Guide to Installing cPanel on Rackspace Cloud Servers

I have seen a lot of questions about cPanel on the cloud and several people were having issues getting it going. I wrote this guide for myself a while back and thought I would share it with you. I have had my server up and running for about 1 year now. If you have any questions, please do not hesitate to ask.

There are some parts where I could not put code in the code tag. It would generate a url that would not allow you to copy+paste. If you see any errors, please let me know and I will change it in the post.

I have included in this post some extra server hardening and some extra software that I found useful. Please do not assume that your server is fully hardened using this guide. I would recommend googling Server Hardening

This is pretty much a step by step guide.

You must have a cPanel license. You can google for places to get one.

Big help in writing this guide.
http://forums.cpanel.net/f185/beginners-guide-securing-your-server-30159.html
http://cloudservers.rackspacecloud.com/index.php/CentOS_-_cPanel/WHM_11.24

Setup Hostname

Code:
nano /etc/sysconfig/network

Change the line in the file to

Code:
HOSTNAME=myserver.domain.com

Restart Server
Restart the server after making hostname change.

Setup Basic System Stuff

Change Password

Code:
passwd

Update The System

Code:
yum update

Install Perl

Code:
 cd ~
 sudo yum install perl

Disable SELinux

Code:
nano /etc/selinux/config

change line in file to

Code:
SELINUX=disabled

Install Cpanel

cd /home
wget -N http://layer1.cpanel.net/latest
sh latest
/usr/local/cpanel/cpkeyclt

Config Server (IPTables) Install

Instructions from – http://www.configserver.com/free/csf/install.txt

rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

Next, test whether you have the required iptables modules:

Code:
perl /etc/csf/csftest.pl

Then Remove files

Code:
 rm -rf csf
 rm -rf csf.tgz

Don’t worry if you cannot run all the features, so long as the script doesn’t
report any FATAL errors

That’s it. You can then configure csf and lfd by editing the files
directly in /etc/csf/*, or on cPanel servers use the WHM UI

If you need to remove

Code:
 cd /etc/csf
 sh uninstall.sh

Connect to cPanel
https://IP:2087
where IP is the ip of your cloud server instance.
root as username
password that was entered from above.

Nameserver Setup
Go to tweak Settings

Check box – ** Disable whois lookups for the nameserver IP manager.

You should then be able to go into Nameserver IPs and assign IP’s

Update Preferences
Select Automatic (RELEASE tree)
This is what I recommend. You can select whatever release tree you wish however.

Automatic

bandmin – Inherit
courier – Inherit
dovecot – Inherit
exim – Inherit
ftp – Inherit
mysql – Inherit
nsd – Inherit
python – Inherit

Automatic

Let the system do the upgrade.

Tweak Settings
You can check settings as needed later. Nothing is needed to be done immediately.

If you so choose to…

Under Domains
Prevent users from parking/adding on common internet domains. (ie hotmail.com, aol.com)

Under Mail
Default catch-all/default address behavior for new accounts – blackhole

Under System
Use jailshell as the default shell for all new accounts and modified accounts

ConfigServer Security&Firewall (under Plugins)
On the WHM UI menu, scroll all the way to the bottom. You will see ConfigServer Security&Firewall. Click that to make changes to your firewall.

Change testing from 1 to 0

You may also want to setup automatic updates.

Enable open_basedir Security
Go to Security Center then Tweak PHP open_basedir Security

Then Enable php open_basedir Protection.

Click Save.

Enable Shell Fork Bomb Protection
Go to Security Center then Shell Fork Bomb Protection

Then click enable protection button.

Enable cPHulk
Go to Security Center then Configure cPHulk

Then click enable button.

Disable Anonymous FTP
Goto Service Configuration =>> FTP Server Configuration

Disable Allow Anonymous FTP for both Annonymous logins and uploads.

Click save.

Change MySQL Root Password
Goto Mysql =>> MySQL Root Password

Change root password for MySQL

Imagemagick Install

Code:
yum install ImageMagick

Ruby Install

Code:
/scripts/installruby

iftop Install
From – http://ex-parrot.com/pdw/iftop/

cd ~
mkdir src
cd src
wget http://anduin.linuxfromscratch.org/sources/BLFS/6.3/l/libpcap-0.9.6.tar.gz
tar -xzf libpcap-0.9.6.tar.gz
cd libpcap-0.9.6
./configure
make
make install
cd ..

wget http://ex-parrot.com/pdw/iftop/download/iftop-0.17.tar.gz
tar -xzf iftop-0.17.tar.gz
cd iftop-0.17
./configure && make
make install
cd ../..
rm -rf src/

To use just issue the command iftop from the command line
ctrl-c to exit

mytop Install
From – http://jeremy.zawodny.com/mysql/mytop/

cd ~
mkdir src
cd src
wget http://jeremy.zawodny.com/mysql/mytop/mytop-1.6.tar.gz
tar -xzf mytop-1.6.tar.gz
cd mytop-1.6
perl Makefile.PL
make
make test
make install

After installation you will need to change a file to allow this program to function. There were some changes that happened in the later CentOS distributions.

Code:
nano /usr/local/bin/mytop

Ctrl+w
Search for
long|!
Then change

Code:
 "long|!" => \$config{long_nums},

to

Code:
 # "long|!" => \$config{long_nums},

All you are doing is commenting out a single line.

DOCUMENTATION
man mytop

IPTraf Install

Code:
yum install iptraf

To use just issue command iptraf from command line.

Install Clam Antivirus and cPanel Pro
!!! MAKE SURE TO GET LICENSE FIRST !!!
Go to – http://pro.cpanel.net/activate/

Go to Manage Plugins
Select Install and Keep Updated for both cPanel Pro and clamavconnector.
Click save

After install is complete go to the Configure ClamAV Scanner under plugins
and enable the Scan Mail. Then click save.

Set an SSH Legal Message

Code:
nano /etc/motd

Enter the following into the file.

Code:
 ALERT! You are entering a secured area! Your IP and login information
 have been recorded. System administration has been notified.

 This system is restricted to authorized access only. All activities on
 this system are recorded and logged. Unauthorized access will be fully
 investigated and reported to the appropriate law enforcement agencies.

You should be setup and ready to go with your new server! Please let me know if there is anything else that needs to be edited.

What Rackspace Cloud Sucks At? Customers Vote at Rackspace Feedback

Rackspace Cloud has a very nice and cozy small forum for all their customers and users to submit and vote for ideas and feedback, such as features they want but are currently not available, or improvements / fixes that need to be done to make the cloud a better product.

Check out the feedback forum here: http://feedback.rackspace.com/

You can read through all the ideas and requests as well as the comments to get an idea of what Rackspace Cloud is like and how it is doing in the eyes of their current customers and users. How the company is responding to these invaluable input is also an important factor in deciding to go with them or not.

A great move by Rackspace.