A simple cPanel/WHM setup tutorial PART 1

[DLow]

I was going to post this last week how ever i had to up and move in a rush to be closer to my real life job, How ever this is something i typed up to help guys around KWWHunction out, Now as a reminder this is just Part 1, I will be releasing Part 2 which will include a lot more on securing/optimizing your cPanel/WHM web server within the following week.

================================================== ============
***cP/WHM installation and configuration***
================================================== ============
cP/WHM Installation:

NOTE: To install cPanel/WHM you will need the minimum of 512 Megabytes, 40 GB of disk space and at least a processor @ 1.5 GHZ
To begin your installation, use the following commands into SSH "make sure you use each line as a command"

last "this will show you if your hosting provider has ran any commands"

setenforce 0 "disable SELinux as it can conflict with cPanel"
cd /home
wget http://layer1.cpanel.net/latest
./latest


***Installing cpanel/whm control panel can take between 30 minutes and 3 hours dending on the hardware you run within your server***

================================================== ============
***Domain Name Server Setup/Configuration "DNS"***
================================================== ============

After the cpanel installation you will be guided through a quick setup through out the setup you will be asked to use

NSD or BIND for your domain name server make sure to select BIND i have listed a short wiki below


Name Server Daemon (NSD) is an authoritative only, high performance, open source software for Domain Name System. NSD has been designed from scratch specifically as an authoritative name server. NSD was developed by NLnet Labs of Amsterdam in cooperation with the RIPE. NSD uses the standard TCP/UDP port 53 and has the same zone file format at BIND.
BIND (Berkeley Internet Name Domain OR named) is an implementation of DNS protocols which serves the request on the port 53 especially on Unix like systems. It contains all of the software needed both to ask name service questions and to answer such questions.

But now were going to move on you will have a option to add your resolvers in the whm setup quide along with name servers make sure when imputing the information
that you double check it twice over after you have finished with the setup login to ssh and run

nano /etc/nameserverips

your configuration should be blank you will want to manually input

ns1.yourhost.com=192.14.135.135
ns2.yourhost.com=192.14.135.136

Now please take note the two IP address's above i have used as a reference only you will need to use your own, It Ctrl X and save

================================================== ============
***Basic cPanel Harding & Tweaking Service Configurations***
================================================== ============

Below you can access the few options below in security center in WHM the security center will have a little lock by it or you can hold ctrl f and use
your browsers search function for security center


Enable open_basedir protection
Disable Compilers for all accounts(except root)
Enable Shell Bomb/memory Protection
Enable cPHulk Brute Force Protection

================================================== ============
WHM ? Account Functions:
================================================== ============

Disable cPanel Demo Mode
Disable shell access for all accounts(except root)

================================================== ============
WHM ? Service Configuration ? FTP Configuration:
================================================== ============

While your in WHM "root" use ctrl f and find FTP Configuration within this configuration you will want to disable the following

You will want to right click the following options and select NO

Allow Anonymous Logins - NO
Allow Anonymous Uploads - NO
Allow Logins with Root Password - NO

================================================== ============
WHM ? MySQL:
================================================== ============

Now were going to do a bit to my SQL once again hold down CTRL F and search for SQL Services
select MySQL Root Password

Set some MySQL password(Don?t set the same password like for the root access)
-If you didn?t set MySQL password someone will be able to login into the DB with
username ?root? without password and delete/edit/download any db on the server.

================================================== ============
WHM ? Service Configuration ? Apache Configuration ? PHP and SuExec Configuration
================================================== ============

Enable suEXEC ? suEXEC = On
When PHP runs as an Apache Module it executes as the user/group of the
webserver which is usually ?nobody? or ?apache?. suEXEC changes this so
scripts are run as a CGI. Than means scripts are executed as the user
that created them. With suEXEC script permissions can?t be set to
777(read/write/execute at user/group/world level)

================================================== ============
WHM ? Apache Global Configuration & Security :
================================================== ============

When configuration the Apache Global configuration make sure
that the following are all set to "Off (PCI Recommended)"

(TraceEnable, ServerSignature, ServerTokens, FileETag)

Doing this will hide your apache/php version among other
various things it is a MUST.


================================================== ============
***PHP SECURITY, Optimization & Security***
================================================== ============
PHP Security is very important you can either have to much of it or not enough of it one thing you have to remember there are dozens of functions you can disable how ever
you really only need to disable a few for your basic security needs you can configure your function list in "PHP Configuration" in Web host manager once again
CTRL F search for PHP Configuration Editor once loaded select Advanced Mode enable safe mode, and input the functions below or your own!

disable_functions = ini_set, base64_decode, fsockopen, system_exec, allow_url_fopen, myshellexec, posix_getgrgid, posix_kill, system, parse_ini_file,
escapeshellcmd, escapeshellarg, show_source, posix_mkfifo, pconnect, link, dir, symlink, pcntl_exec, ini_alter, pfsockopen, cmd, shell_exec

Make sure to recompile PHP with --disable-posix as Posix is known for bypassing Safe Mode and open_basedir

You should also look into disabling Perl and Python as these can also access files if the wrong person has access to them.

Remember, Certain functions that are included in this rule set may break popular scripts such as WHMCS/WordPress/vBulletin,IPB
================================================== ============


Please note: This writeup does lack a little bit of information that will be included within part 2

DLow Reviewed by DLow on 13th Dec 2011. A simple cPanel/WHM setup tutorial PART 1 I was going to post this last week how ever i had to up and move in a rush to be closer to my real life job, How ever this is something i typed up to help guys around KWWHunction out, Now as a reminder this is just Part 1, I will be releasing Part 2 which will include a lot more on securing/optimizing your cPanel/WHM web server within the following week. ============================================================== ***cP/WHM installation and configuration*** Rating: 5

[Chris2k]

Love it, ty.