Security Hardening
Best practices for securing your Simuzo installation and hosted users.
Infrastructure Security
Firewall Configuration
Restrict access to your control panel ports (e.g. for Webuzo its 2004-2005 for the Admin Panel) to known IP addresses if possible, or use a WAF (Web Application Firewall).
User Isolation (SimuzoFS)
The core security feature of Simuzo is SimuzoFS. Ensure it is enabled for all users to prevent them from seeing other users' files or sensitive system files.
- SimuzoFS isolation: Each user has their own virtualized filesystem.
- PAM Integration: Ensure the PAM module is correctly installed to jail users on SSH/FTP login.
Resource Limits (cGroups)
Configure resource limits to prevent "noisy neighbor" effects and DoS attacks originating from hosted accounts.
- Memory Limits: Set hard limits to prevent OOM (Out of Memory) conditions on the server.
- Process Limits: Limit the number of concurrent processes per user.
- CPU Quota: Prevent a single user from hogging all CPU cores.
MySQL Governor
Enable MySQL Governor to monitor and throttle database resource usage. This prevents database-driven DoS attacks and ensures fair usage of the database server.
Audit Trail
Regularly review the Audit Trail in the Admin Panel. It logs significant events such as:
- Login attempts (Success/Failure)
- Configuration changes
- Resource limit hits
- Suspicious activity
Enable email notifications for "Faults" in the Stats settings to be alerted when a user consistently hits their resource limits.
System Updates
Keep Simuzo updated. Use the CLI to check for core updates:
simuzo --update