Beginners Guide to securing cPanel

[TWD_Tony]

This tutorial is by no means a how-to on how to completely secure a server running cPanel & Linux - it only covers the basics...

First Steps.

Change the following default settings in WHM...

Goto Server Setup > Tweak Settings

Under Domains

Prevent users from parking/adding on common internet domains. (ie hotmail.com, aol.com)

Under Mail

Attempt to prevent pop3 connection floods

Default catch-all/default address behavior for new accounts - blackhole

Under System

Use jailshell as the default shell for all new accounts and modified accounts


Goto Server Setup > Tweak Security

Enable php open_basedir Protection

Enable mod_userdir Protection

Disable Compilers for unprivileged users.


Goto Server Setup > Manage Wheel Group Users

Remove all users except for root and your main account from the wheel group.


Goto Server Setup > Shell Fork Bomb Protection

Enable Shell Fork Bomb/Memory Protection


Goto Service Configuration > FTP Configuration

Disable Anonymous FTP


Goto Account Functions > Manage Shell Access

Disable Shell Access for all users (except yourself)


Goto Mysql > MySQL Root Password

Change root password for MySQL

The next steps presume that you have root access and SSH access...

Firstly you need to log into your server via SSH, a good windows client for this is PUTTY (which you can download from here http://www.chiark.greenend.org.uk/~s.../download.html )
Once you have followed the PUTTY instructions and logged into your server:

At command prompt type: pico .bash_profile
Scroll down to the end of the file and add the following line:

echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" your@email.com

Save and exit.

make sure you change the your@email.com to your email address (not a server email address) this will then automatically email you should someone log into your server as root via SSH.

[WebHost Admin]

This looks great - I presume we're in WHM for this?

[TWD_Tony]

I thought the 4th line gave it away...

[WebHost Admin]

Just checking.

[triumph]

I did not even know I could change all that stuff in WHM. I will definately be using this guide and go over my settings here on my reseller account. Thanks for the information!

[W.Harbaugh]

Cheers man! I didn't know that! No body access my cpanel for 10 minutes while I do this....anything else we should know for securing Cpanel? There's always a way past and always a way to make somethign more secure.

[TWD_Tony]

Quote:

Originally Posted by W.Harbaugh

Cheers man! I didn't know that! No body access my cpanel for 10 minutes while I do this....anything else we should know for securing Cpanel? There's always a way past and always a way to make somethign more secure.

Yes there are a lot more ways to secure a Linux / cPanel server, installing a firewall (from simple iptables to something more robust like APF) then you can install something like BFD (Brute Force Detection). There are some other apps you may want to install too - Chkrootkit and RootkitHunter will detect rootkits (a sort of Trojan) that can be used to compromise a server.