The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security Advisor

Discussion in 'Security' started by Audiopro, Oct 18, 2014.

  1. Audiopro

    Audiopro Active Member

    Joined:
    Feb 15, 2014
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    The following items are highlighted in security advisor should they all be implemented or should some of them be ignored?

    Apache vhosts are not segmented or chroot()ed.
    No symlink protection detected
    No brute force protection detected
    ClamAV is not installed
    SSH password authentication is enabled.
    Outbound SMTP connections are unrestricted
     
  2. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    These are a Must if you are selling shared accounts and do not impact performance (csf might depending on how large your iptables rules are)

    No symlink protection detected: use cloudLinux cagefs or enable Symlink Race Condition Protection in easy Apache

    No brute force protection detected: install csf (configure server Firewall), enable cPHulk Brute Force Protection or
    both personally I use just csf

    Outbound SMTP connections are unrestricted: enable SMTP tweak in tweak settings or if using CSF disable it in WHM and enable SMTP_BLOCK in csf

    These recommended but on a case by case
    Apache vhosts are not segmented or chroot()ed.: Use CageFS on CloudLinux if not using mod_ruid2 or Jail Apache Virtual Hosts using mod_ruid2 and cPanel® jailshell its still tagged as experimental I do not use it so I can't comet on the how well it works perhaps others who use it can.

    ClamAV is not installed: will not be able to scan for viruses on your system files & email. note ClamAV can use a lot of memory so if your limited on memory such as running in a VPS you may not want to enable


    This should probably be a Must I only put it down here because most new users mess this up and lock themselves out of their server
    SSH password authentication is enabled: disable & su to root adding a specific user to Manage Wheel Group Users or better yet set up ssh keys
     
  3. Audiopro

    Audiopro Active Member

    Joined:
    Feb 15, 2014
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Wow - thanks very much for the in depth response, I will study it and implement your suggestions.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,807
    Likes Received:
    667
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Also, generally speaking, it's typically a good idea to implement changes to protect against those highlighted items unless you have a specific reason not to.

    Thank you.
     
  5. Liton Podder

    Liton Podder Registered

    Joined:
    Apr 19, 2015
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Bangladesh
    cPanel Access Level:
    Reseller Owner
    Hey, Thanks for the usefull information. From Few days i face this problem. Now i am able to solve my problem. So again thanks for the post.
     
  6. mywhm

    mywhm Active Member

    Joined:
    Jan 15, 2014
    Messages:
    27
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Hi there.

    see this:

    Implemented case 107165: Remove experimental tag from PHP 5.5 and ModRuid2

    Year: 2014

    more in:

    https://forums.cpanel.net/threads/mod_ruid-jailshell-how-to-enable.418412/
     
Loading...

Share This Page