Overview
This document lists third-party software and modifications that you can install to help secure your server.
Among the options that this document lists, cPanel Technical Support can only provide direct support for CloudLinux™, Imunify360, and KernelCare if you directly license them through cPanel, L.L.C. Otherwise, contact the appropriate software developer or your system administrator for help.
APF Firewall
APF Firewall offers an advanced firewall for Linux systems. For more information about APF Firewall, visit the APF Firewall website at r-Fx Networks.
Atomicorp
Atomicop offers a hardened and secure shell for Linux servers. For more information about Atomicorp, visit the Atomicorp website.
BitNinja
BitNinja offers a security suite that provides protection against multiple forms of attack. For more information about BitNinja, visit the BitNinja website.
chkrootkit
The chkrootkit shell script examines your system’s binaries for rootkit installations. Rootkits allow a malicious user to gain undetected administrative access to the server.
To install the chkrootkit script, perform the following steps:
-
Log in to your server as the
rootuser via SSH. -
Run the
cd /rootcommand to change to the root directory. -
Run the following command to download
chkrootkit:wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz -
Run the
tar -xvzf chkrootkit.tar.gzcommand to decompress the downloaded file. -
Run the
cd chkrootkit-0.53command to change directories. -
To begin the
chkrootkitinstallation, run themake sensecommand. The system will install thechkrootkitscript on your server.
To run the chkrootkit script, run the following command:
/root/chkrootkit-0.53/chkrootkitWe strongly recommend that you run the chkrootkit script often and add a cron job that runs the above command.
For more information about the chkrootkit script, visit the chkrootkit website.
CloudLinux
CloudLinux offers a secure version of Linux that provides advanced functionality for shared hosting environments. CloudLinux integrates with cPanel & WHM, and it provides detailed resource management tools and other improvements to system management and stability.
You can purchase CloudLinux from the cPanel store. For more information about CloudLinux, visit the CloudLinux website.
ConfigServer software
Many of our Technical Support Analysts recommend that you use CSF (ConfigServer Firewall), a free product that ConfigServer provides. CSF contains a stateful packet inspection (SPI) firewall, a login and intrusion detection mechanism, and a general security application for Linux servers.
To install CSF, perform the following steps:
-
Log in to your server as the
rootuser via SSH. -
Run the
cd /rootcommand to change to the root directory. -
Run the following command to download CSF:
wget https://download.configserver.com/csf.tgz -
Run the
tar -xzf csf.tgzcommand to decompress the downloaded file. -
Run the
cd csfcommand to change directories. -
To begin the CSF installation, run the
./install.cpanel.shcommand.
To configure CSF, use WHM’s ConfigServer Security & Firewall interface (WHM >> Home >> Plugins >> ConfigServer Security & Firewall). The installation script should enable the correct ports in CSF, but we recommend that you confirm this on your server.
After you configure CSF, you must disable testing mode. To take CSF out of testing mode, perform the following steps:
-
Click Firewall.
-
Change the value of Testing from
1to0. -
Click Change.
For more information about how to use CSF, visit the CSF website.
ConfigServer also provides ConfigServer Mail Queues (CMQ), a free add-on product for cPanel & WHM. The product provides a full-featured interface to cPanel’s Exim mail queues from within WHM. For more information about how to install and use CMQ, visit the CMQ website.
ConfigServer eXploit Scanner
ConfigServer eXploit Scanner (CXS) scans all uploads to a server for malware, and it quarantines any suspicious files. It integrates with cPanel & WHM. For more information about CXS, visit the CXS website at ConfigServer Services.
ImunifyAV
ImunifyAV is free antivirus software that protects your server from malicious code. For more information about ImunifyAV, visit the ImunifyAV website.
ImunifyAV+ builds on ImunifyAV’s antivirus protection. ImunifyAV+ not only detects threats but automatically cleans up infected files. It also includes email notifications.
You can purchase ImunifyAV+ from the cPanel store. For more information about ImunifyAV+, read the cPanel blog.
Imunify360
Imunify360 offers a security suite that protects servers against a wide range of attacks. It integrates with cPanel & WHM, and it provides reports to the system administrator on the server’s status.
You can purchase Imunify360 from the cPanel store. For more information about Imunify360, visit the Imunify360 website.
KernelCare
KernelCare automatically updates your system’s Linux kernel without the need for a reboot. It also provides patches that secure vulnerabilities, such as the symlink race condition.
You can purchase KernelCare from the cPanel store. For more information about KernelCare, visit the KernelCare website.
You can only install KernelCare on systems that run CentOS 6, 7, and 8.
Linux Malware Detect
Linux Malware Detect (LMD) offers a shareware malware protection scanner. For more information about LMD, visit the LMD website at r-Fx Networks.
Modify the Logwatch configuration file
The Logwatch customizable log analysis system parses your system’s log files for a given period of time. In addition, it creates a report that analyzes specified data. If your server does not include Logwatch, run the yum -y install logwatch command to install it and any dependences that Logwatch requires. The Logwatch configuration file exists in the /usr/share/logwatch/default.conf/logwatch.conf location.
We recommend that you use a text editor to change the following parameters:
-
MailTo = user@example.com— Change theuser@example.comaddress to the email address that you wish to receive Logwatch notifications. -
Detail = 5orDetail = 10— Change this parameter to set the detail in the log files.5represents a medium level of detail.10represents a high level of detail.
Patchman
Patchman detects vulnerabilities in software and sends notices to customers to teach them how to resolve the issue. If the customer does not resolve the vulnerability, Patchman can fix it automatically. Patchman integrates with cPanel & WHM, and it provides reports to the system administrator on the server’s status.
For more information about Patchman, visit the Patchman website.
RootKit Hunter
The rkhunter script scans for rootkits and other exploits.
- cPanel, L.L.C. does not provide RootKit Hunter (rkhunter).
- The Rootkit Hunter project team has not updated rkhunter in over one year.
- You may experience false positives if you use rkhunter. If you need assistance with rkhunter, contact your system administrator.
To install the rkhunter script, perform the following steps:
In this section, version represents the Rootkit Hunter script’s version. You can download the latest version from Rootkit Hunter project’s website.
-
Log in to your server as the
rootuser via SSH. -
Run the
cd /rootcommand to change to the root directory. -
Run the following command to download the rkhunter script:
wget https://sourceforge.net/projects/rkhunter/files/rkhunter/version/rkhunter-version.tar.gz.asc/download -
Run the
tar -xvzf rkhunter-version.tar.gzcommand to decompress the downloaded file. -
Run the
cd rkhunter-1versioncommand to change directories. -
To begin the
rkhunterscript installation, run the./installer.sh --layout default --installcommand. The system will install the rkhunter script on your server.
To run the rkhunter script, run the following command:
/root/rkhunter-version/files/rkhunter -cFor information about how to configure the rkhunter script, read the rkhunter FAQ.
We strongly recommend that you run the rkhunter script often and add a cron job that runs the above command.
