Exabytes - cPanel Linux server security practices
Dear Valued Clients,
It may take a few days only to build your own hosting environment no matter on Linux VPS or Linux Dedicated server.
However, you will need to spend hours of maintenance to keep whatever tasks you are running in a secured environment.
Please let us guide you through some basic practices to keep your server secure:
A) Check cPanel version
1, Access SSH and use cPanel command:
/usr/local/cpanel/cpanel -V
How to access SSH?
2, Access SSH and view the version file:
cat /usr/local/cpanel/version
3, Access WHM and view the version of cPanel via the WHM Dashboard.
B) Check Auto-Update is enable.
Log in WHM > Update Preferences > Daily Updates > Automatic.
C) Install additional security features/plugins:
1, CloudLinux
CloudLinux essentially creates a virtual environment for each individual account and protect your server environment from symlink attack.
Installation steps:
https://www.cloudlinux.com/getting-started-with-cloudlinux-os/39-installing-cloudlinux-os/922-installing-on-centos-server-with-cpanel
CageFS (Part of CloudLinux)
CageFS allows the availability of only safe binaries to users while not allows the users to see server configuration files.
Installation steps:
https://docs.cloudlinux.com/cagefs_installation.html
***CageFS will automatically detect and configure all necessary files for cPanel.
2, imunify360
Imunify360 offers a security suite that protects servers against a wide range of attacks. It integrates with cPanel & WHM, and it provides reports to the system administrator on the server's status.
Installation steps:
https://docs.imunify360.com/installation/#requirements
3, Run Security Advisor to verify your current environment.
WHM >> Home >> Security Center >> Security Advisor
It is a new feature that provided by cPanel recently and here is some of the official advice for them as reference:
https://blog.cpanel.com/security-advisor-101/
You may contact our support if need help on running Security Advisor.
D) Double check your OS
cPanel Centos6 end of life and you should prepare to switch over CentOS 7.
On November 30, 2020, CentOS will stop supporting CentOS 6 on all systems, including your server. At that time CentOS will no longer provide bug, security, or feature updates.
We encourage you to migrate to a server using CentOS 7 before November 30, 2020 and you may contact custcare@exabytes.com.my for more detail.
Q&A
Q: I have turned ON Auto-update but no update apply.
A: It will happen if you are still using EasyApache3.
Here is the steps how to migrate from EA3 to EA4
https://documentation.cpanel.net/display/EA4/The+EasyApache+3+to+EasyApache+4+Migration+Process
cPanel deprecated EasyApache 3 on December 31, 2018. They will no longer update EasyApache 3. In cPanel & WHM version 78, they will remove support for EasyApache 3.
Reference:
https://blog.cpanel.com/easyapache-3-deprecation-schedules/
Q: Do I need to pay for the above suggested security features/plugins?
A: Both CloudLinux and Imunify360 is additional subscription. However, it is a strong recommendation for those client that host multiple websites under a single server to provide a better structure and secure hosting environment.
You may contact our support via server-support@exabytes.com for further advise on the guidance.
Best Regards,
Support Team
......................................
Technical Support Department