Popular among both web hosting magnates and newbies, cPanel is the world’s most well known control panel. In terms of security, however, it isn’t necessarily a good thing that the control panel is so popular since its popularity makes it a target for exploits. There’s good news: in just a few minutes, you can dramatically reduce the risk of your server being exploited.
cPanel Hardening Script
We use a custom cPanel hardening script that we’re now sharing with the system administration community at large. It’s very easy. As a matter of fact, it’s just a script that walks you through everything.
Step 0 – Prerequisites
Let’s make sure that we have wget installed on the server, so we can download the script:
yum install wget
You should already have wget if you’ve installed cPanel, but there’s no harm in being sure.
Step 1 – Download the script
Now we’re going to download the hardening script file:
Step 2 – Run the script
Now we’re going to run the cPanel hardening script:
Step 3 – Let it run
The script will take a few minutes to run, depending on your server specs. It will ask a couple yes or no questions about whether to harden certain services within the server.
Don’t feel like hardening your server manually? No problem. Our managed VPS come pre-hardened, and we’ve already done the work for you.
What does the script do?
This script performs most of the common hardening tasks, including:
- Installs, configures, and tweaks ConfigServer Firewall (CSF)
- Installs ConfigServer Mail Manager (CSMM)
- Installs ConfigServer Mod Security (CSMC)
- Installs ConfigServer Mail Queue Manager (CMQ)
- Installs maldet and updates maldet rules
- Installs and configures rootkit hunter
- Tweaks cPanel settings (cPanel “Tweak Settings”)
- Enables and configures cPHulkD (brute force detection)
- Enables background process killer
- Hardens SSH daemon (change to custom port)
- Optimizes Apache settings
- Optimizes MySQL settings
- Tweaks FTP settings