Commands for securing a Cpanel Server

talkwebhosts.co · Post #1 (**permalink**) 02-12-2005, 02:24 AM

1) Shell fork Enabled
2) Annoymouse FTP Disabled
3) Background Processes killed
4) Make sure apache is secured and all Ver are matching correctly
5) cd /scripts
./updatenow
./upcp
./fixcommonproblems
6) cd /tmp
rm -R -f sess*
rm -R -f cpanel*
rm -R -f php*

Anything to add or subtract from this list? This was provided by frattay22!

cats-computing · Post #2 (**permalink**) 02-12-2005, 05:48 AM

Thanks frattay. We'll keep it in mind.

talkwebhosts.co · Post #3 (**permalink**) 02-12-2005, 06:15 AM

Anything to add to the list? A number of hosting companies are lacking the initial security commands needed to setup a dedicated server. Please add to the list!

frattay22 · Post #4 (**permalink**) 02-12-2005, 10:23 PM

rm -R -f /var/tmp;ln -s /tmp /var/tmp;cd /scripts;./securetmp
then it will ask do you want to do this at startup, type: yes
then hit enter, thats all

frattay22 · Post #5 (**permalink**) 02-12-2005, 10:24 PM

to remove mail

service exim stop;rm -rf /var/spool/exim/msglog;service exim stop;rm -rf /var/spool/exim/input;service exim stop;rm -rf /var/spool/exim/msglog;service exim stop;rm -rf /var/spool/exim/input;service exim stop;cd /scripts/;./restartsrv exim

Make sure you have current release of cPanel. Here is what you need and want

cPanel Release

pico /etc/cpupdate.conf

CPANEL=release
RPMUP=daily
SYSUP=daily

Enabling and Disabling Wget

Enable Wget chmod 777 /usr/bin/wget
Disbable Wget chmod 700 /usr/bin/wget

disciple · Post #6 (**permalink**) 03-20-2005, 10:49 PM

Hi,

I paid to have our server secured and hardened because I am linux challenged. So would anyone be willing to explain to me what all these commands do and whether is makes any difference what flavor os you are using?

./updatenow
./upcp
./fixcommonproblems
6) cd /tmp
rm -R -f sess*
rm -R -f cpanel*
rm -R -f php*

rm -R -f /var/tmp;ln -s /tmp /var/tmp;cd /scripts;./securetmp

Enable Wget chmod 777 /usr/bin/wget
Disbable Wget chmod 700 /usr/bin/wget

Would any of these commands hurt anything that may have already been done to my server?

Thanks

Rick

dysk · Post #7 (**permalink**) 05-02-2005, 02:07 PM

Those sound like good starts. I'd also run a nessus scan on new servers. Seems that Nessus always manages to catch a thing or two that the humans miss.

frattay22 · Post #8 (**permalink**) 05-02-2005, 04:16 PM

Quote:

Originally Posted by disciple

Hi,

./updatenow
./upcp
./fixcommonproblems
6) cd /tmp
rm -R -f sess*
rm -R -f cpanel*
rm -R -f php*
rm -R -f /var/tmp;ln -s /tmp /var/tmp;cd /scripts;./securetmp
Enable Wget chmod 777 /usr/bin/wget
Disbable Wget chmod 700 /usr/bin/wget
Would any of these commands hurt anything that may have already been done to my server?
Thanks
Rick

Rick,
Updatenow = Make sure all is updated via whm and cpanel
UPCP = Make sure the control panel is updated
Fixcommonproblems = Fixes common problems such as permissions, email permissions etc...
Cd /tmp will take you to the tmp dir and
Rm -f -f sess* will remove all Sess files in there which if not removed frequently will cause your server to lag a little, same with cpanel and php
The rm -R -f /var/tmp etc.. will secure you tmp dir
Enable wget which says it all and disable etc...

Enjoy

talkwebhosts.co · Post #9 (**permalink**) 05-02-2005, 05:55 PM

Good thread!

disciple · Post #10 (**permalink**) 05-05-2005, 08:53 AM

Thank you for the explanation!

CLCook · Post #11 (**permalink**) 05-14-2005, 07:47 PM

Hey guys...check out safecpanel.com. That's a site that has lots of these commands and tools.

I use it regularly.

SafeCPanel

talkwebhosts.co · Post #12 (**permalink**) 05-15-2005, 01:00 AM

Great reference I will make sure to check it out!