<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";
        mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:#954F72;
        text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
        {mso-style-priority:99;
        mso-style-link:"Plain Text Char";
        margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";
        mso-fareast-language:EN-US;}
span.PlainTextChar
        {mso-style-name:"Plain Text Char";
        mso-style-priority:99;
        mso-style-link:"Plain Text";
        font-family:"Calibri","sans-serif";}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri","sans-serif";
        mso-fareast-language:EN-US;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:526141493;
        mso-list-type:hybrid;
        mso-list-template-ids:-1569174386 201916431 201916441 201916443 201916431 201916441 201916443 201916431 201916441 201916443;}
@list l0:level1
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level2
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level3
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l0:level4
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level5
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level6
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l0:level7
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level8
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;}
@list l0:level9
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
ol
        {margin-bottom:0in;}
ul
        {margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-AU" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoPlainText">If it is a fresh install and you are unfamiliar with cPanel here are some things to get you started:<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText" style="margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="mso-list:Ignore">1.<span style="font:7.0pt "Times New Roman"">      
</span></span><![endif]>Run /scripts/easyapache from the command line and be smart about what php/apache modules and versions to include in your build (Some general knowledge in this area will help)<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="mso-list:Ignore">2.<span style="font:7.0pt "Times New Roman"">      
</span></span><![endif]>Download and install CSF (its free) from <a href="http://configserver.com/cp/csf.html">
http://configserver.com/cp/csf.html</a>. Even if you don’t run it as a firewall, it will still tell you loads about how secure your server is, and what things should be disabled/changed (Aim to achieve a score of about 125/130)<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="mso-list:Ignore">3.<span style="font:7.0pt "Times New Roman"">      
</span></span><![endif]>Get CXS (<a href="http://configserver.com/cp/cxs.html">http://configserver.com/cp/cxs.html</a>) paid product, great for finding the nasties on various websites.<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="mso-list:Ignore">4.<span style="font:7.0pt "Times New Roman"">      
</span></span><![endif]>Run regular updates (via yum)<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="mso-list:Ignore">5.<span style="font:7.0pt "Times New Roman"">      
</span></span><![endif]>Run cloudlinux (paid product) to protect a single user from crashing the server when under load<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="mso-list:Ignore">6.<span style="font:7.0pt "Times New Roman"">      
</span></span><![endif]>If you must give users a shell, give them a jailshell (can be done through WHM)<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="mso-list:Ignore">7.<span style="font:7.0pt "Times New Roman"">      
</span></span><![endif]>Run cagefs (cloudlinux addon, locks users in an even more secure environment)<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="mso-list:Ignore">8.<span style="font:7.0pt "Times New Roman"">      
</span></span><![endif]>Run ksplice (great for many linux distros IMO)<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="mso-list:Ignore">9.<span style="font:7.0pt "Times New Roman"">      
</span></span><![endif]>Run regular updates<o:p></o:p></p>
<p class="MsoPlainText" style="margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1">
<![if !supportLists]><span style="mso-list:Ignore">10.<span style="font:7.0pt "Times New Roman"">  
</span></span><![endif]>Run regular updates<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Regards,<o:p></o:p></p>
<p class="MsoPlainText">Seamus<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><span lang="EN-US" style="mso-fareast-language:EN-AU">-----Original Message-----<br>
From: AusNOG [mailto:ausnog-bounces@lists.ausnog.net] On Behalf Of Samantha Scafe<br>
Sent: Monday, July 29, 2013 5:55 PM<br>
To: AusNOG@lists.ausnog.net<br>
Subject: Re: [AusNOG] CPanel Hardening Recommendations</span></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Guys<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Can anyone offer me recommendations to harden cpanel, or offers that service Please reply offlist<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Kindest Regards<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Samantha Scafe<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText">Sam Scafe | System Adminstrator / Network Services SBDC HQ   | 13 Mahogony Street, Holloways Beach Qld 4878<o:p></o:p></p>
<p class="MsoPlainText">PEN-DC-1 |  Able Street Jamisontown NSW 2750<o:p></o:p></p>
<p class="MsoPlainText">BNE-DC-3 |  Brunswick Street, Fortitude Valley Qld 4004<o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">Tel: 07 4242 4724  |  Fax: 07 42424747  | Mobile: 0424 136 364<o:p></o:p></p>
<p class="MsoPlainText">Email: <a href="mailto:s.scafe@smellyblackdog.com.au"><span style="color:windowtext;text-decoration:none">s.scafe@smellyblackdog.com.au</span></a>   |  Web: <a href="http://www.smellyblackdog.com.au"><span style="color:windowtext;text-decoration:none">www.smellyblackdog.com.au</span></a>
 Amateur Radio:  VK4FQ | VK4TTT | VK4RCN ADSL – ADSL2+ - MOBILE BROADBAND – BUSINESS ETHERNET – WEB HOSTING DOMAIN NAMES – REMOTE ADMINISTRATION- CO-LOCATION SERVICES - VOIP<o:p></o:p></p>
<p class="MsoPlainText"> <o:p></o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText"><o:p> </o:p></p>
<p class="MsoPlainText">_______________________________________________<o:p></o:p></p>
<p class="MsoPlainText">AusNOG mailing list<o:p></o:p></p>
<p class="MsoPlainText"><a href="mailto:AusNOG@lists.ausnog.net"><span style="color:windowtext;text-decoration:none">AusNOG@lists.ausnog.net</span></a><o:p></o:p></p>
<p class="MsoPlainText"><a href="http://lists.ausnog.net/mailman/listinfo/ausnog"><span style="color:windowtext;text-decoration:none">http://lists.ausnog.net/mailman/listinfo/ausnog</span></a><o:p></o:p></p>
</div>
</body>
</html>