Quick Security Scan For WHM version 11.28
This feature disables operating system-level services that are not necessary for your web server.
The services that will be disabled are:
* portmap — Maps network drives.
* atd — The “at” daemon, similar to cron jobs.
* cups — Used for printing.
* Console mouse services — Provides Linux mouse support.
* xfs — X font server; allows a server running the X Window System to communicate with a font renderer.
* NIS — Network information service.
* NFS statd — Used for network file system (NFS) mounting.
* RPC idmapd — Used for running an NFS server.
Note: A [FAILED] error message means that the service was not running when the scanner attempted to turn it off. This service will still be prevented from starting in the future.
Reference: http://cpanel.net
PHP security restricting Includes
Local include attacks occur when an attacker is able to pull local files into PHP scripts to view sensitive information on or about your system. For example, an attacker may be able to include and subsequently view the /etc/passwd file using a PHP inclusion vulnerability, in effect acquiring some basic information about every account associated with your web server.
To help prevent local include vulnerabilities, you can set the open_basedir parameter in your PHP configuration to a specific directory. This will limit an attacker’s access via local includes to a single directory. In most cases, you will want to set the open_basedir parameter to a public_html directory, allowing PHP to open and modify HTTP-accessible (public) files contained within the specified directory while limiting access to more sensitive information contained outside of the specified directory
rebuild_phpconf help options
To see a list of all options and arguments for this script, type the following from the command line:
/usr/local/cpanel/bin/rebuild_phpconf –help
The system will display usage information as follows:
Usage: /usr/local/cpanel/bin/rebuild_phpconf [--dryrun] [--no-restart] [--no-htaccess]
[--current|--available]
–dryrun : Only display the changes that would be made
–no-restart : Don’t restart Apache after updating the php.conf link
–no-htaccess : Don’t update user configurable PHP mime mapping.
–current : Show current settings
–available : Show available handlers and PHP SAPIs
[Default PHP] : Version of PHP to set as default handler for .php files
[PHP# Handler] : Type of Apache module to use in serving PHP requests
: enabled, disabled, 1 or 0
The rebuild_phpconf script on your server allows you to udpate your server’s php.conf file (located at /usr/local/cpanel/bin/rebuild_phpconf). By doing this, you can change Apache’s PHP handler configuration, change the default version of PHP used by your server, and enable or disable the suEXEC feature.
Note: This script offers nearly the same functionality as the WHM Configure PHP and suEXEC feature. Users more comfortable with a graphical interface may prefer that method.
To see a list of all options and arguments for this script, type the following from the command line:
/usr/local/cpanel/bin/rebuild_phpconf –help
Initial Set Up for Quotas on Cpanel
This is the final stage of the Initial Setup process. You will need to select whether you would like to track disk usage on your server. This is generally a good idea if you plan to lease server space to individual users. However, if you do not plan to host individual accounts on your server, you may not need to enable quotas.
To set up quotas:
Select Use file system quotas.
This is a good idea if you plan to host individual accounts on your server.
To disable quotas:
Select Do not use file system quotas.
This is not a good idea if you plan to host individual accounts on your server.
Once you have finished, click the Finish Setup Wizard button. You will then be taken to the WHM homepage.
