeg
cagefsctl --update
Advertisements
Categories: Cpanel, Linux Security
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: