Commands for securing a Cpanel Server

[talkwebhosts.co]

1) Shell fork Enabled
2) Annoymouse FTP Disabled
3) Background Processes killed
4) Make sure apache is secured and all Ver are matching correctly
5) cd /scripts
./updatenow
./upcp
./fixcommonproblems
6) cd /tmp
rm -R -f sess*
rm -R -f cpanel*
rm -R -f php*

Anything to add or subtract from this list? This was provided by frattay22!

 

[cats-computing]

Thanks frattay. We'll keep it in mind.

 

[talkwebhosts.co]

Anything to add to the list? A number of hosting companies are lacking the initial security commands needed to setup a dedicated server. Please add to the list!

 

[frattay22]

rm -R -f /var/tmp;ln -s /tmp /var/tmp;cd /scripts;./securetmp
then it will ask do you want to do this at startup, type: yes
then hit enter, thats all

 

[frattay22]

to remove mail

service exim stop;rm -rf /var/spool/exim/msglog;service exim stop;rm -rf /var/spool/exim/input;service exim stop;rm -rf /var/spool/exim/msglog;service exim stop;rm -rf /var/spool/exim/input;service exim stop;cd /scripts/;./restartsrv exim

Make sure you have current release of cPanel. Here is what you need and want

cPanel Release

pico /etc/cpupdate.conf

CPANEL=release
RPMUP=daily
SYSUP=daily

Enabling and Disabling Wget

Enable Wget chmod 777 /usr/bin/wget
Disbable Wget chmod 700 /usr/bin/wget

 

[disciple]

Hi,

I paid to have our server secured and hardened because I am linux challenged. So would anyone be willing to explain to me what all these commands do and whether is makes any difference what flavor os you are using?

./updatenow
./upcp
./fixcommonproblems
6) cd /tmp
rm -R -f sess*
rm -R -f cpanel*
rm -R -f php*

rm -R -f /var/tmp;ln -s /tmp /var/tmp;cd /scripts;./securetmp

Enable Wget chmod 777 /usr/bin/wget
Disbable Wget chmod 700 /usr/bin/wget

Would any of these commands hurt anything that may have already been done to my server?

Thanks

Rick

 

[dysk]

Those sound like good starts. I'd also run a nessus scan on new servers. Seems that Nessus always manages to catch a thing or two that the humans miss.

 

[frattay22]

Hi,

./updatenow
./upcp
./fixcommonproblems
6) cd /tmp
rm -R -f sess*
rm -R -f cpanel*
rm -R -f php*
rm -R -f /var/tmp;ln -s /tmp /var/tmp;cd /scripts;./securetmp
Enable Wget chmod 777 /usr/bin/wget
Disbable Wget chmod 700 /usr/bin/wget
Would any of these commands hurt anything that may have already been done to my server?
Thanks
Rick

Rick,
Updatenow = Make sure all is updated via whm and cpanel
UPCP = Make sure the control panel is updated
Fixcommonproblems = Fixes common problems such as permissions, email permissions etc...
Cd /tmp will take you to the tmp dir and
Rm -f -f sess* will remove all Sess files in there which if not removed frequently will cause your server to lag a little, same with cpanel and php
The rm -R -f /var/tmp etc.. will secure you tmp dir
Enable wget which says it all and disable etc...

Enjoy

 

[talkwebhosts.co]

Good thread!

 

[disciple]

Thank you for the explanation!

 

[CLCook]

Hey guys...check out safecpanel.com. That's a site that has lots of these commands and tools.

I use it regularly.

SafeCPanel

 

[talkwebhosts.co]

Great reference I will make sure to check it out!