HOW TO Install Fantastico
SSH to your server(s) and enter following commands
cd /usr/local/cpanel/whostmgr/docroot/cgi
wget -N http://files.betaservant.com/files/free/fantastico_whm_admin.tgz
tar -xzpf fantastico_whm_admin.tgz
rm -rf fantastico_whm_admin.tgz
Go to WHM, login as root and click on Tweak Settings, then you should ensure that both the Ioncube loader is selected for the backend copy of PHP. Save changes.
WHM -> Add-Ons (Plugins on v11.x or higher) -> Fantastico De Luxe WHM Admin
Upon loading, Fantastico De Luxe WHM Admin will auto-update your existing installation (if existing). All admin files (masterfiles, tarballs, settings etc) will be moved to or created at /var/netenberg.
If your users don’t see a Fantastico link in their CPanel: Go to WHM and edit the “default” Features List. Activate Fantastico.
Reference : http://www.netenberg.com/
Suhosin Install Guide
Suhosin is an advanced protection system for PHP installations.
It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination.
The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections.
Download http://www.hardened-php.net/suhosin/download.html
Installing the Extension
Source - http://download.suhosin.org/suhosin-0.9.29.tgz
# wget http://download.suhosin.org/suhosin-0.9.29.tgz
The next step is unpacking the extension tarball and performing the usual compilation steps for PHP extensions.
#> tar xzvf suhosin-0.9.29.tgz
#> cd suhosin*
#> phpize
#> ./configure
#> make
#> make install
This should install suhosin in the correct extension directory. The final step is adding a load directive to php.ini
Now copy suhosin.so to /usr/lib/php/extensions which php.ini points to.
Checking PHP
Find where your current PHP.ini is and then add the suhosin.so extension to php.ini
Check your /var/log/messages for logs of Suhosin
Install or upgrade the csf webmin module and csf Uninstallation.
To install or upgrade the csf webmin module:
Install csf first.
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
Install the csf webmin module in.
Webmin > Webmin Configuration > Webmin Modules >
From local file > /etc/csf/csfwebmin.tgz > Install Module
Uninstallation
Removing csf and lfd is even more simple:
On cPanel servers:
cd /etc/csf
sh uninstall.sh
On DirectAdmin servers:
cd /etc/csf
sh uninstall.directadmin.sh
On generic linux servers:
cd /etc/csf
sh uninstall.generic.sh
How to install CSF Firewall on your Server.
Installation
Installation is quite straightforward:
rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
Next, test whether you have the required iptables modules:
Don’t worry if you cannot run all the features, so long as the script doesn’t report any FATAL errors
You should not run any other iptables firewall configuration script. For example, if you previously used APF+BFD you can remove the combination (which you will need to do if you have them installed otherwise they will conflict horribly):
sh /etc/csf/remove_apf_bfd.sh
That’s it. You can then configure csf and lfd by edit the files directly in /etc/csf/*, or on cPanel servers use the WHM UI
csf installation for cPanel is preconfigured to work on a cPanel server with all the standard cPanel ports open.
csf installation for DirectAdmin is preconfigured to work on a DirectAdmin server with all the standard DirectAdmin ports open.
csf auto-configures your SSH port on installation where it’s running on a non-standard port.
csf auto-whitelists your connected IP address where possible on installation.
You should ensure that kernel logging daemon (klogd) is enabled. Typically, VPS servers have this disabled and you should check /etc/init.d/syslog and make sure that any klogd lines are not commented out. If you change the file, remember to restart syslog.
Download the firewall script from : http://www.configserver.com/
Security - Install And Configure Advanced Policy Firewall (APF) On CentOS
From Advanced Policy Firewall’s website:
“Advanced Policy Firewall (APF) is an IPTables(Netfilter) based firewall system designed around the essential needs of today’s Linux servers. The configuration is designed to be very informative and easy to follow. The management on a day-to-day basis is conducted from the command line with the ‘apf’ command, which includes detailed usage information on all the features.”
Installation
Downloading and extracting.
wget http://www.rfxn.com/downloads/apf-current.tar.gz
tar -zxvf http://www.rfxn.com/downloads/apf-current.tar.gz
cd apf-9.7-1
and Run:
APF will display locations of it’s executable and configuration files as well as ports detected as being used.
Configuration
APF’s basic configuration file is /etc/apf/conf.apf
By default everything is locked and You have to configure APF to open ports You need to use.
DEVEL_MODE=”1″ - be sure to set this option to 1 until You’re satisfied with the settings.
SET_MONOKERN=”0″ - APF supports monolithic kernels.
IFACE_IN=”eth0″ and IFACE_OUT=”eth0″ - untrusted interfaces connected to the network, mostly the Internet.
Testing
Start APF:
We can use the following parameters:
-s - start APF
-r - restart APF
-f - stop APF
-l - list statistics
-st - status of APF
-a host - allow connections from “host”
-d host - deny connections from “host”
Advanced Policy Firewall - http://www.rfxn.com/projects/advanced-policy-firewall
