store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Thu Nov 27, 2014 10:12 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: Plesk 10.4.4/ASL versus Plesk 10.4.4/CageFS
Unread postPosted: Mon Feb 27, 2012 2:40 pm 
Offline
New Forum User
New Forum User

Joined: Mon Feb 27, 2012 1:31 pm
Posts: 2
Location: Georgia
Ok so here is the scenario.

I have 2 test systems going. (The winner will end up in production)

It is a shared hosting environment so security and site isolation are most important.

Performance is important but slightly minimized as each box has 32GB RAM and dual Quad core processors which should be enough to allow the main focus to stay on server security and site isolation rather than performance/security using up too much resources.

> Box1
CentOS 6 x86_64 - Plesk 10.4.4 and ASL Kernel (2.6.32.57-12.art.x86_64) - for all the extra benefits of ASL.

>> Box2
CloudLinux 6 x86_64 - Plesk 10.4.4 and Cloud Linux 6 Kernel that supports LVE and CageFS 3

Since Cloud Linux was listed as a supported OS I did try to use the ART Kernel but I see it is not compatible.

Ongoing questions are:
(1) Is the shared hosting site isolation in Plesk 10.4.4 good enough to ignore the Cloud Linux benefits and stick with the ASL Kernel and its added security (which is working out very nicely so far)

(2) Would the Cloud Linux Site Isolation benefits (Security & High Availability) + Plesk 10.4.4 + ASL Lite (aka ModSecurity + updated rules) be the MORE SECURE way to go..?

(3) Would the ohh so tempting upcoming Tortix Enterprise Security package work without the ASL kernel (of course not but that also adds a little twist to things because if Tortix Enterprise Security does what it appears it will do on the check list chart shown on http://atomicorp.com/products/products-comparison.html then it cannot be overlooked too easily..)

Any insight, suggestions or just random opinions would be helpful!

Thanks,


Top
 Profile  
 
 Post subject: Re: Plesk 10.4.4/ASL versus Plesk 10.4.4/CageFS
Unread postPosted: Mon Feb 27, 2012 2:57 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7959
Location: earth
So short version, Id recommend you go with Cloudlinux and ASL. Run their kernel for now, and very soon we will support LVE in our kernel. You can switch to that one later.

1) The internal plesk site isolation is mainly done by open_basedir in php, and permissions in the file system. The advantage of the ASL kernel is that we enforce a lot of those restrictions in the kernel. CageFS does that via the file system, which is good but without the kernel level enforcement can still be bypassed. Id say this is one of those places where ASL & CageFS compliment each other best.

2) You'd be losing out on a lot of other stuff with just Lite. Active response, vulnerability scanning, kernel doodads, HIDS, etc.

3) You'll be able to add Tortix to an existing ASL system. We're going for a modular approach with it, ASL is the framework.


Top
 Profile  
 
 Post subject: Re: Plesk 10.4.4/ASL versus Plesk 10.4.4/CageFS
Unread postPosted: Tue Feb 28, 2012 6:10 pm 
Offline
New Forum User
New Forum User

Joined: Mon Feb 27, 2012 1:31 pm
Posts: 2
Location: Georgia
That sounds like very solid advice/logic, Thanks!

I agree and will take your recommended route and also keep the full ASL.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group