Results 1 to 1 of 1
-
28th Jun 2012, 03:19 PM #1OPBannedWebsite's:
KWWHunction.comSome basic cPanel server security tips / cpanel setup
I typed this guide up some time ago, thought id go ahead and give it a post
================================================== ============
***cP/WHM installation and configuration***
================================================== ============
cP/WHM Installation
NOTE: To install cPanel/WHM you will need the minimum of 512 Megabytes, 40 GB of disk space and at least a processor @ 1.5 GHZ
To begin your installation, use the following commands into SSH "make sure you use each line as a command"
last "this will show you if your hosting provider has ran any commands as some times dedicated providers do"
setenforce 0 "disable SELinux as it can conflict with cPanel"
cd /home
wget http://layer1.cpanel.net/latest
./latest
***Installing cpanel/whm control panel can take between 30 minutes and 3 hours dending on the hardware you run within your server***
================================================== ============
***Domain Name Server Setup/Configuration "DNS"***
================================================== ============
After the cpanel installation you will be guided through a quick setup through out the setup you will be asked to use
NSD or BIND for your domain name server make sure to select BIND i have listed a short wiki below
Name Server Daemon (NSD) is an authoritative only, high performance, open source software for Domain Name System. NSD has been designed from scratch specifically as an authoritative name server. NSD was developed by NLnet Labs of Amsterdam in cooperation with the RIPE. NSD uses the standard TCP/UDP port 53 and has the same zone file format at BIND.
BIND (Berkeley Internet Name Domain OR named) is an implementation of DNS protocols which serves the request on the port 53 especially on Unix like systems. It contains all of the software needed both to ask name service questions and to answer such questions.
But now were going to move on you will have a option to add your resolvers in the whm setup quide along with name servers make sure when imputing the information
that you double check it twice over after you have finished with the setup login to ssh and run
nano /etc/nameserverips
your configuration should be blank you will want to manually input
ns1.yourhost.com=192.14.135.135
ns2.yourhost.com=192.14.135.136
Now please take note the two IP address's above i have used as a reference only you will need to use your own, It Ctrl X and save
================================================== ============
***Basic cPanel Harding & Tweaking Service Configurations***
================================================== ============
Below you can access the few options below in security center in WHM the security center will have a little lock by it or you can hold ctrl f and use
your browsers search function for security center
Enable open_basedir protection
Disable Compilers for all accounts(except root)
Enable Shell Bomb/memory Protection
Enable cPHulk Brute Force Protection
================================================== ============
WHM ? Account Functions:
================================================== ============
Disable cPanel Demo Mode
Disable shell access for all accounts(except root)
================================================== ============
WHM ? Service Configuration ? FTP Configuration:
================================================== ============
While your in WHM "root" use ctrl f and find FTP Configuration within this configuration you will want to disable the following
You will want to right click the following options and select NO
Allow Anonymous Logins - NO
Allow Anonymous Uploads - NO
Allow Logins with Root Password - NO
================================================== ============
WHM ? MySQL:
================================================== ============
Now were going to do a bit to my SQL once again hold down CTRL F and search for SQL Services
select MySQL Root Password
Set some MySQL password(Don?t set the same password like for the root access)
-If you didn?t set MySQL password someone will be able to login into the DB with
username ?root? without password and delete/edit/download any db on the server.
================================================== ============
WHM ? Service Configuration ? Apache Configuration ? PHP and SuExec Configuration
================================================== ============
Enable suEXEC ? suEXEC = On
When PHP runs as an Apache Module it executes as the user/group of the
webserver which is usually ?nobody? or ?apache?. suEXEC changes this so
scripts are run as a CGI. Than means scripts are executed as the user
that created them. With suEXEC script permissions can?t be set to
777(read/write/execute at user/group/world level)
================================================== ============
WHM ? Apache Global Configuration & Security :
================================================== ============
When configuration the Apache Global configuration make sure
that the following are all set to "Off (PCI Recommended)"
(TraceEnable, ServerSignature, ServerTokens, FileETag)
Doing this will hide your apache/php version among other
various things it is a MUST.
================================================== ============
***PHP SECURITY, Optimization & Security***
================================================== ============
PHP Security is very important you can either have to much of it or not enough of it one thing you have to remember there are dozens of functions you can disable how ever
you really only need to disable a few for your basic security needs you can configure your function list in "PHP Configuration" in Web host manager once again
CTRL F search for PHP Configuration Editor once loaded select Advanced Mode enable safe mode, and input the functions below or your own!
disable_functions = ini_set, base64_decode, fsockopen, system_exec, allow_url_fopen, myshellexec, posix_getgrgid, posix_kill, system, parse_ini_file,
escapeshellcmd, escapeshellarg, show_source, posix_mkfifo, pconnect, link, dir, symlink, pcntl_exec, ini_alter, pfsockopen, cmd, shell_exec
Make sure to recompile PHP with --disable-posix as Posix is known for bypassing Safe Mode and open_basedir
You should also look into disabling Perl and Python as these can also access files if the wrong person has access to them.
Remember, Certain functions that are included in this rule set may break popular scripts such as WHMCS/WordPress/vBulletin,IPB
================================================== ============
I was asked to write up a small guide/tutorial for cPanel/WHM as i am moving im currently in a tad of a rush but this bit should be fine for the time being ; ) i will be going over my short reference guide
and editing and adding things over the next few weeks for a second release here for KWWHunction
Best regards all, DLowDLow Reviewed by DLow on . Some basic cPanel server security tips / cpanel setup I typed this guide up some time ago, thought id go ahead and give it a post <3 ============================================================== ***cP/WHM installation and configuration*** ============================================================== cP/WHM Installation NOTE: To install cPanel/WHM you will need the minimum of 512 Megabytes, 40 GB of disk space and at least a processor @ 1.5 GHZ To begin your installation, use the following commands into SSH "make sure you use each line Rating: 5
Sponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
Plesk to cPanel security issue
By Webmin in forum Server ManagementReplies: 2Last Post: 2nd Apr 2012, 01:32 PM -
Basic But Powerful Steps to secure cPanel VPS.
By Maryan in forum Technical and Security TutorialsReplies: 1Last Post: 18th Aug 2011, 06:06 PM -
[Shared] TechniHost.Com - cPanel, Instant Setup, $1.00, (USA)
By edwart in forum ArchiveReplies: 10Last Post: 12th Apr 2011, 12:08 AM -
how to setup cron in cpanel?
By pirateaccess in forum Server ManagementReplies: 5Last Post: 26th Oct 2009, 07:26 PM -
cronjob setup in cpanel
By pirateaccess in forum Webmaster DiscussionReplies: 1Last Post: 15th Jun 2009, 06:54 PM
themaLeecher - leech and manage...
Version 4.94 released. Open older version (or...