Home » CloudLinux security » Security and Important Benefits of using Cloudlinux.

Security and Important Benefits of using Cloudlinux.

security-important-benefits-cloudlinux1
12 Jul

Security and Important Benefits of using Cloudlinux.

By CloudLinux security Comments Off on Security and Important Benefits of using Cloudlinux.

What is CloudLinux ?

Cloudlinux provides cloudlinux operating system mainly a OS, which is a modified kernel based on an OpenVZ kernel and with just few steps it is easily interchangeable with the current CentOS kernel. Working in a shared hosting environment can be quite challenging and more importantly you need to keep the resources intact thus not allow to abuse the server resources. There are situations when there is a sudden spike in the resource usage or an increase in traffic and more potentially DDOS attack on the server. These are the most challenging situations that a server administrator has to cope on a day to day basis. Cloudlinux which was launched in 2010, can be quite useful in order to achieve a high stability on the shared server environments. Refer here for more details What is Cloudlinux ?

 So what are the challenges faced in a shared hosting environment ?

On a shared hosting server there are hundreds to thousands of websites that are hosted and the server administrator has a limited control over the resources used by these websites and it’s quite difficult to limit CPU, RAM and other resources to each website. If one of the website is grabbing most of the server resources, then it may be due to heavy traffic or poorly written scripts or the website under DDOS attack. Such situations can lead to downtime for rest of the websites on the server or it can even make the server unresponsive. This will adversely affect the rest of the clients hosting their websites and eventually leading to unhappy customers.

How Cloudlinux handle these situations.

Cloudlinux provides LVE (Light weight environment) + CAGEFS that encapsulate a website in the virtual isolated environment. Using this technology, the resources can be limited, monitored, managed by using a graphical user interface tool LVE manager.  It’s just a one script install “yum install lvemanager”.

cPanel LVE interface looks as below.

Current usage 

cPanel LVE interface

The current usage table refresh every 10 seconds and you can change the value form the dropdown box in front of Auto-refresh.

Current usage table provides the information in a sequence of the Speed, memory, IO, IOPS, Number of Processes, and Entry Processes being used by the top processes.

Userscloudlinux-users

You can choose user tab to view the list of all the users present on the server and you can limit their resources using factors such as Speed, memory, IO, IOPS, Number of Processes, and Entry Processes by just clicking on the pencil icon.

cloudlinux process

You can just click on the save button to apply the changes.

Statistics

 cloud linux live manager

The statistics table shows host users statistics usage based on the factors stated below.

  • CPUusage per user;
  • PMEMusage per user;
  • VMEMusage per user;
  • IO(in Kb/sec per user).

And you can filter them as per Timeframe, limit, Top LVE, LVE approaching limit (user reaching it’s maximum allocated resources) , LVE fault (users already hit the limit)

Options

cloud linux optionThis table is useful if the administrator wants to receive notifications when a user hit the faults and you can just tick the option for the faults you want to include as per your convenience.

Packages

 cloud linux packages

Assigning limits to each account individually can be time consuming so packages tab allow you to create packages with proper limits and you can assign these packages to as many clients on the server and they will automatically inherit the limits assigned in the package.

Selector

Cloud linux SelectorAnother important feature of cloudlinux is that it provides old PHP versions those have reached the End of life like php 4.4, 5.1, 5.2, 5.3, 5.4, 5.5 which are no longer provided by cPanel, along with the latest php version php 5.6, 7.0 and 7.1. You can choose from the list of php modules those are required by the websites to function properly.

Additional Features

Improve stability by limiting the resources

Improve stability by limiting the resources for each user account on a shared environment using LVE technology which means no more downtime from just one website.

Harden/Secure kernel

The secure kernel prevents malicious users from attacking other user’s website on the server. It provides symlink protection, trace exploit by restricting the visibility of ProcFS to only what is obligatory.

Admin interface in WHM

The graphical user interface is designed in such a simple format that it’s quite easy to monitor, modify and manage user accounts based on CPU, RAM and I/O usage.

Off (monitor only)

It will not throttle clients queries and just help you track the abusing ones.

Improve performance

Apache mod_lsapi is a module based on LiteSpeed Technologies API which can be used with PHP, Ruby and Python. It offers excellent PHP performance, low memory usage united with great security and support for opcode caching.

Abusers (Default mode)

In this case, once the user hits the limit specified by MySQL governor then it will run inside it’s own user’s LVE. This is suitable in a case where the website is fast but the queries are slow. If someone abuses MySQL then this will cause the queries to share LVE along with PHP processes. Due to which PHP processes will the throttled and eventually rate limit the queries to be sent to MySQL for processing.

Advance security

Advance security using CageFS technology which encapsulates user from viewing another users sensitive information or processes by adding the user in a virtual environment called cage. It also prevents large number of attacks and allow user to only use safe binaries.

Multiple php versions

As discussed above in the selector sector, cloudlinux provides more flexibility to choose php versions along with php extensions to the clients.

Database Stability

Cloudlinux provides MySQL governor which is an essential tool to monitor and restrict MySQL usage in shared hosting environment. MySQL governor kills slow select queries or the queries who are abusing the server and throttle them in the real time. MySQL gives you a choice to run the operation in multiple modes.

Single (Deprecated)

It means when a customer reaches it’s limit that is specified by MySQL Governor then it will be put inside LVE with id 3 automatically. Similarly, if 5 customers hit the limit then all these will be restricted with the same limit and they will use the share the same LVE.

All

This mode allows to run queries inside users LVE. There is no sperate LVE for MySQL governor. Thus, the php process + MySQL share the same resources preventing any spike.

The most common errors faced by client while using Cloudlinux are “508 error resource limit are reached”.

Refer here for the – Fix

Website abuse are the most common reason for such error. The Entry process limit is easily exhausted when the domain is under an attack such as DOS, Brute force or spamming of comments on the webpage. For example, If you are using WordPress website then under the access logs you might see continuous logs for xmlrpc. This means that the domain is under xmlrpc attack and cloudlinux EP process limit will put an end to such attacks.

cPanel along with Cloudlinux can be the best solution to effectively handle users accounts on a shared hosting platforms and happy customers at the end of the day.

Share this post

Author

Founder & CEO of 24x7servermanagement.com with 20 years of experience in Cloud Infrastructure, Managed IT Services, Systems Administration, Devops, Microservices & Kubernetes. Certified AWS Cloud, Certified Kubernetes Administrator.

Related Posts

cloud services
30 Oct

Hybrid and Multi-Cloud Management Strategies: Navigating Complexity with Cloud Management Services

With today’s world being digital-first, companies are embracing multi-cloud and hybrid cloud environments to gain flexibility, scalability, and cost [...]

Read More
All Department