A step by step paper how to secure linux server with cPanel/WHM and
Apache installed. By default, linux is not secured enough but you have
to understand there is no such thing as “totally secured server/system”.
The purpose of this paper is to understand how to at least provide some
kind of security to the server.
So, you bought the server with CentOS 5 installed. If you ordered cPanel/WHM together with the server you can skip 2.1 step
2. WHMcPanel installation and configuration
2.1 WHMcPanel Installation
To begin your installation, use the following commands into SSH:
cd /home wget http://layer1.cpanel.net/latest ./latest
cd /home – Opens /home directory
wget http://layer1.cpanel.net/latest – Fetches the latest installation file from the cPanel servers.
./latest – Opens and runs the installation files.
WHMcPanel should be installed now. You should be able to access cPanel via
http://serverip:2082(SSL-2083) or http://serverip/cpanel and WHM via
http://serverip:2086(SSL-2087) or http://serverip/whm. Let’s configure
2.2 WHMcPanel Configuration
Login to WHM using root username/passwd
http://serverip:2086 or http://serverip/whm
WHM – Server setup – Tweak Security:
Enable open_basedir protection
Disable Compilers for all accounts(except root)
Enable Shell Bomb/memory Protection
Enable cPHulk Brute Force Protection
WHM – Account Functions:
Disable cPanel Demo Mode
Disable shell access for all accounts(except root)
WHM – Service Configuration – FTP Configuration:
Disable anonymous FTP access
WHM – MySQL:
Set some MySQL password(Don’t set the same password like for the root access)
-If you didn’t set MySQL password someone will be able to login into the DB with
username “root” without password and delete/edit/download any db on the server.
WHM – Service Configuration – Apache Configuration – PHP and SuExec Configuration
Enable suEXEC – suEXEC = On
When PHP runs as an Apache Module it executes as the user/group of the
webserver which is usually “nobody” or “apache”. suEXEC changes this so
scripts are run as a CGI. Than means scripts are executed as the user
that created them. With suEXEC script permissions can’t be set to
777(read/write/execute at user/group/world level)
3. The server and it’s services – PHP Installation, Optimization & Security
3.1 Keep all services and scripts up to date and make sure that you running the latest secured version.
On CentOS type this into SSH to upgrade/update services on the server.