[AusNOG] CPanel Hardening Recommendations
Seamus Ryan
s.ryan at uber.com.au
Mon Jul 29 18:08:10 EST 2013
If it is a fresh install and you are unfamiliar with cPanel here are some things to get you started:
1. Run /scripts/easyapache from the command line and be smart about what php/apache modules and versions to include in your build (Some general knowledge in this area will help)
2. Download and install CSF (its free) from http://configserver.com/cp/csf.html. Even if you don't run it as a firewall, it will still tell you loads about how secure your server is, and what things should be disabled/changed (Aim to achieve a score of about 125/130)
3. Get CXS (http://configserver.com/cp/cxs.html) paid product, great for finding the nasties on various websites.
4. Run regular updates (via yum)
5. Run cloudlinux (paid product) to protect a single user from crashing the server when under load
6. If you must give users a shell, give them a jailshell (can be done through WHM)
7. Run cagefs (cloudlinux addon, locks users in an even more secure environment)
8. Run ksplice (great for many linux distros IMO)
9. Run regular updates
10. Run regular updates
Regards,
Seamus
-----Original Message-----
From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Samantha Scafe
Sent: Monday, July 29, 2013 5:55 PM
To: AusNOG at lists.ausnog.net
Subject: Re: [AusNOG] CPanel Hardening Recommendations
Guys
Can anyone offer me recommendations to harden cpanel, or offers that service Please reply offlist
Kindest Regards
Samantha Scafe
Sam Scafe | System Adminstrator / Network Services SBDC HQ | 13 Mahogony Street, Holloways Beach Qld 4878
PEN-DC-1 | Able Street Jamisontown NSW 2750
BNE-DC-3 | Brunswick Street, Fortitude Valley Qld 4004
Tel: 07 4242 4724 | Fax: 07 42424747 | Mobile: 0424 136 364
Email: s.scafe at smellyblackdog.com.au<mailto:s.scafe at smellyblackdog.com.au> | Web: www.smellyblackdog.com.au<http://www.smellyblackdog.com.au> Amateur Radio: VK4FQ | VK4TTT | VK4RCN ADSL - ADSL2+ - MOBILE BROADBAND - BUSINESS ETHERNET - WEB HOSTING DOMAIN NAMES - REMOTE ADMINISTRATION- CO-LOCATION SERVICES - VOIP
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130729/c78a10b7/attachment.html>
More information about the AusNOG
mailing list