CageFS is a virtualized, per-user file system that uniquely encapsulates each customer, preventing users from seeing each other and viewing sensitive information. CageFS prevents a large number of attacks, including most privilege escalation and information disclosure attacks. It is completely transparent to your customers, without any need for them to change their scripts.
Linux was never meant to be used by a large number of unvetted users and is therefore extremely prone to hacking. It is far too easy for a hacker to obtain an account on your server by using a stolen credit card and signing up or by abusing an outdated script one of your customers has not updated for years. After that, a hacker has inside access to the server and can begin poking around and attacking your server. That leaves you with the nightmare of cleaning up your hacked server.
CloudLinux OS prevents this nightmare from happening. With CageFS, users are virtualized to their own file systems, preventing any individual user from seeing any other users on the server.
With CageFS:
- Users only have access to safe files.
- Users cannot see other users and have no way to detect the presence of other users or user names on the server.
- Users cannot see server configuration files, like Apache config files.
- Users have a limited view of their own processing file system, and cannot see other users’ processes.
This innovative technology operates on the following principles:
- Only allow safe binaries to be available to users.
- Remove each user’s access to ALL SUID scripts.
- Limit each customer’s access to the /proc filesystem.
- Prevent symbolic link attacks.
Even with this extensive security, a user’s environment is fully functional, and users do not feel restricted in any way. CageFS is completely transparent to the end user, yet impregnable to a hacker.