Hi there,
I'm new to WHM, have a little Linux experience, and have used cPanel as an end user for a long time. I setup my first VPS and installed CentOS 6.4 (updated to 6.5) and WHM/cPanel yesterday. My VPS specs are: KVM-based, 4GB RAM, 6 cores, 150GB drive space. Partitions are simple: / and swap.
I am mainly interested in hosting my own sites, however, I might also host a handful of clients (not many, if any). Right now, all my domains are still with a shared hosting company, except the domain I am using for this VPS. Once I get this VPS locked down and running smoothly, I will start moving my shared hosting accounts to it.
I have come to a point where I thought I should start asking questions - a couple of problems and a couple of "I dunno's".
1. Security Advisor:
I ran the Security Advisor and got the following 'fails'
A) Apache vhosts are not segmented or chroot()ed - not sure about this yet
B) No brute force protection detected - will install CSF/LFD
C) Frontpage is installed
ISSUE: I used EasyApache to compile Apache 2.4.7, remove FrontPage, and add mod_bw
D) Current kernel version is out of date. current: 2.6.32-358.el6, expected: 2.6.32-431.1.2.0.1.el6
ISSUE: uname -a shows "Linux my.host.com 2.6.32-431.1.2.0.1.el6.x86_64 #1 SMP Fri Dec 13 13:06:13 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux"
E) SSH password authentication is enabled - not sure about this yet as I've never used ssh keys in lieu of passwords, will research
F) SSH direct root logins are permitted
ISSUE: I haven't set up a 2nd user account in CentOS yet. Do I just do this normally via cli (adduser/passwd user), or is there a section in WHM to do this? Also, do I add this user to sudoers normally via cli or is there a section in WHM to do this?
2. Main Account:
I haven't added any accounts or domains in WHM yet.
A) Is there a section in WHM to add the server owner's account with main server domain, or do I just create a normal cPanel account for myself with the main server domain plus addon domains for the rest of my domains?
B) I am not comfortable logging in as root to WHM. Is there a way to create a new WHM account that can still administer everything or is it normal to use the server's root account to log into WHM all the time?
3. SFTP to Access All User Homes:
A) I would like to be able to have a single SFTP login to access all user home directories. Is this possible?
B) If I decide to host other clients and want to give someone FTP access to their files, can I force SFTP?
C) If the answer to 3.B is yes, can I also keep them from having shell access outside of SFTP? This is probably a dumb question ...
Thanks in advance for any help,
cmo
I'm new to WHM, have a little Linux experience, and have used cPanel as an end user for a long time. I setup my first VPS and installed CentOS 6.4 (updated to 6.5) and WHM/cPanel yesterday. My VPS specs are: KVM-based, 4GB RAM, 6 cores, 150GB drive space. Partitions are simple: / and swap.
I am mainly interested in hosting my own sites, however, I might also host a handful of clients (not many, if any). Right now, all my domains are still with a shared hosting company, except the domain I am using for this VPS. Once I get this VPS locked down and running smoothly, I will start moving my shared hosting accounts to it.
I have come to a point where I thought I should start asking questions - a couple of problems and a couple of "I dunno's".
1. Security Advisor:
I ran the Security Advisor and got the following 'fails'
A) Apache vhosts are not segmented or chroot()ed - not sure about this yet
B) No brute force protection detected - will install CSF/LFD
C) Frontpage is installed
ISSUE: I used EasyApache to compile Apache 2.4.7, remove FrontPage, and add mod_bw
D) Current kernel version is out of date. current: 2.6.32-358.el6, expected: 2.6.32-431.1.2.0.1.el6
ISSUE: uname -a shows "Linux my.host.com 2.6.32-431.1.2.0.1.el6.x86_64 #1 SMP Fri Dec 13 13:06:13 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux"
E) SSH password authentication is enabled - not sure about this yet as I've never used ssh keys in lieu of passwords, will research
F) SSH direct root logins are permitted
ISSUE: I haven't set up a 2nd user account in CentOS yet. Do I just do this normally via cli (adduser/passwd user), or is there a section in WHM to do this? Also, do I add this user to sudoers normally via cli or is there a section in WHM to do this?
2. Main Account:
I haven't added any accounts or domains in WHM yet.
A) Is there a section in WHM to add the server owner's account with main server domain, or do I just create a normal cPanel account for myself with the main server domain plus addon domains for the rest of my domains?
B) I am not comfortable logging in as root to WHM. Is there a way to create a new WHM account that can still administer everything or is it normal to use the server's root account to log into WHM all the time?
3. SFTP to Access All User Homes:
A) I would like to be able to have a single SFTP login to access all user home directories. Is this possible?
B) If I decide to host other clients and want to give someone FTP access to their files, can I force SFTP?
C) If the answer to 3.B is yes, can I also keep them from having shell access outside of SFTP? This is probably a dumb question ...
Thanks in advance for any help,
cmo
