[AusNOG] CPanel Hardening Recommendations

Gary Buckmaster gary.buckmaster at digitalpacific.com.au
Tue Jul 30 09:33:09 EST 2013


Further to this, ConfigServer offers a complete cPanel server hardening
service which includes the license for CXS and optionally their MailScanner
product:

 

http://www.configserver.com/cp/cpanel.html

 

 

 

From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Seamus
Ryan
Sent: Monday, 29 July 2013 6:08 PM
To: 'Samantha Scafe'; 'AusNOG at lists.ausnog.net'
Subject: Re: [AusNOG] CPanel Hardening Recommendations

 

If it is a fresh install and you are unfamiliar with cPanel here are some
things to get you started:

 

1.       Run /scripts/easyapache from the command line and be smart about
what php/apache modules and versions to include in your build (Some general
knowledge in this area will help)

2.       Download and install CSF (its free) from
http://configserver.com/cp/csf.html. Even if you don't run it as a firewall,
it will still tell you loads about how secure your server is, and what
things should be disabled/changed (Aim to achieve a score of about 125/130)

3.       Get CXS (http://configserver.com/cp/cxs.html) paid product, great
for finding the nasties on various websites.

4.       Run regular updates (via yum)

5.       Run cloudlinux (paid product) to protect a single user from
crashing the server when under load

6.       If you must give users a shell, give them a jailshell (can be done
through WHM)

7.       Run cagefs (cloudlinux addon, locks users in an even more secure
environment)

8.       Run ksplice (great for many linux distros IMO)

9.       Run regular updates

10.   Run regular updates

 

Regards,

Seamus

 

-----Original Message-----
From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Samantha
Scafe
Sent: Monday, July 29, 2013 5:55 PM
To: AusNOG at lists.ausnog.net
Subject: Re: [AusNOG] CPanel Hardening Recommendations

 

Guys

 

Can anyone offer me recommendations to harden cpanel, or offers that service
Please reply offlist

 

Kindest Regards

 

 

Samantha Scafe

 

 

Sam Scafe | System Adminstrator / Network Services SBDC HQ   | 13 Mahogony
Street, Holloways Beach Qld 4878

PEN-DC-1 |  Able Street Jamisontown NSW 2750

BNE-DC-3 |  Brunswick Street, Fortitude Valley Qld 4004

 

Tel: 07 4242 4724  |  Fax: 07 42424747  | Mobile: 0424 136 364

Email:  <mailto:s.scafe at smellyblackdog.com.au> s.scafe at smellyblackdog.com.au
|  Web:  <http://www.smellyblackdog.com.au> www.smellyblackdog.com.au
Amateur Radio:  VK4FQ | VK4TTT | VK4RCN ADSL - ADSL2+ - MOBILE BROADBAND -
BUSINESS ETHERNET - WEB HOSTING DOMAIN NAMES - REMOTE ADMINISTRATION-
CO-LOCATION SERVICES - VOIP

 

 

 

 

_______________________________________________

AusNOG mailing list

 <mailto:AusNOG at lists.ausnog.net> AusNOG at lists.ausnog.net

 <http://lists.ausnog.net/mailman/listinfo/ausnog>
http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130730/e49e9271/attachment.html>


More information about the AusNOG mailing list