Securing a Linux Server especially cPanel servers may not be as hard as you think if you use today’s available tools to assist.
I’ll list a few that could assist in securing any cpanel server better, thus keep your clients happier and their websites safer from malware, hacking,etc.
Lets start off with the basics.
1. SSH Port. Always change this port. This can be done on Centos in the /etc/sshd/sshd_config file.
2. Make a strong root password. Always do this.
3. Create a secondary root account incase primary is forgotten.
4. Update Linux using Yum or apt
Now the nice things to list.
5. Use CSF – Config Server Firewall. Open only ports that are needed and nothing more. Set limits on LF_POP, LF_MODSEC to block IPs based on hit rate. Ensure you increase the maximum of IPs that can be stored and set a limit to how long it keeps these IPs. Use the Check Security Features and harden PHP using Suhosin as recommended and disable functions as listed. Disabling ini_set may make some websites break so rather leave that off when you start. Also disable unneeded services as listed. Secure /tmp folder.
6. Move on to modsecurity. Install Atomic Rules, delayed or pad versions just ensure you have rules enabled and working. Use CMC to manage whitelists which is also available on Config Server website.
7. Install rootkit hunter and set it’s cronjob. Run an initial scan to test that it works. Ensure you set it to email you daily.
8. Install Linux malware scanner or CXS from Config Server to secure FTP uploads, Website page loads and scan all files each day to ensure websites have no hidden malware within them when being transferred from other ISPs or being uploaded by your clients. This is especially useful when clients try to upload “nulled” scripts which have “code” within them that an attacker could use or has embedded.
9. Use SuPHP, Suhosin, suExec and customize PHP’s php.ini, also disable any unneeded PHP modules.
10. Use CloudLinux with CageFS
11. Do not install ALL Modules of Apache only that which are required.
12. Ensure all updates have been done.
13. Lastly monitor logs daily, preferrably every 6 hours or so, if not every hour 🙂
Note the above is not everything but covers what I believe to be the most important things to consider when offering secure and stable web hosting to clients. If you have any questions feel free to visit our website at http://www.hostking.co.za and catch us on live chat or email us at firstname.lastname@example.org with any questions you may have even if not a client of ours 🙂