Page tree
Skip to end of metadata
Go to start of metadata

Overview

This document lists third-party software and modifications that you can install to help secure your server.


Note:

Among the options that this document lists, cPanel Support can only provide direct support for CloudLinux™ if you directly license it through cPanel, Inc. Otherwise, contact the appropriate software developer for assistance.

chkrootkit

The chkrootkit shell script examines your system's binaries for rootkit installations. Rootkits allow a malicious user to gain undetected administrative access to the server.

To install the chkrootkit script, perform the following steps:

  1. Log in to your server as the root user via SSH.
  2. Run the cd /root command to change to the root directory.

  3. Run the following command to download chkrootkit:

    wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz 
  4. Run the tar -xvzf chkrootkit.tar.gz command to decompress the downloaded file.

  5. Run the cd chkrootkit-0.50 command to change directories.

  6. To begin the chkrootkit installation, run the make sense command.

The system will install the chkrootkit script on your server.

To run the chkrootkit script, run the following command:

/root/chkrootkit-0.50/chkrootkit


Note:

We strongly recommend that you run the chkrootkit script often and add a cron job that runs the above command.

For more information about the chkrootkit script, go to the chkrootkit website.

rkhunter

The Rootkit Hunter script scans for rootkits and other exploits.

To install the rkhunter script, perform the following steps:

  1. Log in to your server as the root user via SSH.
  2. Run the cd /root command to change to the root directory.

  3. Run the following commands to download the rkhunter script:

    wget http://dfn.dl.sourceforge.net/sourceforge/rkhunter/rkhunter-1.4.2.tar.gz
  4. Run the tar -xvzf rkhunter-1.4.2.tar.gz command to decompress the downloaded file.

  5. Run the cd rkhunter-1.4.2 command to change directories.

  6. To begin the rkhunter script installation, run the ./installer.sh --layout default --install command.

The system will install the rkhunter script on your server.

To run the rkhunter script, run the following command:

/root/rkhunter-1.4.2/files/rkhunter -c

For information about how to configure the rkhunter script, read the rkhunter FAQ.

Note:

We strongly recommend that you run the rkhunter script often and add a cron job that runs the above command.

Modify the Logwatch configuration file

The Logwatch customizable log analysis system parses your system's log files for a given period of time, and it creates a report that analyzes specified data.

If your server does not include Logwatch, run the yum -y install logwatch command to install it and any dependences that Logwatch requires.

The Logwatch configuration file exists in the /usr/share/logwatch/default.conf/logwatch.conf location.

We recommend that you use a text editor to change the following parameters:

ParameterDescription
MailTo = user@example.comChange the user@example.com address to the email address that you wish to receive Logwatch notifications.
Detail = 5 or Detail = 10

Change this parameter to set the detail in the log files.

  • 5 represents a medium level of detail.
  • 10 represents a high level of detail.

ConfigServer software

Many of our technical analysts recommend that you use CSF (ConfigServer Firewall), a free product that ConfigServer provides. CSF contains a stateful packet inspection (SPI) firewall, a login and intrusion detection mechanism, and a general security application for Linux servers.

To install CSF, perform the following steps:

  1. Log in to your server as the root user via SSH.
  2. Run the cd /root command to change to the root directory.

  3. Run the following command to download CSF:

    wget https://download.configserver.com/csf.tgz
  4. Run the tar -xzf csf.tgz command to decompress the downloaded file.

  5. Run the cd csf command to change directories.

  6. To begin the chkrootkit installation, run the ./install.cpanel.sh command.

To configure CSF, use WHM's ConfigServer Security & Firewall interface (WHM >> Home >> Plugins >> ConfigServer Security & Firewall). The installation script should enable the correct ports in CSF, but we recommend that you confirm this on your server.

After you configure CSF, you must disable testing mode. To take CSF out of testing mode, perform the following steps:

  1. Click Firewall.
  2. Change the value of Testing from 1 to 0.
  3. Click Change.

For more information about how to use CSF, visit the CSF website.

Note:

ConfigServer also provides ConfigServer Mail Queues (CMQ), a free add-on product for cPanel & WHM. The product provides a full featuredinterface to cPanel's Exim mail queues from within WHM. For more information about how to install and use CMQ, visit the CMQ website.

CloudLinux

CloudLinux offers a secure version of Linux that provides advanced functionality for shared hosting environments. it integrates with cPanel & WHM, and it provides detailed resource management tools and other improvements to system management and stability.

For more information about CloudLinux, visit the CloudLinux website.

KernelCare

KernelCare automatically updates your system's Linux kernel without the need for a reboot. It also provides patches that secure vulnerabilities, such as the symlink race condition.

For more information about KernelCare, visit the KernelCare website.

CXS

ConfigServer eXploit Scanner (CXS) scans all uploads to a server for malware, and it quarrantines any suspicious files. It integrates with cPanel & WHM.

For more information about CXS, visit the CXS website at ConfigServer Services

imunify360

imunify360 offers a security suite that protects servers against a wide range of attacks. It integrates with cPanel & WHM, and it provides reports to the system administrator on the server's status.

For more information about imunify360, visit the imunify360 website.

Atomicorp

Atomicop offers a hardened and secure shell for Linux servers.

For more information about Atomicorp, visit the Atomicorp website.

APF Firewall

APF Firewall offers an advanced firewall for Linux systems.

For more information about APF Firewall, visit the APF Firewall website at r-Fx Networks

LMD

LMD offers a shareware malware protection scanner.

For more information about LMD, visit the LMD website at r-Fx Networks.

Patchman

Patchman detects vulnerabilities in software and sends notices to customers to teach them how to resolve the issue. If the customer does not resolve the vulnerability, Patchman can fix it automatically.

Patchman integrates with cPanel & WHM, and it provides reports to the system administrator on the server's status.

For more information about Patchman, visit the Patchman website.

BitNinja

BitNinja offers a security suite that provides protection against multiple forms of attack.

For more information about BitNinja, visit the BitNinja website.

Additional documentation