Secure shared web hosting on Ubuntu Server, part 3
In this third and final installment, we’ll look at alternatives and future directions for shared web hosting on Ubuntu Server (go back in time to part 1 and part 2 in case you missed them).
Our original goal was to provide websites for multiple users on one host, keeping them compartmentalized from each other, and to restrict break-ins. We chose to do reverse proxying using Apache, with separate Apache instances for each user, using mod_chroot.
Pros:
- user cannot see or read/write other users files, even on the same shared server, or use any system resources not explicitly provided in the chroot.
- mod_chroot is way less work than building a full chroot jail, and is potentially safer since you don’t have to provide system libraries or binaries, reducing your attack surface
Cons:
- multiple Apache instances consume more memory, and need special configuration and startup scripts
- it is possible to break out of a chroot. It is especially easy if the attacker can somehow get elevated to root (e.g. local security exploit)
Further investigation:
- apache-mpm-itk – This runs Apache child processes as a separate user per vhost. Cannot be combined with mod_chroot, unfortunately, and has some serious drawbacks (see the section on Quirks and Warnings).
- solaris containers, freebsd jail, linux vserver – These are real jails; less overhead than Virtual Machines, but provide more protection than a chroot. These tend to be significantly more complex to set up than something like mod_chroot, but are by design a lot harder to escape than a chroot.
There are some other interesting security-related modules such as mod_evasive that I am checking into further, which may mitigate some of the “cons” above.
Hopefully this will be useful to someone, however security is a process, not a product, and you should not rely solely on something like mod_chroot, but it can be a useful tool as part of an overall strategy that includes monitoring, intrusion detection, and regular security updates.
