How to Enable New CloakFS Features Run this: yum --disableexcludes=all upgrade betterlinux\* Then reboot your system. After installing or upgrading to the 1.1.5-1 release, you can enable new CloakFS features: "cloak_file" and "block_suid" vim /etc/betterlinux/cpud.conf.d/cpanel.conf Find the lines that starts with: #cloak_file Remove the "#" symbol: cloak_file Then find the line that starts with: #block_suid Remove the "#" symbol: block_suid Save the file and restart cpud and cloakfs: service cpud restart service cloakfs restart Reverse the process to disable the features. The cloak_file lines will block users from seeing /etc/passwd, /etc/named.conf, and /var/log. The block_suid line will block root suid programs from running as users listed in the group= argument. The programs= argument contains a list of programs that are allowed to run. You can view this list in /etc/betterlinux/cpanel/block-suid-exceptions. Please add or remove any programs to customize it for your business needs and then restart cpud and cloakfs: service cpud restart service cloakfs restart Stock Linux steps: "cloak_file" is a parameter that allows you to hide all files in /etc/passwd/, named.conf, and /var/log with pre-installed scripts. You can also write your own scripts for hiding any other file or directory. In your custom .conf file, add the following parameters with their included value settings, substituting ExampleGroup_Level1, etc., with your own BetterLinux group names. If you are just beginning, see the BetterLinux documentation for information on creating BetterLinux groups and where to find and how to use .conf files. Add only the parameter and its values to your .conf file. Hide /etc/passwd: (note: the password file cloaking is incompatible with nscd (name service cache daemon).) cloak_file file=/etc/passwd cloak_with_program=/etc/betterlinux/bin/etc_passwd_handler cloak_file_from_group=ExampleGroup_Level1,ExampleGroup_Level2 Hide /etc/named.conf: cloak_file file=/etc/named.conf cloak_with_program=/etc/betterlinux/bin/etc_named_conf_handler cloak_file_from_group=ExampleGroup_Level1,ExampleGroup_Level2 Hide /var/log: cloak_file file=/var/log cloak_with_program=/etc/betterlinux/bin/var_log_handler cloak_file_from_group=ExampleGroup_Level1,ExampleGroup_Level2 As stated above, using the same format, you can write your own scripts for hiding other files and directories. Programs that users in the group are allowed to run can also be specified. Read the block_suid section under CloakFS & Security for more information. |