HostOnNet Blog

Cpanel Server Setup

Install Cpanel

cd /home && curl -o latest -L https://securedownloads.cpanel.net/latest && sh latest

Install Basic Software

cd
yum install -y git
git clone https://github.com/HostOnNet/server-setup.git
cd ~/server-setup
./rhel-server.sh

On CloudLinux Server, run

./cloudlinux-cagefs.sh
./cloudlinux-mysql-governor.sh
./cloudlinux-php.sh

Cpanel Configuration

Set Server Time to UTC

Cpanel Server Update Preferences

Service Manager Configuration

Disable following services

Eximstats
Entropy Chat Server
cPHulk Daemon
Mailman
Passive OS Fingerprinting Daemon

FTP Server Config (pureftpd)

Make following changes

FTP Server Configuration > TLS Encryption Support = Disabled
FTP Server Configuration > Allow Anonymous Logins = No
FTP Server Configuration > Allow Anonymous Uploads = No
FTP Server Configuration > Allow Logins with Root Password = No

Security Center Configuration

WHM > Security Center > Apache mod_userdir Tweak = ENABLE
WHM > Security Center > Compiler Access = DISABLE
WHM > Security Center > PHP open_basedir Tweak = ENABLE
WHM > Security Center > Shell Fork Bomb Protection = ENABLE
WHM > Security Center > SSH Password Authorization Tweak = DISABLED
WHM > Security Center > cPHulk Brute Force Protection = DISABLE (use CSF)

Service Configuration

Configure PHP and suEXEC [Default PHP Version = 5, PHP 5 Handler = suphp, Apache suEXEC = on]
cPanel log rotation configuration = All logs need to be rotated.
exim configuration manger > Scan outgoing messages for spam and reject based on spamassassin® internal spam_score setting [?] on

Apache Configuration

WHM > Apache Configuration > Global Configuration > TraceEnable > Off
WHM > Apache Configuration > Global Configuration > ServerTokens > ProductOnly
WHM > Apache Configuration > Global Configuration > FileETag > None

Save AND then Rebuild Configuration and Restart Apache, otherwise the changes will not take effect in httpd.conf

Other Settings

* Backup

* CSF


Posted in Cpanel Server