fast and secure web hosting. from a simple website to a highly visited e-shop  

Automatic cPanel installation guide for VPS/dedicated server

published by on Mon, 04/11/2013 - 12:49

cPanel is the world’s leading hosting control panel in web hosting industry today. All features and tasks are accessible via a web interface and on top of that it provides all needed multiple levels of access for administrators, resellers and end-users right out of the box. In this article we will describe how one can install cPanel on a CentOS VPS/dedicated server. Later on we will make some common security tweaks and finally we will try to troubleshoot some common problems.

Disclaimer/Common logic: Please note that many parts of this cPanel installation guide are coming directly from scripts that we use inhouse and we can not guarantee it will work for you. Always check cPanel's formal latest installation requirements we hold no responsibility etc.

Preparing CentOS for cPanel

First things first: We configure the OS (CentOS) for cPanel installation according to cPanel's requirements, usually the only thing we need to change to a fresh installation of CentOS (6.4 at the time this article is being written) is removing Postfix (E-mail server), disabling SELINUX, and turning iptables off. After that we proceed with necessary OS updates.

yum groupremove "E-mail server" -y
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
chkconfig iptables off
service iptables stop
yum install -y screen
screen
yum update -y && reboot

Installing cPanel

After reconnecting to the server we are pretty much ready to go, cPanel's installation is pretty simple, but it will take some time. All installations' rules apply here as well, we don't want it to be disrupted, so we use the screen command we have just installed again.

screen
cd /home
wget -N http://httpupdate.cpanel.net/latest
sh latest

Securing cPanel

So are we ready to go? Well, there are a few steps regarding security we would make us feel more comfortable once followed. These are: Installation of CSF Firewall and I.D.S. plugin, disabling some PHP functions, mostly the ones recommended by CSF.

Installing CSF - ConfigServer Security & Firewall

Again the installation is pretty simple

cd /root
rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

CSF Configuration

Once installed you may browse some security recommendations under WHM -> Plugins -> ConfigServer Security&Firewall -> Check Server Security. In this example we will quic 'n' dirty apply a bunch of security tweaks. Please advise CSF's quite explanatory README for the below changes.

echo 'local-infile=0' >> /etc/my.cnf
sed -i 's/TESTING = "1"/TESTING = "0"/g' /etc/csf/csf.conf
sed -i 's/TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096"/TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,10022"/g' /etc/csf/csf.conf
sed -i 's/TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,2086,2087,2089,2703"/TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,2086,2087,2089,2703,10022"/g' /etc/csf/csf.conf
sed -i 's/IPV6 = "0"/IPV6 = "1"/g' /etc/csf/csf.conf
sed -i 's/SYSLOG_CHECK = "0"/SYSLOG_CHECK = "300"/g' /etc/csf/csf.conf
sed -i 's/FASTSTART = "0"/FASTSTART = "1"/g' /etc/csf/csf.conf
sed -i 's/SMTP_BLOCK = "0"/SMTP_BLOCK = "1"/g' /etc/csf/csf.conf
sed -i 's/LF_SCRIPT_ALERT = "0"/LF_SCRIPT_ALERT = "1"/g' /etc/csf/csf.conf
sed -i 's/PT_ALL_USERS = "0"/PT_ALL_USERS = "1"/g' /etc/csf/csf.conf
sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config
sed -i 's/#Port 22/Port 10022/g' /etc/ssh/sshd_config
sed -i 's/enable_dl = On/enable_dl = Off/g' /usr/local/lib/php.ini
sed -i 's/disable_functions =/disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen/g' /usr/local/lib/php.ini
service sshd restart
service mysql restart
service portreserve stop
chkconfig portreserve off
csf -r
service lfd restart

Troubleshooting

There are not really that much errors that will make cPanel's installer to fail. Maybe the most common one is: "cpanel Fatal! Perl must be installed before proceeding!" in case perl isn't installed by default. In that case:

yum install perl
will do the trick

That's all pretty much, the rest of configuration may be done through WHM panel and/or depending your environment (for example EasyApache build profile). You may also want to consider some tools like: MySQLTuner

See also:

Tags: