How to secure your server via WHM?

How to secure your server via WHM?

Secure your server via WHM first login to your WHM.

  • Login to WHM >> Server Configuration >> Tweak Settings and then disable below options.
[*]Disallow users from adding /parking on common internet domains. Like. hotmail.com etc
[*]Allow user to reset there CPanel password through email.
[*]Set Fail default address behavior and Default catch-all for your new account
WHM1.png

  • After that go to WHM >> Security >> Manage Wheel Group Users

[*]Delete all the present user available in “Manage Wheel Group Users” field but don’t from your root
[*]Wheel group account.
1.png

  • Disable all the Anonymous FTP through : WHM >> Service Configuration >> FTP Configuration
2.png

  • If you don’t need to enable shell access then disable shell access for all users through: WHM >> Account Functions >> Manage Shell Access
3.png

  • Change your root password for MYSQL through: WHM >> SQL Services >> MySQL Root Password
4.png

  • After making all the changes scan Trojan Horses from your WHM account. you can do this once in a week.
  • If you don’t want to allow access your server to any third person without your permission then disable “Allow Creation of Packages with Shell Access” and enable “Prevent Accounts from being created with shell access”
  • Update your kernel version. Update the system’s software by running ’yum update’ from the command line and reboot the system.

  • Disable SSH password authentication in the “SSH Password Authorization Tweak” area through:
WHM >> "Security Center" >> "SSH Password Authorization Tweak"
  • Do not permit SSH direct root logins.
    You can do it by manually edit /etc/ssh/sshd_config file and change PermitRootLogin to “without-password” or “no”, then restart SSH in the “Restart SSH” area in WHM.
WHM >> "Restart Services" >> "SSH Server (OpenSSH)"
  • Upgrade to KernelCare. KernelCare provides an easy and effortless way to ensure that your operating system uses the most up-to-date kernel without the need to reboot your server.
    You can install it on CloudLinux server through: https://www.cloudlinux.com/kernelcare-installation

  • Change Password strength requirements to moderate or Strong.
    Configure a Default Password Strength of at least 65 in the “Password Strength Configuration” area through:
WHM >> "Security Center" >> "Password Strength Configuration"
  • Enable CageFS for users on the Server. CageFS is a virtualized file system and a set of tools to contain each user in its own 'cage'. Each customer will have its own fully functional CageFS, with all the system files, tools, etc.
    You can enable it through:
WHM >> "CageFS" >> "CageFS User Manager"
  • Enable cPHulk Brute Force Protection on server through:
WHM >> "Security Center" >> "cPHulk Brute Force ProtectionDocumentation" >> "ON"
  • Disable Entropy Chat on server. To disable Entropychat in particular, uncheck the "Enabled" checkbox next to it in
WHM >> "Service Configuration" >> "Service Manager"
  • Remove MySQL test databases. You can remove test databases through:
mysql -u root -p
Enter password: (enter root password here)
mysql> DELETE FROM mysql.db WHERE Db LIKE 'test%';
mysql> FLUSH PRIVILEGES;
  • MySQL check for anonymous users:
mysql -u root -p
Enter password: (enter root password here)
mysql> DROP USER ''@'localhost';
mysql> DROP USER ''@'host_name';
  • Block MySQL port on server firewall, effectively allowing only local connections.
WHM >> "Plugins" >> "ConfigServer Security & Firewall" >> " Firewall Configuration" >> remove MYSQL port from TCP_IN and TCP_OUT.
  • Enable “Query Apache server status to determine the sender of email sent from processes running as nobody” in the “Exim Configuration Manager” area's “Basic Editor”
WHM >> "Service Configuration" >> "Exim Configuration Manager" >> “Basic Editor” >> select ON for "Query Apache server status to determine the sender of email sent from processes running as nobody".
Author
bhawanisingh
Views
4,516
First release
Last update
Rating
0.00 star(s) 0 ratings
Top