Antivirus & Antimalware for Linux Servers
Scanning your system for different types of unwanted programs can help identify issues, or at least give you the peace of mind for having a clean server. There are multiple options for making sure your server is clean of any malware, this guide goes over the top scanning software you…RunCloud and iThemes for Wordpress
Like most good hosting support folks, security tops the list of my priorities. While a good firewall, and true Web Application Firewall are the best means for helping with this, sometimes shared hosting services will not change the configurations they have in place to support the necessary security for a…Proper Website Content Security nGinx Configuration
Wow! It's been a little while since I have had the time to post another article. Well, here I am again, back at it.This time, I will show you an optimal way to keep your site secure utilizing a bit of nginx configuration. You will need to do some work…cPanel Configuration Files and Handy Commands for Shell
Since I use cPanel and CentOS alot now a days, I want to make sure that I have a handy place I can keep and search for anything I might need for configuring or managing the servers. Without any further ado, I present you the most comprehensive list of cPanel…- 1
- 2
Cookie Notice
This site utilizes cookies to improve your browsing experience, analyze the type of traffic we receive, and serve up proper content for you. If you wish to continue browsing, you must agree to allow us to set these cookies. If not, please visit another website.
cPanel Configuration Files and Handy Commands for Shell
Since I use cPanel and CentOS alot now a days, I want to make sure that I have a handy place I can keep and search for anything I might need for configuring or managing the servers.
Without any further ado, I present you the most comprehensive list of cPanel Stuff, I have ever seen 😉
Configurations and Services They Are Tied To
-
CPanel
- Configuration File: cpanel.config
- Path: /var/cpanel/cpanel.config
- Service: cpanel
-
Apache
- Default Port: 80
- Configuration File: httpd.conf
- Path: /etc/httpd/conf/httpd.conf Or /usr/local/apache/conf/httpd.conf
- Service: httpd
-
Exim
- Configuration File: exim.conf
- Path: /etc/exim.conf
- Service: exim
-
Bind
- Default Port: 53
- Configuration File: named.conf
- Path: /etc/named.conf
- Service: named
- DB location: /var/named
-
FTP server
- proftp
- Default Port: 20, 21
- Configuration File: proftpd.conf
- Path: /etc/proftpd.conf
- Service: proftpd
- pureftp
- Default Port: 20, 21
- Configuration File: pure-ftpd.conf
- Path: /etc/pure-ftpd.conf
- Service: pure-ftpd
- proftp
-
MySQL
- Default Port: 3306
- Configuration File: my.cnf
- Path: /etc/my.cnf
- Service: mysql
- Recommended Configuration
-
query_cache_type=1 query_cache_size=16M query_cache_limit=1M sort_buffer_size=4M join_buffer_size=4M tmp_table_size=4M max_heap_table_size=4M thread_cache_size=16M max_connections=250 max_allowed_packet=16M key_buffer_size=128M read_buffer_size=256K
-
-
PHP
- Configuration File: php.ini
- Path: /usr/local/lib/php.ini
- Recommended Configuration
-
nGinx
- Configuration File: nginx.conf
- Path: /etc/nginx/nginx.conf
- Service: nginx
- Recommended Global Configuration
-
user www-data; worker_processes 8; pid /run/nginx.pid; events { worker_connections 768; # multi_accept on; } http { sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 10; types_hash_max_size 2048; server_tokens off; fastcgi_read_timeout 3600; include /etc/nginx/mime.types; default_type application/octet-stream; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; gzip on; gzip_disable "msie6"; gzip_vary on; gzip_proxied any; gzip_comp_level 9; gzip_buffers 16 32k; gzip_min_length 50; gzip_types text/css text/plain text/javascript application/javascript application/json application/x-javascript application/xml application/xml+rss application/xhtml+xml application/x-font-ttf application/x-font-opentype application/vnd.ms-fontobject image/svg+xml image/x-icon application/rss+xml application/atom_xml; ignore_invalid_headers on; client_max_body_size 1024M; client_body_buffer_size 15m; client_header_timeout 400; client_body_timeout 400; send_timeout 400; connection_pool_size 256; client_header_buffer_size 4k; large_client_header_buffers 4 32k; request_pool_size 4k; output_buffers 4 32k; postpone_output 1460; open_file_cache max=10000 inactive=10m; open_file_cache_valid 2m; open_file_cache_min_uses 1; open_file_cache_errors on; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; }
-
- Recommended VHost Configuration
- NOTE: Since CPanel needs Apache to run, we have to set nGinx and php-fpm as proxies. This one is made special for WordPress
-
server { listen 80; server_name www.yourdomainname.com; rewrite ^(.*) http://yourdomainname.com$1 permanent; } server { listen 80; server_name yourdomainname.com; client_max_body_size 5m; client_body_timeout 60; access_log /var/log/nginx/yourdomainname.com.log; error_log /var/log/nginx/yourdomainname.com error; root /home/theaccountname/public_html; index index.html index.php; ### root directory ### location / { try_files $uri $uri/ /index.php?$args; } ### security ### error_page 403 =404; location ~ /. { access_log off; log_not_found off; deny all; } location ~ ~$ { access_log off; log_not_found off; deny all; } location ~* wp-admin/includes { deny all; } location ~* wp-includes/theme-compat/ { deny all; } location ~* wp-includes/js/tinymce/langs/.*.php { deny all; } location /wp-includes/ { internal; } #location ~* wp-config.php { deny all; } location ~* ^/wp-content/uploads/.*.(html|htm|shtml|php)$ { types { } default_type text/plain; } # Uncomment this to block access # location ~* wp-admin { # allow <YOUR_IP>; # allow 127.0.0.1; # deny all; # } ### disable logging ### location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } ### caches ### include /etc/nginx/conf.d/caches.conf; ### php block ### location ~ .php?$ { try_files $uri =404; include fastcgi_params; #fastcgi_pass 127.0.0.1:9001; fastcgi_pass unix:/var/run/php-main.socket; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_intercept_errors on; fastcgi_split_path_info ^(.+.php)(.*)$; #Prevent version info leakage fastcgi_hide_header X-Powered-By; } }
-
php-fpm
- Configuration File: www.conf
- Path: /etc/php-fpm.d/www.conf
- Service: php5-fpm
- Recommended Configuration
-
user = nginx group = nginx pm = dynamic pm.max_children = 16 # 50% Available RAM pm.start_servers = 2 # 25% of Total CPU Cores pm.min_spare_servers = 1 pm.max_spare_servers = 8 # Total CPU Cores pm.max_children = 10 pm.max_requests = 500
-
-
Networking Setup
- /etc/sysconfig/network
- /etc/hosts – Host entries
- /etc/resolv.conf – Resolver Configuration
- /etc/nameserverips – Nameserver IPs
-
clamav
- Configuration File: clamav.conf
- Path: /etc/clamav.conf
- Service: clamd
Contents of /home/user
- etc
- logs
- public_html
- public_ftp
- hidden directories
Accessing The Control Panel
- https://192.168.0.1:2083
- This URL allows you to access cPanel over an encrypted connection with your IP address.
- https://example.com:2083
- This URL allows you to access cPanel over an encrypted connection with your domain name.
- http://192.168.0.1:2082
- This URL allows you to access cPanel over an unencrypted connection with your IP address.
- http://example.com:2082
- This URL allows you to access cPanel over an unencrypted connection with your domain name.
- WHM Ports: 2086 and 2087
- WebMail Ports: 2095 and 2096
Scripts & Usage (common first)
- Change CPanel Password
- /scripts/chpass username password
- Syncronize FTP Password
- /scripts/ftpupdate
- CPHulk Whitelisting
- /scripts/cphulkdwhitelist XXX.XXX.XXX.XXX # IP Address
- CSF/LFD Whitelisting
- csf -a XXX.XXX.XXX.XXX #Allow an IP Address
- csf -dr XXX.XXX.XXX.XXX #Remove an IP Address from the blacklist
- csf -r #Restart
- Check for Shellshock Bash Hack
- env X=”() { :;} ; echo shellshock” /bin/sh -c “echo completed”
- env X=”() { :;} ; echo shellshock” `which bash` -c “echo completed”
- Check for Base64 or Eval Hacks
-
#!/bin/bash for filename in /home/* ; do ACCT=$(stat -c '%U' "$filename"); if [ -d "$filename" -a "$ACCT" != "root" ]; then #Possible File Hacks find /home/$ACCT/public_html/ ( -name "*.php" ) -type f -print0 | xargs -0 grep --binary-files=without-match -ir "base64_decodes*(" | awk '{print $1}' | cut -d: -f 1 >> /possible-hacks.txt; find /home/$ACCT/public_html/ ( -name "*.php" ) -type f -print0 | xargs -0 grep --binary-files=without-match -ir "evals*(" | awk '{print $1}' | cut -d: -f 1 >> /possible-hacks.txt; #Possible Image Hacks find /home/$ACCT/public_html/ ( -name "*" ) -type f -print0 | xargs -0 grep --binary-files=without-match -ir "base64_decodes*(" |grep 'jpg|gif|png|bmp' | awk '{print $1}' | cut -d: -f 1 >> /possible-image-hacks.txt; find /home/$ACCT/public_html/ ( -name "*" ) -type f -print0 | xargs -0 grep --binary-files=without-match -ir "evals*(" |grep 'jpg|gif|png|bmp' | awk '{print $1}' | cut -d: -f 1 >> /possible-image-hacks.txt; fi; done;
-
- Rebuild Httpd Config
- /scripts/rebuildhttpdconf
- Clean Out Old Logs
- find /the/path/to/search -type f -name “*.log” -mtime +30 -exec rm -f {} ;
- Full Account Backup
- /scripts/pkgacct ACCOUNTNAME
- backup is stored in /home as cpmove-ACCOUNT.tar.gz
- Full Account Restore
- /scripts/restorepkg –force /path/to/cpmove-file.tar.gz
- Verify CPanel License
- /usr/local/cpanel/cpkeyclt
- Watch an Accounts Traffic
- tail -f /usr/local/apache/domlogs/accountname/accountdomain.ext
- View All Current Connections
- netstat -an –inet
Scripts & Usage (alphabetical)
https://documentation.cpanel.net/display/ALD/WHM+Scripts#WHMScripts-Scripts