Setting up a new cPanel server

  1. Portal Home
  2. Knowledgebase
  3. Setting up a new cPanel server

1) Install Centos

2) Install cPanel

cd /home/wget http://layer1.cpanel.net/latest
sh latest
# This will complete in 1-2hours time

3) Secure SSH Secure

vi /etc/ssh/sshd_config
# Change the port to 55000
# Make sure if you have firewall (csf) install before changing this, make sure you added 55000 into TCP_IN
# Change "UseDNS" to no.
service sshd restart

4) Recompile Apache

Go to WHM -> Software » EasyApache (Apache Update)

Upload Profile -> enter http://serverfreak.net/apache/sf_websetup_140211.yaml

After upload, you will see ServerFreak Config in the list. Then
compile using the same profile.

Note: my .yaml profile is built based on php 5.3

If customer need other version, reselect other php version.

5) Optimize MYSQL (5.5)
 
cd /etc
rm my.cnf
wget http://serverfreak.net/mysql/5.5/my.cnf
service mysql restart
#If MYSQL failed to start, please remove my.cnf, if might be some value not compatible
 
6) Edit default php.ini
 
vi /usr/local/lib/php.ini
#Change memory_limit to 256M
#Change post_max_size to 100M
#Change upload_max_filesize to 100M
 
7) Install ClamAV, go to WHM -> Manage Plugins -> clamavconnector tick and save.
 
8) cPanel Configuration
a) WHM -> Tweak Settings ->
Mail ->
Initial default/catch-all forwarder destination -> Set to "fail",
Max hourly emails per domain -> Set to "250",
Enable BoxTrapper spam trap -> Set to "Off"
 
 
PHP ->
cPanel PHP loader -> Select "ioncubeloader"
 
Security ->
Cookie IP validation -> Select "disabled"
Blank referrer safety check -> On
Referrer safety check -> On
 
Stats Program ->
All set to disable Except for Awstats
 
b) WHM -> Configure Customer Support -> Set to "disabled"
 
c) WHM -> Security Center ->
 
Apache mod_userdir Tweak -> tick "Enable mod_userdir protection" and tick "nobody"
 
Compiler Access -> Disable Compilers
 
Configure Security Policies -> tick "Password Strength" -> click on Password Strength Configuration ->Default Required Password Strength -> Set to 40
 
cPHulk Bruteforce Protection -> Disabled
 
PHP open_basedir Tweak -> Enable
 
Shell Fork Bomb Protection -> Enable
 
d) Server Contacts -> Edit System Mail Preferences -> root email set to "monitor2@serverfreak.biz"
 
e) Server Configuration - >
 
Apache Configuration ->
 
SSL Cipher Suite -> Select "2nd" option
Trace Enable -> Off
Server Signature -> Off
Server Tokens -> Product Only
File ETag -> None
Keep Alive -> Off
Save
 
FTP Configuration
Allow Anonymous Logins -> No
Allow Anonymous Uploads -> No
Allow Logins with Root Password -> No
 
Exim Configuration Manager
RBLS -> RBL: zen.spamhaus.org -> On
Security -> Scan messages for malware from authenticated senders (exiscan). -> On
 
Service Manager
exim on another port -> Set enabled, monitor and set 26,587
httpd -> enabled, monitor
exim -> enabled, monitor
clamd -> enabled, monitor
cpdavd -> enabled, monitor
crond -> enabled, monitor
ftpd -> enabled, monitor
imap -> enabled, monitor
mysql -> enabled, monitor
ipaliases -> enabled, monitor
pop -> enabled, monitor
spamd -> enabled, monitor
syslogd -> enabled, monitor
sshd -> enabled, monitor
 
f) System Health -> Background Process Killer -> Enable all
 
9) Install Config Server Firewall
cd ~
wget http://configserver.com/free/csf.tgz
tar xzvf csf.tgz
cd csf*
sh install.sh
cd ~
rm -rf csf*
go to WHM -> Plugins -> ConfigServer Security & Firewall -> Firewall Configuration -> Testing set to 0
 
 

  Print