Initial Hardening & Optimization Cpanel Server (part 1)

Posted by cikul | Posted in Linux | Posted on 08-06-2008-05-2008

2

Here i will share about server Initial Hardening & Optimization, especially for server has used Cpanel for control panel.

Firstly, we must configure Basic CPanel Setup :

  1. Goto Server Setup =>> Tweak Setting
    • Under Domains
      • Prevent users from parking/adding on common internet domains. (i.e. hotmail.com, aol.com)
      • When adding a new domain, automatically create A entries for the registered nameservers if they would be contained in the zone.
      • Check zone file syntax when saving and syncing zones.
      • Add proxy VirtualHost to httpd.conf to automatically redirect unconfigured cpanel, webmail, webdisk and whm subdomains to the correct port (requires mod_rewrite and mod_proxy)
      • Automatically create cpanel, webmail, webdisk and whm proxy subdomain DNS entries for new accounts. When this is initially enabled it will add appropriate proxy subdomain DNS entries to all existing accounts. (Use /scripts/proxydomains to reconfigure the DNS entries manually)
      • Allow users to create cpanel, webmail, webdisk and whm subdomains that override automatically generated proxy subdomains
    • Under Mail
      • Use Fail for Default catch-all/default address behavior for new accounts. Why use Fail you can follow this article.
      • If you already have some accounts setup not to use “FAIL” (by default it will not) then run this command to convert to FAIL from BLACKHOLE –> perl -pi -e “s/:blackhole:/:fail:/g;” /etc/valiases/*
      • Include a list of Pop before SMTP senders in the X-PopBeforeSMTP header when relaying mail. (exim 4.34-30+ required)
      • The maximum each domain can send out per hour (0 is unlimited) -> to prevent SPAM from domain, you can fill with number eg : 200 or 100
      • Attempt to prevent pop3 connection floods
      • Automatically setup /etc/localdomains, /etc/remotedomains, /etc/secondarymx based on where the mx entry is pointed.
    • Under Stats Program
      • AwStats Stats
      • Analog Stats and Webalizer is useless, you can uncheck them. If you want to delete the existing analog stats files just run this command –> rm -rf /home/*/tmp/analog/*
      • If you want to delete the existing webalizer stats files just run this command –> rm -rf /home/*/tmp/webalizer/*
      • Delete each domain’s access logs after stats run. Make sure this is checked, otherwise disk space usage can really rack up!
  2. Goto Security => Security Center
    • PHP Open Basedir Tweak -> enable
    • Apache Mod userdir tweak -> enable Exclude for defaulthost
    • Compilers Tweak -> disable
    • Traceroute Tweak -> disable
    • Shell Fork Bomb Protection -> enable
  3. Goto Service Configuration -> FTP Configuration -> disable anonymous FTP
  4. Goto SQL Services -> MySQL Root password -> you can fill randomize password. This password will not use, don’t worry if you will forget the password.
  5. Additional Modules
    • This is just additional, you can use what I choose or not. For Additional Modules I prefer to use :
      • Spamdconf
      • Clamavconnector
      • Cronconfig

Incoming search terms:

hardening cpanel | 

Comments posted (2)

[…] Part 1 we have configured cpanel basic setting, now we will configure and install apache, php setting, […]

I absolutely love your blog and find nearly all of your post’s to be precisely what I’m looking for.
Does one offer guest writers to write content for yourself?
I wouldn’t mind publishing a post or elaborating on some of the subjects you write in relation to here. Again, awesome website!

Write a comment

*