Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Help with "hardening" a fresh cPanel installation
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Help with "hardening" a fresh cPanel installation

AmitzAmitz Member
edited February 2017 in Help

Dear all,

I am setting up a cPanel server for a good friend of mine. I did that multiple times in the past for myself, so not the biggest challenge. Just one thing: The last time I did this was years ago. I absolutely do not remember what the standard "hardening and securing" steps in WHM have been and I am sure that many things have changed concerning this topic in the meantime.

Do you have a good link to an up to date tutorial on initial cPanel hardening for me? That would be just great! All I have found so far seems a bit outdated and for previous cPanel versions.

Thanks a lot in advance & Cheers,
Amitz

Comments

  • randvegetarandvegeta Member, Host Rep

    have things really changed that much in the last few years? All pretty standard I think.

  • AmitzAmitz Member
    edited February 2017

    randvegeta said: have things really changed that much in the last few years? All pretty standard I think.

    That is part of my question. If you would say that not too much has changed, then I will probably get it done. I just wanted to do my homework before installation. :)

  • Close all unused ports, install and configure csf, lfd and fail2ban, use either suphp or fcgi with suexec if multiple sites, configure cpanel security settings properly and you should be good to go.

    I am sure there are more things to do, so looking forward for more replies.

    Thanked by 1vpsGOD
  • Load ClamAV and setup CRON for off peak scan, maybe even have it check email.

    https://documentation.cpanel.net/display/ALD/Configure+ClamAV+Scanner

    Prolly going to want MalDet too to scan for compromised Wordpress sites.

  • Install CSF and then do the security check through there. It'll show you what you should change config wise for the best security. It's pretty much the go-to thing that we do for most of our customers at my place of work.

    https://download.configserver.com/csf/install.txt

    Thanked by 1mikho
  • raindog308raindog308 Administrator, Veteran

    +1 for CSF - great product and integrates well with cPanel

    Also perhaps mod_security (if you can manage the rules, or subscribe to a public set) and mod_evasive (which provides minimal protection against DOS but not DDOS of course).

  • DewlanceVPSDewlanceVPS Member, Patron Provider

    @Amitz said:

    have found so far seems a bit outdated and for previous cPanel versions.

    Thanks a lot in advance & Cheers,
    Amitz

    Install CSF, Configure it, Install ClamAV, Enable bruteforce attack protection, If no any other person access cPanel then lock it to your static IP..

  • mikhomikho Member, Host Rep

    +1 on the CSF install, you get enough tips there to make your installation safe.

    There is also this to read.
    https://documentation.cpanel.net/display/CKB/Tips+to+Make+Your+Server+More+Secure

    Other then that, check the websites for each application that you are running, that's usually where you find good info on how to secure their application.

  • & disable the root !

  • @raindog308 said:
    +1 for CSF - great product and integrates well with cPanel

    Also perhaps mod_security (if you can manage the rules, or subscribe to a public set) and mod_evasive (which provides minimal protection against DOS but not DDOS of course).

    I've screwed myself over many times with crappy rules and regex. Don't make my mistake - be careful when touching mod_security rules and you should be good :)

Sign In or Register to comment.