New cPanel Server Setup Script
05-24-2010 @ 5:20AM EDT
This is a very simple bash script that will run some automated tasks that I use for new cPanel servers. It will compile a secure and feature rich Apache installation, disable unused/insecure services on your server, install ConfigServer Firewall, add some minor additional security measures, ensure proper settings/tools are installed, and create a backup of your cPanel and CSF directories in case you need to restore a file later without doing a complete reinstall.
How to use it:
If you don't already have a mydir folder then create it (mkdir /mydir). Then copy and paste the code into a new newserver.sh file in the /mydir folder (vi /mydir/newserver.sh). Don't forget to set your permissions to make the file executable (chmod 0771 /mydir/newserver.sh). Now you can run the script (sh newserver.sh). Once the file is complete you are free to delete it to prevent it from being run again since this only needs to be run one time (rm -f newserver.sh).
Code:
#!/bin/bash
wget http://docs.cpanel.net/twiki/pub/EasyApache3/CustomMods/custom_opt_mod-mod_geoip.tar.gz
tar -C /var/cpanel/easy/apache/custom_opt_mods -xzf custom_opt_mod-mod_geoip.tar.gz
cd /var/cpanel/easy/apache/profile/custom
wget http://www.jmd.cc/main.yaml
/scripts/easyapache --build --profile=main.yaml
cd /root
cp -Rp /var/cpanel /var/cpanel.bak
yum -y install perl mailx ntsysv logwatch wget tar gzip zip
echo "This system is monitored and all logins are recorded." > /root/sshbanner
echo "Unauthorized access is not allowed and all violators will be reported to the proper authorities." > /etc/motd
echo "All connections are recorded and the administrators have been notified." >> /etc/motd
/scripts/securetmp
yum -y update
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
perl /etc/csf/csftest.pl
cp -Rp /etc/csf /etc/csf.bak
echo "local-infile=0" >> /etc/my.cnf
service xfs stop
chkconfig xfs off
service cups stop
chkconfig cups off
service nfslock stop
chkconfig nfslock off
service rpcidmapd stop
chkconfig rpcidmapd off
service bluetooth stop
chkconfig bluetooth off
service anacron stop
chkconfig anacron off
service avahi-daemon stop
chkconfig avahi-daemon off
service hidd stop
chkconfig hidd off
service pcscd stop
chkconfig pcscd off
service named start
chkconfig named on
chmod 4755 /usr/bin/crontab
wget http://docs.cpanel.net/twiki/pub/EasyApache3/CustomMods/custom_opt_mod-mod_geoip.tar.gz
tar -C /var/cpanel/easy/apache/custom_opt_mods -xzf custom_opt_mod-mod_geoip.tar.gz
cd /var/cpanel/easy/apache/profile/custom
wget http://www.jmd.cc/main.yaml
/scripts/easyapache --build --profile=main.yaml
cd /root
cp -Rp /var/cpanel /var/cpanel.bak
yum -y install perl mailx ntsysv logwatch wget tar gzip zip
echo "This system is monitored and all logins are recorded." > /root/sshbanner
echo "Unauthorized access is not allowed and all violators will be reported to the proper authorities." > /etc/motd
echo "All connections are recorded and the administrators have been notified." >> /etc/motd
/scripts/securetmp
yum -y update
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
perl /etc/csf/csftest.pl
cp -Rp /etc/csf /etc/csf.bak
echo "local-infile=0" >> /etc/my.cnf
service xfs stop
chkconfig xfs off
service cups stop
chkconfig cups off
service nfslock stop
chkconfig nfslock off
service rpcidmapd stop
chkconfig rpcidmapd off
service bluetooth stop
chkconfig bluetooth off
service anacron stop
chkconfig anacron off
service avahi-daemon stop
chkconfig avahi-daemon off
service hidd stop
chkconfig hidd off
service pcscd stop
chkconfig pcscd off
service named start
chkconfig named on
chmod 4755 /usr/bin/crontab
servers, cpanel, linux, scripts, tutorials, security
Comments
Superb!.. It helps me a lot.
Write a comment
* = required field