December 18, 2009

WHM (CPanel) HARDENING GUIDE:

You should configure the following in your WHM (CPanel):



Main >> Server Configuration >> Tweak Settings

* Prevent the user 'nobody' from sending out mail to remote addresses (php and cgi scripts generally run as nobody if you are not using phpsuexec and suexec respectively.)
* Track the origin of messages sent though the mail server by adding the X-Source headers (exim 4.34+ required)




Main >> Security >> Fix Insecure Permissions (Scripts)



Main >> Security >> Tweak Security

"Compilers are disabled for unpriviledge users"



Main >> Service Configuration >> Enable/Disable SuExec

suexec Status "enabled"



Main >> Account Functions >> Disable or Enable Demo Mode

Select from "Users" the "demo" account and click "Modify" then click "Disable" if it exists

No comments:

Post a Comment