CageFS on CloudLinux

[Crimpshrine]

Recently, I received security advisor message saying "LiteSpeed vhosts are not segmented or chroot()ed. Consider a more robust solution by using "CageFS on CloudLinux." I tried looking into this and searching for answer, but I'm stuck. Per CloudLinux Documentation, I tried to installing CageFS by running command

$ yum install cagefs

but I received a message saying "No package cagefs available." After seeing this message, I looked for the installation file, and I did find a folder named cagefs in /etc directory, but it didn't contain the installation file. So far, I had not found the file at all. I'm running CentOS v7.9.2009, so I don't know what is going on. I searched for the same error online, and I did find one on cPanel forum, but it didn't provide me the answer.

Can I get some assistance regarding this matter?

# yum install cagefs
Loaded plugins: fastestmirror, priorities, universal-hooks
Loading mirror speeds from cached hostfile
*EA4: 208-100.0.204
*cpanel-addons-production-feed: 208.100.0.204
*cpanel-plugins: 208.100.0.204
90 packages excluded due to repository priority protections
No package cagefs available.
Error: Nothing to do

 

[quietFinn]

CageFS is only available if you are running CloudLinux.

 

[Crimpshrine]

CageFS is only available if you are running CloudLinux.

The security advisor is telling me to try upgrading to AlmaLinux 8, but the notice I get in the email was for CloudLinux I guess. I am getting very confused. Sorry.

 

[ServerHealers]

CloudLinux OS is a commercial Linux OS used in hosting industry which has many improvements on security and performance side compared to the free OS like CentOS or AlmaLinux. The Cagefs is a feature of CloudLinux OS, and only could be installed if you are running it on your servers. CageFS is a virtualized file system and a set of tools to lock each user in its own ‘cage’. Each customer will have its own fully functional filesystem, with all the system files, tools, etc. For more information, please visit their official articles:

CloudLinux - Tenant isolation with CageFS - CloudLinux

www.cloudlinux.com

 

[Crimpshrine]

CloudLinux OS is a commercial Linux OS used in hosting industry which has many improvements on security and performance side compared to the free OS like CentOS or AlmaLinux. The Cagefs is a feature of CloudLinux OS, and only could be installed if you are running it on your servers. CageFS is a virtualized file system and a set of tools to lock each user in its own ‘cage’. Each customer will have its own fully functional filesystem, with all the system files, tools, etc. For more information, please visit their official articles:

CloudLinux - Tenant isolation with CageFS - CloudLinux

www.cloudlinux.com

Thank you for the clarification and explanation. I have been seeing some limitation with the current service, so I will need to reconsider switching server with CloudLinux soon.

 

[ServerHealers]

Happy to help always! Switching from CentOS/AlmaLinux/RockyLinux cPanel to CloudLinux would be easy and straight forward process.

 

[JoseDieguez]

or maybe is just an upsell.

 

[philbean]

That thought crossed my mind too.

Can I disable this particular 'security notification' ?

I'm aware of it now - but if I don't want to or am unable to switch to CageFS on CloudLinux, I don't really want to keep getting notifications about it (I think this is like the 3rd now in as many weeks)

I don't mean disable all my security notifications. Just this one that seems a bit 'salesman-y'

I've been to my servers Home / Security Center / Security Advisor but this notification doesn't even appear there.

 

[simplysup]

I too would like to know how to disable this Advisory.

Edit to add: even more so, given than I don't have LiteSpeed installed, and Jailed Apache is enabled..

 

[philbean]

Yeah we had a break of a couple of weeks but its back to a notification each day now.

Its in danger of becoming a 'boy who cried wolf' thing.
A security notification should be a rare event to inform you there's an actual issue with the server.
If you get them every day - as its trying to sell you cloudlinux - you just end up ignoring them and then missing anything actually important that might be in there one day.

Please remove this from the security notifications or allow us some option to disable this particular one.

 

[ttremain]

Its in danger of becoming a 'boy who cried wolf' thing.
A security notification should be a rare event to inform you there's an actual issue with the server.
If you get them every day - as its trying to sell you cloudlinux - you just end up ignoring them and then missing anything actually important that might be in there one day.

Please remove this from the security notifications or allow us some option to disable this particular one.

Agreed 100%. Every day we get a sales pitch from each and every server. I don't always look at them now.

 

[cPRex]

We have more details about this here, as well as a case open with our developers: In Progress - CPANEL-41951 - LiteSpeed segmented chroot()ed spam on server that don't have LiteSpeed