Basic cPanel Setup and Server Security Tips | Tutorial Freak – Online Tutorials

Basic cPanel Setup and Server Security Tips

cpanal

This simple guide provides you with basic tutorials about cPanel/WHM Installation and few tips to secure your cPanel/WHM Installation.

How to install and configure cPanel/WHM

Pre-Requirements:
512 Megabytes RAM
40 GB of HDD
1.5 GHZ Processor or above

Once you have made sure that your server meets the above requirements, run the following commands through SSH (Shell Access) Client like Putty. Note that each line mentioned below is a seperate command and you will need to run them one by one.

setenforce 0 "disable SELinux as it can conflict with cPanel" cd /home
wget http://layer1.cpanel.net/latest
./latest

Next? Nothing! Just wait for the cPanel/WHM installation to complete.

Note: Installation of cpanel/whm control panel can take anywhere between 30 minutes and 3 hours depending on your server hardware.

Domain Name Server (DNS) Setup/Configuration

After the cpanel installation you will be guided through a quick setup. Through out the setup you will be asked to use either NSD or BIND for your domain name server (DNS) make sure to select BIND.

Name Server Daemon (NSD) is an authoritative only, high performance, open source software for Domain Name System. NSD has been designed from scratch specifically as an authoritative name server. NSD was developed by NLnet Labs of Amsterdam in cooperation with the RIPE. NSD uses the standard TCP/UDP port 53 and has the same zone file format at BIND.

BIND (Berkeley Internet Name Domain OR NameD) is an implementation of DNS protocols which serves the request on the port 53 especially on Unix like systems. It contains all of the software needed both to ask name service questions and to answer such questions.

But now we are going to move on. You will have an option to add your resolvers in the whm setup guide along with name servers, make sure when you input the information that you double check it.

After you have finished with the setup login to ssh and run:

nano /etc/nameserverips

Your configuration would be blank, you will need to manually enter the nameservers and IP Addresses provided by your host as shown in the below example.

ns1.yourhost.com=192.168.1.0
ns2.yourhost.com=192.168.1.1

Hit Ctrl X and save.

Basic cPanel/WHM Hardening and Security Configurations

Login to your cPanel/WHM and look for the “Security Centre” icon denoted by a lock. Click on it to open the cPanel Security Centre.

Modify the settings as suggested below:

Enable open_basedir protection
Disable Compilers for all accounts(except root)
Enable Shell Bomb/memory Protection
Enable cPHulk Brute Force Protection

WHM – Account Functions

Tweak the settings for WHM as suggested below:

Disable cPanel Demo Mode
Disable shell access for all accounts(except root)

WHM – Service Configuration (FTP Configuration)

While your in WHM “root” find FTP Configuration. Within this configuration you will want to disable the following.

Just right click the following options and select NO

Allow Anonymous Logins – NO
Allow Anonymous Uploads – NO
Allow Logins with Root Password – NO

WHM – MySQL Configuration

Search for “SQL Services” and select MySQL Root Password.

Make sure to set a MySQL password (Do not set the same password as your root password)

Note – If you do not set a MySQL password someone will be able to login into the DB with username “root” without password and delete/edit/download any database on your server.

WHM SuExec Configuration

Enable suEXEC by entering the command “suEXEC = On” in your SSH.

When PHP runs as an Apache Module it executes as the user/group of the webserver which is usually “nobody” or “apache”. suEXEC changes this so scripts are run as a CGI. Than means the scripts are executed as the user that created them. With suEXEC script folder or file permissions can’t be set to 777 (read/write/execute at user/group/world level).

WHM – Apache Global Configuration & Security

When configuring the Apache Global configuration make sure
that the following are all set to “Off (PCI Recommended)”

(TraceEnable, ServerSignature, ServerTokens, FileETag)

Doing this will hide your apache/php version among other
various things. It is a MUST.

PHP Optimization & Security

PHP Security is very important. You can either have too much of it or not enough of it. One thing you have to remember is – there are dozens of functions you can disable. However, you only need to disable a few for your basic security needs. You can configure your function list in “PHP Configuration” in Web host manager. Look for PHP Configuration Editor, once loaded select Advanced Mode and enable safe mode, then input the functions below on your own!

disable_functions = ini_set, base64_decode, fsockopen, system_exec, allow_url_fopen, myshellexec, posix_getgrgid, posix_kill, system, parse_ini_file, escapeshellcmd, escapeshellarg, show_source, posix_mkfifo, pconnect, link, dir, symlink, pcntl_exec, ini_alter, pfsockopen, cmd, shell_exec

Make sure to recompile PHP with –disable-posix as Posix is known for bypassing Safe Mode and open_basedir

You could also look into disabling Perl and Python as these can access files if the wrong person has access to them.

Disclaimer: Different scripts run on different settings, the setting mentioned above may break your scripts. Check the script requirements/documents before applying these settings.

Author, Blogger, SEO Expert, Working Professional and a Student! I play so many roles in life and love what i do. I enjoy each moment of my life. Do follow us on Facebook

Sagar – who has written posts on Tutorial Freak – Online Tutorials.


Help keep us alive & kicking, we need coffee 24/7, please donate, thanks!
Embed

Leave a Reply

      
      
      
      
      
      
      
      
             
Save Now! $1.99 .COM at GoDaddy!
             
      
  • Samsung Android 4.4.2 KitKat updates..