Initial Hardening & Optimization Cpanel Server (part 2)

Posted by cikul | Posted in Linux | Posted on 07-07-2008-05-2008


In Part 1 we have configured cpanel basic setting, now we will configure and install apache, php setting, firewall and other tool to secure our server.

Next step we must update cpanel to latest version, in this case, we use Current version which have newest feature and have tested on production box.

After updating Cpanel to newest version, next step we configure apache & PHP using build in EasyApache. Latest version of EasyApache when this article wrote was EasyApache V3.2.0.

To Start, from WHM Select Software -> Apache Update. Or from shell use command /scripts/easyapache.

Select Any choice from the option, and click “Start customizing based on profile”, but I suggest you choose option “PHP Encryption and Image Manipulation

After clicked, you will have option to choose between Apache 1.3, Apache 2.0 and Apache 2.2 (latest release while write this article), you can choose latest version, by selecting greater version and then click “Next Step”.

Next step is choosing main PHP version, you can select more than 1 PHP version, but for reduce server load, you usually choose one PHP version, in this case we use newer PHP version (PHP 5).

Next step is choosing specific PHP version based on main PHP version that we choosed at previous step, same with main PHP version, you can select newer version.

After we choose PHP version, next step is choose specific options for Apache & PHP, Apache modules and PHP modules will be customizing here. For optimized feature, you can choose options :

  • FrontPage
  • Mod suPHP
  • EAccelerator for PHP
  • Ioncube Loader for PHP
  • Mod Security
  • SourceGuardian Loader for PHP
  • Zend Optimizer for PHP
  • Suhosin, for this option, please read caredully about compability. Because some script not will not work/incompatible with some function.

At this step, you can see options Mod suPHP, You can choose using suPHP if you concern about security, because mod suPHP will execute PHP scripts with the permission of their owners. Usual as PHPSuexec, but suPHP have better performance than PHPSuexec. But if compared with Apache mod_php, using suPHP will degradace your PHP performance, and my experience in some cases causes high load usage while one or more site have high traffic, for that case, you must have better server hardware specification. So if you have powerfull server specs or don’t have high traffic, my advice you can enable Mod suPHP for better security.

To benchmark suphp, I used Apache’s ab benchmark to load a simple phpinfo() page 1,000 times. I ran the benchmark five times, and averaged the results.

  • suphp: average of 152.564 seconds
  • mod_php: average of 5.342 seconds

suphp is some 25 times slower than mod_php. This is a substantial performance hit, but it’s better than suexec, which benchmarked at 36 times slower than mod_php.

After configure this step you must click “Exhaustive Options List”.

On this step, you can select Apache, PHP and other modules required by your web server,  you can choose anything you need here. (beware : please read more info link before you choose module).

Incoming search terms:

cpanel server hardening | 

Write a comment