CloudLinux is a CentOS-like system targeting shared hosting providers. It isolates each customer into a separate LVE, each one with allocated resources like CPU, memory, IO and connections for each tenant. This ensures that tenants cannot jeopardize the stability of your servers, causing all sites to slow down or even come to a halt. CloudLinux OS also ‥cages” tenants from one another to avoid security breaches. This way, unstable scripts or malware are not able to sprawl across your customer sites, causing severe harm.
The CloudLinux License could be purchased from https://www.directadmin.com/pricing.php.
Protection against symbolic link attacks
CloudLinux has some powerful tools to help reduce symlink attacks.
For the most part, we don't really need them, as DA uses the "secure_access_group" method on
/home/user folders, and Apache itself is patched with the "harden symlinks" patch (internally swaps FollowSymlinks for SymLinksIfOwnerMatch).
Sometimes issues can arise from this extra layer of security (see some common errors, below).
If you need to disable the checks (temporarily or permanently):
fs.enforce_symlinksifowner = 0
fs.protected_symlinks_create = 0
- Then set them to the system, without needing a reboot:
- Confirm they're set:
sysctl -a | grep -E 'fs.enforce_symlinksifowner|fs.protected_symlinks_create'
Unable to extract the directory 'backup' from the file /home/admin/admin_backups/user.admin.username.tar.gz as user username
File '/home/admin/admin_backups/user.admin.username.tar.gz' was 1234567 bytes in size, as read by root.
In this case, it was found there were symbolic links in the backup, which could not be extracted because they were pointing to root-owned files. Note, this error could be cause by other things such as file corruption, but this is one possibility to be aware of.
Many lsphp processes, high CPU load, high memory usage
With this issue, a huge amount CPU load, high memory usage and many lsphp processes were observed.
The 'top' output showed 0.0% idle for CPU, and almost all memory and swap was used up. Load average was hovering around ~50
/etc/httpd/conf/extra/mod_lsapi.confand increase the lsapi_backend_children value to 200:
- With mod_security, in the comodo DA plugin,:
Web Application Firewall | Free ModSecurity Rules from Comodo
go to the tab "Security Engine" and set:
Request Body Access: Off
- Restart httpd:
service httpd restart