BuycPanel Blog

BuycPanel Blog

Latest news and updates

Safely Secure cPanel Server

Posted by Allura on 31 07 2018.

An Introduction To Safely Secure cPanel Server

Securing our cPanel and WHM server is very important. There are ways to secure them, namely : Use secure passwords, Secure SSH, Secure Apache and Harden one’s system.

To broadly explain each:

Secure Passwords

Use Secure Passwords:

Insecure passwords often creates security issues. For instance, insecure passwords makes way for vicious hackers to gain unauthorized access, gather confidential information from the server and infect the sites with malicious virus softwares.

Steps:

  • Edit the /etc/login.defs file to structure out various password options on the system.
  • Password must contain at least eight characters including alphanumeric and grammatical symbols.
  • Should never frame password using dictionary words or important dates like birthday, birth year, phone number, etc.
  • Check password security using JTR cracker.
  • Install tools like pam_passwdqc to check password strength.

SSH

Secure SSH:

Moving the SSH access to a different port will create difficulty for others to know which port to use for SSH.

 Steps:

  • Many vicious users use port 22 to access servers. In that case edit the port on which SSH runs using the /etc/ssh/sshd_config file.
  • Use a port number less than 1024 and something that is not used by other services before. They are called “privileged” ports which can be bind only by the root user. Ports 1024 and above are called “unprivileged” ports which can be used by any malicious user.
  • Configure shell resource limits using the /etc/security/limits.conf file on most Linux systems.

Apache

Secure Apache:

ModSecurityTM  tool helps to secure server’s Apache installation.

Steps:

  • Install ModSecurity in cPanel and WHM version 11.44 using the interface (WHM >> Home >> Plugins >> ModSecurity).
  • Use these interfaces to manage ModSecurity
    • (WHM >> Home >> Security Center >> ModSecurityTM Tools)
    • (WHM >> Home >> Security Center >> ModSecurityTM Configuration)
  • Compile Apache and PHP with SuPHP to identify the real owner and locate about the forged scripts using (WHM >> Home >> Software >> EasyApache4) to run the /scripts/easyapache script from command line.
  • Implement symlink race condition protection on server through EasyApache.

Harden System

Harden One’s System: 

We recommend to click the links below to access security guides of Linux distributions on which one can install cPanel and WHM

Links:

  • RedHat® Enterprise Linux (RHEL) Security Guide
  • Security and Hardening CentOS 7 Guide
  • CloudLinux Guide to SecureLinks

Harden your /tmp portion by using the /scripts/securetmp script for extra security.

Conclusion

Using these, cPanel server will be secured from any unwanted technical or server problems.