BuycPanel Blog

BuycPanel Blog

Latest news and updates

How to Monitor and Restrict your WHM System?

Posted by Allura on 02 01 2019.

Introduction
There are several ways to secure cPanel and WHM servers.Restrict your System’s Compilers
The use of C and C++ compilers are not required by most users. We strongly recommend to disable compilers for all users, not existing in the compilers group in the /etc/group file.In order to disable compilers from the WHM interface, one can use WHM’s Compiler Access interface (WHM >> Home >> Security Center >> Compiler Access) and to disable compilers from the command line, run the command /scripts/compilers off as the root user.Disable Unused Services and Daemons
Any service or daemon allowing connections to one’s server can even allow hackers to gain access. One needs to disable all services and daemons not in use in order to reduce security risks.One can disable any services not currently in use with WHM’s Service Manager interface (WHM >> Home >> Service Configuration >> Service Manager).Monitor your System
Run the commands to ensure expected…

Introduction

There are several ways to secure cPanel and WHM servers.

Restrict your System’s Compilers

The use of C and C++ compilers are not required by most users. We strongly recommend to disable compilers for all users, not existing in the compilers group in the /etc/group file.

In order to disable compilers from the WHM interface, one can use WHM’s Compiler Access interface (WHM >> Home >> Security Center >> Compiler Access) and to disable compilers from the command line, run the command /scripts/compilers off as the root user.

Disable Unused Services and Daemons

Any service or daemon allowing connections to one’s server can even allow hackers to gain access. One needs to disable all services and daemons not in use in order to reduce security risks.

One can disable any services not currently in use with WHM’s Service Manager interface (WHM >> Home >> Service Configuration >> Service Manager).

Monitor your System

Run the commands to ensure expected functioning of the system:

  • netstat -anp — To check for programs on ports not installed or authorize.
  • find / \( -type f -o -type d \) -perm /o+w 2>/dev/null | egrep -v ‘/(proc|sys)’ > world_writable.txt — To check the world_writable.txt file for all of the world-writable files and directories. The locations where an attacker possibly can store files on one’s system are revealed by this command.
  • find / -nouser -o -nogroup >> no_owner.txt — To check the no_owner file for all files not having a user or group associated with them. All files should be owned by specific user or group so as to restrict access  to them.
  • ls /var/log/ — Security issues can be revealed by any of the different logs on one’s system. The system logs, Apache logs, mail logs, and other logs needs to be checked frequently to ensure expected functioning of the system.

One can install one of the following commonly-available utilities:

  • Tripwire – It monitors checksums of files and reports changes.
  • chkrookit – It scans for common vulnerabilities.
  • Rkhunter – It scans for common vulnerabilities.
  • Logwatch – It monitors and reports on daily system activity.

We recommend to allow technical security professional so as to perform regular configuration checks of one’s system.

Control Access to Services by IP Address

One can use WHM’s Host Access Control interface (WHM >> Home >> Security Center >> Host Access Control) in order to allow certain IP addresses to access the following services on the server:

  • cPanel (cpaneld)
  • WHM (whostmgrd)
  • Webmail (webmaild)
  • Web Disk (cpdavd)
  • FTP (ftpd)
  • SSH (sshd)
  • SMTP (smtp)
  • POP3 (pop3)
  • IMAP (imap)

The /etc/hosts.allow file can also be configured via the command line directly.

Enable a Firewall

One can enable a firewall to prevent unwanted access before removing all unused services and daemons or disable unused services and daemons. Gathering more information on the ports that cPanel & WHM requires to function properly, one can refer to How to Configure Your Firewall for cPanel Services documentation.

A user can use all of these services or other services and can adjust the rules accordingly.

One needs to remember to set a cron job to disable one’s firewall every five minutes while testing the rules, or one’s server may lock you out.

Stay Up-to-date

We strongly recommend to run the latest stable versions of the software in order to ensure that it contains patches for any security issues. Also, one needs to be aware of updates for the following:

  • Kernel
  • cPanel & WHM*
  • User Applications (bulletin boards, content management systems, blog engines, etc)**
  • System Software*

WHM’s Update Preferences interface (WHM >> Home >> Server Configuration >> Update Preferences) can be used to set these to automatic update and WHM’s Manage cPAddons Site Software interface (WHM >> Home >> cPanel >> Manage cPAddons Site Software) to upgrade all cPAddon installations.

Conclusion

The cPanel server will be secured from any unwanted technical or server problems by the ways reviewed in this article.