How can you Make your WHM Server More Secure?
Posted by Allura on 15 01 2019.
Securing our cPanel and WHM server is very important. There are ways to secure them, namely : Use secure passwords, Secure SSH, Secure Apache and Harden one’s operating system.
Use Secure Passwords
Insecure passwords often creates security issues. For instance, insecure passwords makes way for vicious hackers to gain unauthorized access, gather confidential information from the server and infect the sites with malicious virus softwares.
- Edit the /etc/login.defs file to structure out various password options on the system.
- Password must contain at least eight characters including alphanumeric and grammatical symbols.
- Should never frame password using dictionary words or important dates like birthday, birth year, phone number, etc.
- Check password security using JTR cracker.
- Install tools like pam_passwdqc to check password strength.
Moving the SSH access to a different port will create difficulty for others to know which port to use for SSH.
Many vicious users use port 22 to access servers. In that case edit the port on which SSH runs using the /etc/ssh/sshd_config file.
- Use a port number less than 1024 and something that is not used by other services before. They are called “privileged” ports which can be bind only by the root user. Ports 1024 and above are called “unprivileged” ports which can be used by any malicious user.
- Configure shell resource limits using the /etc/security/limits.conf file on most Linux systems.
ModSecurityTM tool helps to secure server’s Apache installation.
- Install ModSecurity in cPanel and WHM version 11.44 using the interface (WHM >> Home >> Plugins >> ModSecurity).
- Use these interfaces to manage ModSecurity
- (WHM >> Home >> Security Center >> ModSecurityTM Tools)
- (WHM >> Home >> Security Center >> ModSecurityTM Configuration)
- Compile Apache and PHP with SuPHP to identify the real owner and locate about the forged scripts using (WHM >> Home >> Software >> EasyApache4) to run the /scripts/easyapache script from command line.
- Implement symlink race condition protection on server through EasyApache.
Harden One’s System
We recommend to click the links below to access security guides of Linux distributions on which one can install cPanel and WHM
- RedHat® Enterprise Linux (RHEL) Security Guide
- Security and Hardening CentOS 7 Guide
- CloudLinux Guide to SecureLinks
Harden your /tmp portion by using the /scripts/securetmp script for extra security.
Virtuozzo® and OpenVZ servers do not support this feature.
Using these, cPanel server will be secured from any unwanted technical or server problems.