There are several ways to secure cPanel and WHM servers.
The use of C and C++ compilers are not required by most users. We strongly recommend to disable compilers for all users, not existing in the compilers group in the /etc/group file.
In order to disable compilers from the WHM interface, one can use WHM’s Compiler Access interface (WHM >> Home >> Security Center >> Compiler Access) and to disable compilers from the command line, run the command /scripts/compilers off as the root user.
Any service or daemon allowing connections to one’s server can even allow hackers to gain access. One needs to disable all services and daemons not in use in order to reduce security risks.
One can disable any services not currently in use with WHM’s Service Manager interface (WHM >> Home >> Service Configuration >> Service Manager).
Run the commands to ensure expected functioning of the system:
One can install one of the following commonly-available utilities:
We recommend to allow technical security professional so as to perform regular configuration checks of one’s system.
One can use WHM’s Host Access Control interface (WHM >> Home >> Security Center >> Host Access Control) in order to allow certain IP addresses to access the following services on the server:
The /etc/hosts.allow file can also be configured via the command line directly.
One can enable a firewall to prevent unwanted access before removing all unused services and daemons or disable unused services and daemons. Gathering more information on the ports that cPanel & WHM requires to function properly, one can refer to How to Configure Your Firewall for cPanel Services documentation.
A user can use all of these services or other services and can adjust the rules accordingly.
One needs to remember to set a cron job to disable one’s firewall every five minutes while testing the rules, or one’s server may lock you out.
We strongly recommend to run the latest stable versions of the software in order to ensure that it contains patches for any security issues. Also, one needs to be aware of updates for the following:
WHM’s Update Preferences interface (WHM >> Home >> Server Configuration >> Update Preferences) can be used to set these to automatic update and WHM’s Manage cPAddons Site Software interface (WHM >> Home >> cPanel >> Manage cPAddons Site Software) to upgrade all cPAddon installations.
The cPanel server will be secured from any unwanted technical or server problems by the ways reviewed in this article.