How to install and secure a cPanel server on Linode

This is a very basic guide showing you how to get started with installing cPanel on a VPS, and adding an extra layer of security using the free Config Server Firewall, or CSF.

We use Linode (referral link) for all of our managed WordPress hosting as we find them faster, and at the time of writing, they come with more storage than say Digital Ocean and Rackspace Cloud.

Cpanel recommends a server or VPS with 1GB RAM as a minimum, but unless you are only testing or are on a budget, use a 4GB Linode and add the same amount of SWAP space. For the server software, choose Centos 7.0 (or later) and make sure you have the right hostname, eg a a fully qualified domain like server.example.com. Take note of the password you set and IP given under remote access, then and add the IP to the required DNS A (IPv4) and AAAA (IPv6) records with your DNS provider. We will be using the IP 127.0.0.1 and the hostname server.example.com in this tutorial, your details will be different.

Change root password and ssh port

/etc/ssh/sshd_config

Once the file opens up, near the very top you’ll see a line that reads like this:

#Port 22

First thing we want to do is remove the hash (#) so that it reads this line, and next you can change the 22 to whichever port you want to use for SSH. I’d recommend something completely unassigned and unregistered so that you don’t conflict with anything on your server, or anything that you might put on your server down the road. Something between 49152 and 65535 is a good idea.

Once you’ve edited that line, save the file and restart the ssh service using the following command:

service sshd restart

Set and verify the hostname

hostname

Which should as an example return:

linode1233455

Change the hostname, which is done in /etc/sysconfig/network, or by typing in:

hostname server.example.com

Then confirm:

Hostname
server.example.com

Prepare apache and install cPanel

You might be blocked by IPtables, so disable this for now:

service iptables stop
chkconfig iptables off

In order to install cPanel, you need perl. This might already be installed on later versions of Centos.

yum install perl

Then to install cPanel & WHM, first update the server, then run the installation command:

yum update
cd /home && curl -o latest -L https://securedownloads.cpanel.net/latest && sh latest

Now is a very good time to get a cup of tea as this can take some time… But once done, exit SSH for now and open a browser.

Getting started in WHM

To access the WHM interface, open your favourite browser, and go to server.example.com:2087.

When accessed for the first time, you will be guided through the core options. Set it all up as you require, and then run easyApache to remove, or add, or update any software you want. I’d recommend updating MySQL before this, as that update will require EasyApache to run again.

Securing the server

Install CSF firewall

Installation is quite straightforward:

rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

After the setup of CSF, you need to edit the configuration and and activate CSF.

Securing WHM/cPanel

Now that you have CSF installed, run “Check Server Security” and action accordingly.

There we go, that’s all you need to do to get going.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
ss	session	This cookie is set by the provider Eventbrite. This cookie is used for the functionality of website chat-box function.
TawkConnectionTime	session	Tawk.to, a live chat functionality, sets this cookie. For improved service, this cookie helps remember users so that previous chats can be linked together.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_69023930_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.