SSH in to the Server with root login and run the following commands:
# mkdir /home/cpanel
# cd /home/cpanel
# wget http://layer1.cpanel.net/latest
# sh latest
You have successfully installed cpanel in your server. You can access it using the URL
http://ipaddress:2086
Showing posts with label whm. Show all posts
Showing posts with label whm. Show all posts
2009/10/24
2009/10/01
Cpanel Hardening
You should configure the following in your WHM (CPanel):
Main >> Server Configuration >> Tweak Settings
[x] Prevent the user ‘nobody’ from sending out mail to remote addresses (php and cgi scripts generally run as nobody if you are not using phpsuexec and suexec respectively.)
[x] Track the origin of messages sent though the mail server by adding the X-Source headers (exim 4.34+ required)
Main >> Security >> Fix Insecure Permissions (Scripts)
Main >> Security >> Tweak Security
“Compilers are disabled for unpriviledge users”
Main >> Service Configuration >> Enable/Disable SuExec
suexec Status “enabled”
Main >> Account Functions >> Disable or Enable Demo Mode
Select from “Users” the “demo” account and click “Modify” then click “Disable” if it exists :)
Main >> Server Configuration >> Tweak Settings
[x] Prevent the user ‘nobody’ from sending out mail to remote addresses (php and cgi scripts generally run as nobody if you are not using phpsuexec and suexec respectively.)
[x] Track the origin of messages sent though the mail server by adding the X-Source headers (exim 4.34+ required)
Main >> Security >> Fix Insecure Permissions (Scripts)
Main >> Security >> Tweak Security
“Compilers are disabled for unpriviledge users”
Main >> Service Configuration >> Enable/Disable SuExec
suexec Status “enabled”
Main >> Account Functions >> Disable or Enable Demo Mode
Select from “Users” the “demo” account and click “Modify” then click “Disable” if it exists :)
Access Awstats from outside of cpanel
Step 1.
Download awstats from http://awstats.sourceforge.net
Step 2.
Uncompress awstats-5.6.tgz
Step 3.
Copy the contents of the uncompressed cgi-bin folder from your hard drive to the user cgi-bin directory (this includes awstats.pl, awstats.model.conf, and the lang, lib and plugins sub-directories).
Step 4.
If necessary (should not be needed with most setups), edit the first (top-most) line of awstats.pl file that is #!/usr/bin/perl to reflect the path were your Perl interpreter is installed. Default value works for most of Unix OS, but it also might be #!/usr/local/bin/perl
Step 5.
Move AWStats icon sub-directories and its content into a directory readable by your web server, for example /home/users/public_html/icons
Step 6.
Copy awstats.model.conf file into a new file named awstats.myvirtualhostname.conf. This new file must be stored in /home/user/public_html/cgi-bin.
Step 7.
Edit this new config file with your own setup :
- Change LogFile value with full path of your web server log file
(The path is:
LogFile="/usr/local/apache/domlogs/domain.com").
- Check if LogFormat has the value "1" (it means "NCSA apache combined/ELF/XLF log format").
- Change DirIcons parameter to reflect relative path of icon directory.
(DirIcons="/icons")
- Edit SiteDomain parameter with the main domain name or the intranet web server name used to reach the web site to analyze (Example: www.mydomain.com).
IMPORTANT! - Change DirData to use the same Statics file than Cpanel Awstats and do not loose any entry.
(DirData="/home/user/tmp/awstats/")
Step 8.
Access AwStats by the URL:
www.domain.com/cgi-bin/awstats.pl?config=domain.com
Download awstats from http://awstats.sourceforge.net
Step 2.
Uncompress awstats-5.6.tgz
Step 3.
Copy the contents of the uncompressed cgi-bin folder from your hard drive to the user cgi-bin directory (this includes awstats.pl, awstats.model.conf, and the lang, lib and plugins sub-directories).
Step 4.
If necessary (should not be needed with most setups), edit the first (top-most) line of awstats.pl file that is #!/usr/bin/perl to reflect the path were your Perl interpreter is installed. Default value works for most of Unix OS, but it also might be #!/usr/local/bin/perl
Step 5.
Move AWStats icon sub-directories and its content into a directory readable by your web server, for example /home/users/public_html/icons
Step 6.
Copy awstats.model.conf file into a new file named awstats.myvirtualhostname.conf. This new file must be stored in /home/user/public_html/cgi-bin.
Step 7.
Edit this new config file with your own setup :
- Change LogFile value with full path of your web server log file
(The path is:
LogFile="/usr/local/apache/domlogs/domain.com").
- Check if LogFormat has the value "1" (it means "NCSA apache combined/ELF/XLF log format").
- Change DirIcons parameter to reflect relative path of icon directory.
(DirIcons="/icons")
- Edit SiteDomain parameter with the main domain name or the intranet web server name used to reach the web site to analyze (Example: www.mydomain.com).
IMPORTANT! - Change DirData to use the same Statics file than Cpanel Awstats and do not loose any entry.
(DirData="/home/user/tmp/awstats/")
Step 8.
Access AwStats by the URL:
www.domain.com/cgi-bin/awstats.pl?config=domain.com
Awstats not updating in the cpanel server
Problem related to awstats updation.. run the following scripts
/scripts/runweblogs
Check the stats after run the scripts. If the error still persists
vi /var/cpanel/cpanel.conf then edit the extracpus=0 to 2
Then execute /usr/local/cpanel/startup
After this, run the above scripts ... it will update the awstats.
-------------------------------------------------------------------------
This problem may occur when apache log files are over 2GB in size and new logs won't update. The best way to prevent this to delete domain logs from the following path
/usr/local/apache/domlogs/yourdomain.com.log
/scripts/runweblogs
Check the stats after run the scripts. If the error still persists
vi /var/cpanel/cpanel.conf then edit the extracpus=0 to 2
Then execute /usr/local/cpanel/startup
After this, run the above scripts ... it will update the awstats.
-------------------------------------------------------------------------
This problem may occur when apache log files are over 2GB in size and new logs won't update. The best way to prevent this to delete domain logs from the following path
/usr/local/apache/domlogs/yourdomain.com.log
2009/09/28
How to disble root logins in the cpanel server
Following steps will show you how to disable direct root login. If you are using cPanel server make sure you add your admin user to the ‘wheel’ group so that you will be able to ‘su -‘ to root, otherwise you may lock yourself out of root.
1. SSH into your server as ‘admin’ and gain root access by su
2. Copy and paste this line to edit the file for SSH logins
vi /etc/ssh/sshd_config
3. Find the line
Protocol 2, 1
4. Uncomment it and change it to look like
Protocol 2
5. Next, find the line
PermitRootLogin yes
6. Uncomment it and make it look like PermitRootLogin no
7. Save the file
8. Now you can restart SSH
/etc/rc.d/init.d/sshd restart
Now, no one will be able to login to root with out first loggin in as admin and ‘su -‘ to root, and you will be forcing the use of a more secure protocol. Just make sure you remember both passwords
1. SSH into your server as ‘admin’ and gain root access by su
2. Copy and paste this line to edit the file for SSH logins
vi /etc/ssh/sshd_config
3. Find the line
Protocol 2, 1
4. Uncomment it and change it to look like
Protocol 2
5. Next, find the line
PermitRootLogin yes
6. Uncomment it and make it look like PermitRootLogin no
7. Save the file
8. Now you can restart SSH
/etc/rc.d/init.d/sshd restart
Now, no one will be able to login to root with out first loggin in as admin and ‘su -‘ to root, and you will be forcing the use of a more secure protocol. Just make sure you remember both passwords
Subscribe to:
Posts (Atom)