[AusNOG] CPanel Hardening Recommendations

Seamus Ryan s.ryan at uber.com.au
Mon Jul 29 18:08:10 EST 2013


If it is a fresh install and you are unfamiliar with cPanel here are some things to get you started:



1.       Run /scripts/easyapache from the command line and be smart about what php/apache modules and versions to include in your build (Some general knowledge in this area will help)

2.       Download and install CSF (its free) from http://configserver.com/cp/csf.html. Even if you don't run it as a firewall, it will still tell you loads about how secure your server is, and what things should be disabled/changed (Aim to achieve a score of about 125/130)

3.       Get CXS (http://configserver.com/cp/cxs.html) paid product, great for finding the nasties on various websites.

4.       Run regular updates (via yum)

5.       Run cloudlinux (paid product) to protect a single user from crashing the server when under load

6.       If you must give users a shell, give them a jailshell (can be done through WHM)

7.       Run cagefs (cloudlinux addon, locks users in an even more secure environment)

8.       Run ksplice (great for many linux distros IMO)

9.       Run regular updates

10.   Run regular updates



Regards,

Seamus



-----Original Message-----
From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Samantha Scafe
Sent: Monday, July 29, 2013 5:55 PM
To: AusNOG at lists.ausnog.net
Subject: Re: [AusNOG] CPanel Hardening Recommendations



Guys



Can anyone offer me recommendations to harden cpanel, or offers that service Please reply offlist



Kindest Regards





Samantha Scafe





Sam Scafe | System Adminstrator / Network Services SBDC HQ   | 13 Mahogony Street, Holloways Beach Qld 4878

PEN-DC-1 |  Able Street Jamisontown NSW 2750

BNE-DC-3 |  Brunswick Street, Fortitude Valley Qld 4004



Tel: 07 4242 4724  |  Fax: 07 42424747  | Mobile: 0424 136 364

Email: s.scafe at smellyblackdog.com.au<mailto:s.scafe at smellyblackdog.com.au>   |  Web: www.smellyblackdog.com.au<http://www.smellyblackdog.com.au> Amateur Radio:  VK4FQ | VK4TTT | VK4RCN ADSL - ADSL2+ - MOBILE BROADBAND - BUSINESS ETHERNET - WEB HOSTING DOMAIN NAMES - REMOTE ADMINISTRATION- CO-LOCATION SERVICES - VOIP









_______________________________________________

AusNOG mailing list

AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>

http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130729/c78a10b7/attachment.html>


More information about the AusNOG mailing list