Install Cpanel
1 | cd /home && curl -o latest -L https://securedownloads.cpanel.net/latest && sh latest |
Install Basic Software
1 2 3 4 5 | cd yum install -y git git clone https://github.com/HostOnNet/server-setup.git cd ~/server-setup ./rhel-server.sh |
On CloudLinux Server, run
1 2 3 | ./cloudlinux-cagefs.sh ./cloudlinux-mysql-governor.sh ./cloudlinux-php.sh |
Cpanel Configuration
Cpanel Server Update Preferences
Service Manager Configuration
Disable following services
1 2 3 4 5 | Eximstats Entropy Chat Server cPHulk Daemon Mailman Passive OS Fingerprinting Daemon |
FTP Server Config (pureftpd)
Make following changes
1 2 3 4 | FTP Server Configuration > TLS Encryption Support = Disabled FTP Server Configuration > Allow Anonymous Logins = No FTP Server Configuration > Allow Anonymous Uploads = No FTP Server Configuration > Allow Logins with Root Password = No |
Security Center Configuration
1 2 3 4 5 6 | WHM > Security Center > Apache mod_userdir Tweak = ENABLE WHM > Security Center > Compiler Access = DISABLE WHM > Security Center > PHP open_basedir Tweak = ENABLE WHM > Security Center > Shell Fork Bomb Protection = ENABLE WHM > Security Center > SSH Password Authorization Tweak = DISABLED WHM > Security Center > cPHulk Brute Force Protection = DISABLE (use CSF) |
Service Configuration
1 2 3 | Configure PHP and suEXEC [Default PHP Version = 5, PHP 5 Handler = suphp, Apache suEXEC = on] cPanel log rotation configuration = All logs need to be rotated. exim configuration manger > Scan outgoing messages for spam and reject based on spamassassin® internal spam_score setting [?] on |
Apache Configuration
1 2 3 | WHM > Apache Configuration > Global Configuration > TraceEnable > Off WHM > Apache Configuration > Global Configuration > ServerTokens > ProductOnly WHM > Apache Configuration > Global Configuration > FileETag > None |
Save AND then Rebuild Configuration and Restart Apache, otherwise the changes will not take effect in httpd.conf
Other Settings
* Backup
* CSF