-
Notifications
You must be signed in to change notification settings - Fork 1
/
cpanel-server-setup.txt
160 lines (119 loc) · 4.91 KB
/
cpanel-server-setup.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
VERIFY PARTITION (/ should be atleast 100 GB if /usr and /var is not on its own)
df -h
/ = 120 GB
/home = grow
swap = 8 GB
yum -y install git
cd /root
git clone https://github.com/xmexpi/server-setup/
cd ~/server-setup
./centos/basic.sh
curl -s k.serverok.in/k | bash
-----------------------------------------------------
Convert Cpanel to Cloudlinx
-----------------------------------------------------
wget https://repo.cloudlinux.com/cloudlinux/sources/cln/cldeploy
sh cldeploy -k <activation_key>
If IP based license
sh cldeploy -i
-----------------------------------------------------
/usr/sbin/rhnreg_ks --activationkey=88804-CLN-c63946aca45d09add03c0a4395e368de --force
./ssh-keygen.ssh
./secure-ssh.sh
yum remove -y NetworkManager
bash /root/server-setup/cpanel/install.sh
bash /root/server-setup/cpanel/config.sh
# if CloudLinux
bash /root/server-setup/secure-sysctl.sh
# reboot to cloud linux kernal
bash /root/server-setup/cloudlinux.sh
On CentOS server
* Home > Software > EasyApache 4 > All PHP Options + OpCache
On CloudLinux
Home > Software > EasyApache 4 > PHP Modules
Provision = CloudLinux + All PHP Options + OpCache
Enable lsapi => https://www.serverok.in/cloudlinux-php-lsapi
/usr/bin/switch_mod_lsapi --enable-global
Home > Software > MultiPHP Manager
System PHP Version = PHP 7.3 (ea-php73)
System PHP-FPM Status = OFF
bash install/update-php-ini.sh
curl -sL https://gist.github.com/xmexpi/8fbcbda5f8fb578cf4a9a5ac5667d1da/raw > /var/cpanel/killproc.conf
cat /var/cpanel/killproc.conf
/root/server-setup/csf-install.sh
/root/server-setup/csf-config.sh
/root/server-setup/maldet-install.sh
sed -i 's/email_alert="0"/email_alert="1"/g' /usr/local/maldetect/conf.maldet
sed -i 's/email_addr="you@domain.com"/email_addr="xmexpi@gmail.com"/g' /usr/local/maldetect/conf.maldet
# Cpanel default page for HostOnNet servers ONLY.
# ONLY DO THIS AFTER ALL SITES MOVED.
# On s46, when we move, sites get index.html copied, that means live site started showing index.html, i deleted it with
# find /home -name 'index.html' -exec grep 'https://www.hostonnet.com/cpanel3-skel/style.css' {} \; -print | grep "/home"
mkdir -p /root/cpanel3-skel/public_html/
cp /root/server-setup/data/cpanel3-skel/index.html /root/cpanel3-skel/public_html/index.html
/bin/sed -i "s/LF_ALERT_TO\s*=.*$/LF_ALERT_TO = \"xmexpi@gmail.com\"/g" /etc/csf/csf.conf
/bin/sed -i "s/LF_ALERT_TO\s*=.*$/LF_ALERT_TO = \"xmexpi@gmail.com\"/g" /etc/csf/csf.conf
cat /var/cpanel/backups/config
whmapi1 enable_monitor_all_enabled_services
* Limit SSH access to our IP
* Home »Service Configuration » Service Manager => disable Mailman
* WHM > Security Center > Apache mod_userdir Tweak = ENABLE
* WHM > Security Center > Compiler Access = DISABLE
* Home »Security Center » Configure Security Policies > Password Age = 90
* Home »Security Center » ModSecurity™ Vendors »Manage Vendors => enable OSASP
* WHM > Security Center > Shell Fork Bomb Protection = ENABLE
* WHM > Security Center > SSH Password Authorization Tweak = DISABLED
* WHM > Security Center > cPHulk Brute Force Protection = DISABLE (use CSF)
* Home »Service Configuration » cPanel Log Rotation Configuration
* Home »Service Configuration » Exim Configuration Manager > Apache SpamAssassin™ Options > Scan outgoing messages for spam and reject based on defined Apache SpamAssassin = 4.5
* Home »Service Configuration » Exim Configuration Manager > Apache SpamAssassin™ Options > Do not forward mail to external recipients based on the defined Apache SpamAssassin™ score = 4.5
* Home > Service Configuration > Exim Configuration Manager > RBL
RBL: bl.spamcop.net = ON
RBL: zen.spamhaus.org = ON
* main >> backup >> configure Backup >> gogledrivedestination >> 4x weekly wensday >> 2x monthly 1st
* Plugin >> Jetbackup >> configure Backup >> sftp storage box >> under 25gb, inode 250000 ispod, 7days, 15days, 30days filter
* One backup a week 1x, 7days, 15days, 30days
Directories and Files to exclude
<<<<<<<<<<<<<<<<<
*.jpa
backup-*.tar.gz
cpmove-*.tar.gz
site-*.tar.gz
.MirrorSearch
*/com_akeeba/backup/*
*/backupbuddy_backups/*
*/.wysiwygPro_*
*/core.[0-9]*
public_html/cache/*
tmp/*
logs/*
.cagefs
.cagefs*
.cpan
.cpanel/caches
.cpanel/datastore
.cpcpan
.sqmailattach
.cpanel/*.sock
access-logs/*
*/error_log
public_ftp/*
softaculous_backups/*
*/wp-content/uploads/wpcf7_captcha/*
*/wp-content/widget-cache/*
*/wp-content/cache/*
*/wptsc-cachedir/*
>>>>>>>>>>>>>
* Home > Software > MultiPHP Manager > PHP Handlers = suphp
* Home > Plugins > ConfigServer Security & Firewall
cd /
rm -f engintron.sh
wget --no-check-certificate https://raw.githubusercontent.com/engintron/engintron/master/engintron.sh
bash engintron.sh install
#Sitepad installation and confinguration
- Brand Name: Name.Ba
- Site Name: Name.Ba Site Builder
- Editor Name: Name.Ba Site Builder
- Logo URL: https://name.ba/img/sitepad.png
- Top Themes: Name.Ba Site Builder - Themes
/usr/local/cpanel/scripts/check_security_advice_changes