Intuitive bash/shell script to setup and harden/configure cPanel CentOS/RHEL server with ConfigServer Firewall, MailManage, MailQueue, Malware Detect, ClamAV, mod_cloudflare, CloudFlare RailGun, and many more applications and security tweaks
Perl PHP Shell

README.md

cpSetup

Author: Myles McNamara
Version: 1.3.3
Last Update: April 12, 2016

cpsetup is a custom bash/shell script to setup and harden/configure cPanel CentOS/RHEL server with a wide range of applications, plugins, and modules. This script will also install cPanel if it's not already installed.

Each installation and configuration/hardening is organized into functions. By default running the script without any arguments will prompt for each install/configuration as well as prompt for any required configs (email, api key, etc).

You can also run any of the available functions individually ... to see a list of functions available, execute this command:

./cpsetup --functions

Usage

wget https://raw.githubusercontent.com/tripflex/cpsetup/master/cpsetup
chmod +x cpsetup
./cpsetup

Features Include:

Future Enhancements:

  • You tell me, open up an issue and suggest a new feature!

Available Arguments

cpsetup - sMyles cPanel Setup Script
Usage example:
./cpsetup [(-h|--help)] [(-v|--verbose)] [(-V|--version)] [(-u|--unattended)] [(-m|--menu)] [(-r|--run) value] [(-R|--functions)]
Options:
-h or --help: Displays this information.
-v or --verbose: Verbose mode on.
-V or --version: Displays the current version number.
-u or --unattended: Unattended installation ( bypasses all prompts ).
-m or --menu: Show interactive UI menu (NOT yet implimented)
-r or --run: Run a specific function.
-R or --functions: Show available functions to use with -r or --run command.

Firewall Updates

Option Original Value New Value
RESTRICT_SYSLOG 0 3
SMTP_BLOCK 0 1
LF_SCRIPT_ALERT 0 1
SYSLOG_CHECK 0 1800
PT_ALL_USERS 0 1

SSH Updates

Any options that have (prompt) means you will be prompted to specify your own custom value if -u was not used as an argument.

Option Original Value New Value
Port 22 222 (prompt)
UseDNS yes no

cPanel Config Updates

Option Original Value New Value
Shell Fork Bomb Protection Disabled Enabled
Compiler Access Enabled Disabled
Root Forwarder Email None User Specified (prompt)

Pure FTP Updates

Option Original Value New Value Result
RootPassLogins yes no Can't login with root pw
AnonymousCantUpload no yes Anonymous can't upload
NoAnonymous no yes Anonymous can't login

cPanel Tweak Settings Updates

Option Original Value New Value
BoxTrapper Enabled Disabled
Referrer Blank Sanity Check Disabled Enabled
Referrer Safety Check Disabled Enabled
Hide Login PW from CGI Scripts Disabled Enabled
Max Emails Account Can Send Per Hour Unlimited 199

MySQL Settings Updates

Option Original Value New Value
local-infile 1 0

PHP Configuration Updates

Option Original Value New Value
enable_dl On Off
disable_functions None show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen, ini_set

Apache Global Configuration Updates

Option Original Value New Value
Server Signature On Off
Server Tokens All ProductOnly
Trace Enable On Off

CloudFlare RailGun Configuration

Option Original Value New Value
memcached.servers /tmp/memcached.sock /var/run/memcached/memcached.sock
activation.railgun_host YOUR_PUBLIC_IP_OR_HOSTNAME (user defined)
activation.token YOUR_TOKEN_HERE (user defined)

CloudFlare RailGun MemCached Configurations

Option Original Value New Value
PORT 11211 22222
USER memcached memcached
MAXCONN 1024 20480
CACHESIZE 64 4096
OPTIONS -s /var/run/memcached/memcached.sock

Caution

Use at your own risk, if you don't know what you're doing you should probably not be using this script. Myself and any contributors to this project take absolutely no responsibility for anything you do with this script. I strongly recommend reading the script so you understand what it does before using.