cPanel is the world’s leading hosting control panel in web hosting industry today. All features and tasks are accessible via a web interface and on top of that it provides all needed multiple levels of access for administrators, resellers and end-users right out of the box. In this article we will describe how one can install cPanel on a CentOS VPS/dedicated server. Later on we will make some common security tweaks and finally we will try to troubleshoot some common problems.
Disclaimer/Common logic: Please note that many parts of this cPanel installation guide are coming directly from scripts that we use inhouse and we can not guarantee it will work for you. Always check cPanel's formal latest installation requirements we hold no responsibility etc.
First things first: We configure the OS (CentOS) for cPanel installation according to cPanel's requirements, usually the only thing we need to change to a fresh installation of CentOS (6.4 at the time this article is being written) is removing Postfix (E-mail server), disabling SELINUX, and turning iptables off. After that we proceed with necessary OS updates.
yum groupremove "E-mail server" -y
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
chkconfig iptables off
service iptables stop
yum install -y screen
yum update -y && reboot
After reconnecting to the server we are pretty much ready to go, cPanel's installation is pretty simple, but it will take some time. All installations' rules apply here as well, we don't want it to be disrupted, so we use the screen command we have just installed again.
wget -N http://httpupdate.cpanel.net/latest
So are we ready to go? Well, there are a few steps regarding security we would make us feel more comfortable once followed. These are: Installation of CSF Firewall and I.D.S. plugin, disabling some PHP functions, mostly the ones recommended by CSF.
Again the installation is pretty simple
rm -fv csf.tgz
tar -xzf csf.tgz
Once installed you may browse some security recommendations under WHM -> Plugins -> ConfigServer Security&Firewall -> Check Server Security. In this example we will quic 'n' dirty apply a bunch of security tweaks. Please advise CSF's quite explanatory README for the below changes.
echo 'local-infile=0' >> /etc/my.cnf
sed -i 's/TESTING = "1"/TESTING = "0"/g' /etc/csf/csf.conf
sed -i 's/TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096"/TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,10022"/g' /etc/csf/csf.conf
sed -i 's/TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,2086,2087,2089,2703"/TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,2086,2087,2089,2703,10022"/g' /etc/csf/csf.conf
sed -i 's/IPV6 = "0"/IPV6 = "1"/g' /etc/csf/csf.conf
sed -i 's/SYSLOG_CHECK = "0"/SYSLOG_CHECK = "300"/g' /etc/csf/csf.conf
sed -i 's/FASTSTART = "0"/FASTSTART = "1"/g' /etc/csf/csf.conf
sed -i 's/SMTP_BLOCK = "0"/SMTP_BLOCK = "1"/g' /etc/csf/csf.conf
sed -i 's/LF_SCRIPT_ALERT = "0"/LF_SCRIPT_ALERT = "1"/g' /etc/csf/csf.conf
sed -i 's/PT_ALL_USERS = "0"/PT_ALL_USERS = "1"/g' /etc/csf/csf.conf
sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
sed -i 's/#Port 22/Port 10022/g' /etc/ssh/sshd_config
sed -i 's/enable_dl = On/enable_dl = Off/g' /usr/local/lib/php.ini
sed -i 's/disable_functions =/disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen/g' /usr/local/lib/php.ini
service sshd restart
service mysql restart
service portreserve stop
chkconfig portreserve off
service lfd restart
There are not really that much errors that will make cPanel's installer to fail. Maybe the most common one is: "cpanel Fatal! Perl must be installed before proceeding!" in case perl isn't installed by default. In that case:
yum install perl
will do the trick
That's all pretty much, the rest of configuration may be done through WHM panel and/or depending your environment (for example EasyApache build profile). You may also want to consider some tools like: MySQLTuner