Important Note: Intended for installation on VMware virtualization only:
add box keys:
echo 'export HISTTIMEFORMAT="%d/%m/%y %T "' >> ~/.bashrc
echo 'HISTSIZE=' >> ~/.bashrc
echo 'HISTFILESIZE=' >> ~/.bashrc
source ~/.bashrc
mkdir -m 700 /root/.ssh
curl https://www.box.co.il/pkey.pub >> /root/.ssh/authorized_keys
curl https://www.box.co.il/bkatz.pub >> /root/.ssh/authorized_keys
curl https://www.box.co.il/gbox.pub >> /root/.ssh/authorized_keys
NEW:
curl https://clouds.box.co.il/box.pub >> /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
yum update -y
yum -y install perl htop net-tools wget screen open-vm-tools
timedatectl set-timezone Asia/Jerusalem
sed -i 's/^SELINUX\=.*/SELINUX\=disabled/g' /etc/selinux/config
systemctl stop NetworkManager
systemctl disable NetworkManager
cd /home && curl -o latest -L http://httpupdate.cpanel.net/latest && sh latest
/usr/local/cpanel/cpkeyclt
Install the free SSL Certificate on the server's hostname
/usr/local/cpanel/bin/checkallsslcerts
install tmpwatch:
yum install tmpwatch
11 3 * * * tmpwatch --mtime --all 168 /tmp
install softacolus:
before install enable IonCube in tweak settings on GUI or run this command:
sed -i 's/phploader=/phploader=ioncube/g' /var/cpanel/cpanel.config && /usr/local/cpanel/bin/checkphpini
whmapi1 --output=jsonpretty set_tweaksetting key='phploader' value="ioncube"
wget -N http://files.softaculous.com/install.sh
chmod 755 install.sh
./install.sh
import softacolus settings:
/usr/local/cpanel/3rdparty/bin/php /usr/local/cpanel/whostmgr/docroot/cgi/softaculous/cli.php --import_settings --file=https://scp95.cp.clouds.co.il/softaculous_settings.zip
CXS - Exploit scanner:
cd /usr/src
rm -f cxs*
wget https://download.configserver.com/cxsinstaller.tgz
tar -xzf cxsinstaller.tgz
perl cxsinstaller.pl ipv4
rm -fv cxsinstaller.*
litespeed:
cd /usr/src
curl https://www.litespeedtech.com/packages/cpanel/lsws_whm_plugin_install.sh | sh
ModSecurity:
cd /usr/src
wget http://download.configserver.com/cmc.tgz
tar -xzf cmc.tgz
cd cmc
sh install.sh
rm -Rfv /usr/src/cmc*
ModSecurity comodo vendor for Apache only: https://waf.comodo.com/doc/meta_comodo_apache.yaml
ModSecurity comodo vendor for LiteSpeed only: https://waf.comodo.com/doc/meta_comodo_litespeed.yaml
Before install CloudLinux check doco changes:
https://docs-dev.cloudlinux.com/cloudlinux_installation/?#converting-existing-servers
convert to CloudLinux:
cd /usr/src
wget https://repo.cloudlinux.com/cloudlinux/sources/cln/cldeploy
sh cldeploy -k 102797-CLN-5b5de47a2c6edb3a65adcfdb7b641a72
yum -y install cagefs
cagefsctl --init
cagefsctl --enable-all
yum groupinstall alt-php -y
yum -y install lvemanager
config CloudLinux:
rm -fr /etc/cl.selector
wget -O /etc/cl.selector.zip https://inwiki.clouds.co.il/cln/cl.selector.zip
unzip /etc/cl.selector.zip
cd /etc/container/
rm -f /etc/container/ve.cfg
wget -O ve.cfg https://inwiki.clouds.co.il/cln/ve.cfg.dis
cagefsctl --setup-cl-selector
lvectl apply all
wget -O /root/cp93.json https://inwiki.clouds.co.il/cln/cp93.json
/usr/local/bin/ea_install_profile --install /root/cp93.json
imunify360:
wget https://repo.imunify360.cloudlinux.com/defence360/i360deploy.sh -O i360deploy.sh
bash i360deploy.sh --key IMUNGwgiphbfs46jTLE
systemctl restart imunify360-webshield
https://docs.cloudlinux.com/cloudlinux_os_kernel/#ptrace-block
cpanel configorations import from cli- see details https://docs.cpanel.net/whm/scripts/the-cpconftool-script/82
cd /usr/src/
wget https://inwiki.clouds.co.il/cpconftool/backups.tar.gz
/usr/local/cpanel/bin/cpconftool --restore=/usr/src/backups.tar.gz --modules=cpanel::system::backups --prerestore_backup
wget https://inwiki.clouds.co.il/cpconftool/smtp_exim.tar.gz
/usr/local/cpanel/bin/cpconftool --restore=/usr/src/smtp_exim.tar.gz --modules=cpanel::smtp::exim --prerestore_backup
wget https://inwiki.clouds.co.il/cpconftool/autossl.tar.gz
/usr/local/cpanel/bin/cpconftool --restore=/usr/src/autossl.tar.gz --modules=cpanel::system::autossloptions --prerestore_backup
wget https://inwiki.clouds.co.il/cpconftool/hulk.tar.gz
/usr/local/cpanel/bin/cpconftool --restore=/usr/src/hulk.tar.gz --modules=cpanel::system::hulk --prerestore_backup
wget https://inwiki.clouds.co.il/cpconftool/greylist.tar.gz
/usr/local/cpanel/bin/cpconftool --restore=/usr/src/greylist.tar.gz --modules=cpanel::system::greylist --prerestore_backup
wget https://inwiki.clouds.co.il/cpconftool/modsec.tar.gz
/usr/local/cpanel/bin/cpconftool --restore=/usr/src/modsec.tar.gz --modules=cpanel::system::modsecurity --prerestore_backup
wget https://inwiki.clouds.co.il/cpconftool/ui_themes.tar.gz
/usr/local/cpanel/bin/cpconftool --restore=/usr/src/ui_themes.tar.gz --modules=cpanel::ui::themes --prerestore_backup
wget https://inwiki.clouds.co.il/cpconftool/mysql.tar.gz
/usr/local/cpanel/bin/cpconftool --restore=/usr/src/mysql.tar.gz --modules=cpanel::system::mysql --prerestore_backup
wget https://inwiki.clouds.co.il/cpconftool/easy__apach.tar.gz
/usr/local/cpanel/bin/cpconftool --restore=/usr/src/easy__apach.tar.gz --modules=cpanel::easy::apache --prerestore_backup
wget https://inwiki.clouds.co.il/cpconftool/whmconf.tar.gz
/usr/local/cpanel/bin/cpconftool --restore=/usr/src/whmconf.tar.gz --modules=cpanel::system::whmconf --prerestore_backup
php ini settings:
cd /opt/cpanel/
find . | grep 'php\.ini' | xargs sed -ie 's/.*disable_functions =.*/disable_functions = exec,passthru,shell_exec,system,proc_open,popen,curl_multi_exec,parse_ini_file,show_source/g'
find . -name "php.ini" -exec sed -i 's/.*memory_limit =.*/memory_limit = 512M/g' {} \;
find . -name "php.ini" -exec sed -i 's/.*max_execution_time =.*/max_execution_time = 60/g' {} \;
find . -name "php.ini" -exec sed -i 's/.*post_max_size =.*/post_max_size = 8M/g' {} \;
find . -name "php.ini" -exec sed -i 's/.*upload_max_filesize =.*/upload_max_filesize = 8M/g' {} \;
find . -name "php.ini" -exec sed -i 's/.*enable_dl =.*/enable_dl = Off/g' {} \;
find . -name "php.ini" -exec sed -i 's/.*date.timezone*/date.timezone = "Asia/Jerusalem"/g' {} \;
cd /opt/alt/
find . | grep 'php\.ini' | xargs sed -ie 's/.*disable_functions =.*/disable_functions = exec,passthru,shell_exec,system,proc_open,popen,curl_multi_exec,parse_ini_file,show_source/g'
find | grep 'php\.ini' | xargs sed -ie 's/.*memory_limit =.*/memory_limit = 512M/g'
find | grep 'php\.ini' | xargs sed -ie 's/.*max_execution_time =.*/max_execution_time = 60/g'
find | grep 'php\.ini' | xargs sed -ie 's/.*post_max_size =.*/post_max_size = 8M/g'
find | grep 'php\.ini' | xargs sed -ie 's/.*upload_max_filesize =.*/upload_max_filesize = 8M/g'
find | grep 'php\.ini' | xargs sed -ie 's/.*enable_dl =.*/enable_dl = Off/g'
find | grep 'php\.ini' | xargs sed -ie 's/allow_url_fopen = On/allow_url_fopen = Off/g'
find | grep 'php\.ini' | xargs sed -ie 's/.*date.timezone.*/date.timezone = "Asia/Jerusalem"/g'
pure-frp ports:
sed -i 's/ftpserver=disabled/ftpserver=pure-ftpd/g' /var/cpanel/cpanel.config
/scripts/setupftpserver pure-ftpd --force
echo 'PassivePortRange: 30000 30999 # Set custom port range' > /var/cpanel/conf/pureftpd/local
sed -i '/^Passive/c\PassivePortRange 30000 30999' /etc/pure-ftpd.conf
/scripts/restartsrv_ftpserver
CSF firewall:
cd /usr/src
rm -fv csf.tgz
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
sh csf/install.sh
RedHat/CentOS/CloudLinux: (if not installed)
# yum install ipset perl-GDGraph
yum install ipset -y
sed -i 's/TESTING = "1"/TESTING = "0"/g' /etc/csf/csf.conf
sed -i 's/RESTRICT_SYSLOG = "0"/RESTRICT_SYSLOG = "3"/g' /etc/csf/csf.conf
sed -i 's/CC_DENY = ""/CC_DENY = "AE,AF,AZ,DZ,BH,BD,BG,BY,BR,CN,CZ,EG,GR,HK,ID,IR,IQ,JO,JM,KE,KR,KW,LB,LV,LY,MA,MY,NG,OM,PK,PL,PS,QA,SA,SC,SD,SY,TN,TR,VN,UA,RU"/g' /etc/csf/csf.conf
sed -i 's/LF_IPSET="0"/LF_IPSET="1"/g' /etc/csf/csf.conf
sed -i 's/TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096,8443"/TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096,8443,30000:30999"/g' /etc/csf/csf.conf
systemctl restart csf lfd
Accounts DNS Check Plugin:
cd /usr/src
wget http://download.ndchost.com/accountdnscheck/latest-accountdnscheck
sh latest-accountdnscheck
add to crontab of root:
00 1 * * * /var/cpanel/addons/accountdnscheck/bin/generate_report --verbose --accountdomains --parkeddomains --addondomains --format csv /dev/null 2>&1
00 3 * * * /usr/bin/bash /root/box/cpanel_acct/dnscheck.bash /dev/null 2>&1
now copy folder /root/box/cpanel_acct/ with other server with same permissions and add ip of new server on allow mysql remote of jack
Swap file
dd if=/dev/zero of=/swapfile bs=1024 count=1048576
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
swapon --show
Tweak Settings
whmapi1 --output=jsonpretty set_tweaksetting key='xframecpsrvd' value=0
whmapi1 --output=jsonpretty set_tweaksetting key='allowremotedomains' value=1
whmapi1 --output=jsonpretty set_tweaksetting key='allowunregistereddomains' value=1
whmapi1 --output=jsonpretty set_tweaksetting key='publichtmlsubsonly' value=0
Backup Policy
whmapi1 --output=jsonpretty backup_config_set backup_daily_enable=1 backup_daily_retention=4 backup_monthly_dates=1 backup_monthly_enable=1 backup_monthly_retention=2 backup_weekly_day=6 backup_weekly_retention=2 backupbwdata=1 backupdays=0,1,2,3,4,5 backupdir=/backup backupenable=1 backupfiles=1 backupmount=1 backuptype=compressed check_min_free_space=1 force_prune_daily=1 force_prune_monthly=1 force_prune_weekly=0 mysqlbackup=accounts remote_restore_staging_dir=/backup
Additional Backup
take this file to path: /var/cpanel/backups/
filename:
cpbackups_s3_UID_bu7hfp7X0GtTy5lYWVqPF2xZ.backup_destination
content:
aws_access_key_id: AKIAWK537PLENX5GGSO5
bucket: cpbackups
disabled: 0
folder: cp117
id: bu7hfp7X0GtTy5lYWVqPF2xZ
name: cpbackups-s3
password: H&!]Q&4(?6DEO6U-98GEB8$A.1$U@$E]:'%@$77A`;4UQ84%%61],&```
timeout: 180
type: AmazonS3
upload_system_backup: 1