Home

Awesome

cpSetup

<strong>Author:</strong> Myles McNamara<br/><strong>Version:</strong> 1.5.0<br/><strong>Last Update:</strong> May 22, 2019

<strong>cpsetup</strong> is a custom bash/shell script to setup and harden/configure cPanel CentOS/RHEL server with a wide range of applications, plugins, and modules. This script will also install cPanel if it's not already installed.

Each installation and configuration/hardening is organized into functions. By default running the script without any arguments will prompt for each install/configuration as well as prompt for any required configs (email, api key, etc).

You can also run any of the available functions individually ... to see a list of functions available, execute this command:

./cpsetup --functions

Usage

wget https://github.com/tripflex/cpsetup/raw/master/cpsetup
chmod +x cpsetup
./cpsetup
<table border="0"> <tr> <td width="60%"> <h4>Features Include:</h4> <ul> <li>Install ClamAV from Source (CentOS 7+)</li> <li>Install <a href="https://documentation.cpanel.net/display/CKB/The+Let's+Encrypt+Plugin" target="_blank">Let's Encrypt for cPanel AutoSSL</a></li> <li>Install <a href="http://www.afterlogic.org/docs/webmail-lite/installation/install-on-cpanel" target="_blank">AfterLogic WebMail Lite</a></li> <li>Install <a href="http://configserver.com/cp/cse.html" target="_blank">ConfigServer Explorer</a></li> <li>Install <a href="http://configserver.com/cp/cmm.html" target="_blank">ConfigServer MailManage</a></li> <li>Install <a href="http://configserver.com/cp/cmq.html" target="_blank">ConfigServer MailQueues</a></li> <li>Install <a href="http://configserver.com/cp/csf.html" target="_blank">ConfigServer Firewall</a></li> <li>Install <a href="http://configserver.com/cp/cmc.html" target="_blank">ConfigServer ModSecurity Control</a></li> <li>Install <a href="https://www.configserver.com/free/mailscanner.html" target="_blank">ConfigServer MailScanner</a></li> <li>Install <a href="http://configserver.com/cp/cxs.html" target="_blank">ConfigServer Exploit Scanner</a></li> <li>Install <a href="https://www.rfxn.com/projects/linux-malware-detect/" target="_blank">R-fx Malware Detect</a></li> <li>Install <a href="http://www.softaculous.com/" target="_blank">Softaculous</a></li> <li>Install <a href="https://www.ndchost.com/cpanel-whm/addons/watchmysql/" target="_blank">WatchMySQL</a></li> <li>Install <a href="https://github.com/major/MySQLTuner-perl" target="_blank">MySQL Tuner</a></li> <li>Install <a href="https://www.cloudflare.com/static/media/pdf/cloudflare-cpanel-installation-activation-guide.pdf" target="_blank">cPanel mod_cloudflare</a> (<a href="https://github.com/tripflex/cloudflarecp" target="_blank">cloudflarecp</a>)</li> <li>Install <a href="https://www.cloudflare.com/railgun" target="_blank">CloudFlare RailGun</a></li> <li>Install yum terminal colors</li> <li><a href="https://www.cloudflare.com/docs/railgun/installation.html" target="_blank">Configure/Setup CloudFlare RailGun</a></li> <li>Configure CloudFlare RailGun and MemCached (using socket)</li> <li>Update Firewall Allow list with CloudFlare IPs</li> <li>Update Firewall Configuration</li> <li>Update SSH Configuration ( Port, and UseDNS )</li> <li>Update cPanel Configurations</li> <li>Update Pure FTP Configurations</li> <li>Update cPanel Tweak Settings</li> <li>Update MySQL Settings</li> <li>Update PHP Settings</li> <li>Update Apache Global Configuration</li> </ul> <h4>Deprecated (but still available) Features/Functions:</h4> <ul> <li>Install <a href="https://www.ndchost.com/cpanel-whm/addons/accountdnscheck/" target="_blank">Account DNS Check</a>* (depreciated)</li> <li>Install <a href="http://how2.be/en/community/phpinimgr/" target="_blank">PHP.ini Manager</a>* (depreciated)</li> <li>Install <a href="https://www.ndchost.com/cpanel-whm/addons/cleanbackups/" target="_blank">Clean Backups</a>* (depreciated)</li> </ul> <h4>Future Enhancements:</h4> <ul> <li>You tell me, open up an issue and suggest a new feature!</li> </ul> </td> <td width="40%"> <p align="center"><img src="screenshot.png"></p> </td> </tr> </table>

Depreciated Functions/Installs (*)

NameReason
Account DNS CheckReported to no longer work on CentOS 7, or WHM > 11.52
PHP.INI ManagerWHM now has built in handling, and unsure of status of plugin
Clean BackupsNo longer works or updated?

I decided to remove these from the auto install process because I either do not know the status of them (compatibility wise) with WHM, they are not compatible with latest release, or because the developers either do not provide ANY changelog, or even if they do, they don't even date the versions, which IMO is sloppy dev work, and as such, they do not belong in the auto install process.

Available Arguments

cpsetup - sMyles cPanel Setup Script
Usage example:
./cpsetup [(-h|--help)] [(-v|--verbose)] [(-V|--version)] [(-u|--unattended)] [(-m|--menu)] [(-r|--run) value] [(-R|--functions)]
Options:
-h or --help: Displays this information.
-v or --verbose: Verbose mode on.
-V or --version: Displays the current version number.
-u or --unattended: Unattended installation ( bypasses all prompts ).
-r or --run: Run a specific function.
-R or --functions: Show available functions to use with -r or --run command.

Firewall Updates

OptionOriginal ValueNew Value
RESTRICT_SYSLOG03
SMTP_BLOCK01
LF_SCRIPT_ALERT01
SYSLOG_CHECK01800
PT_ALL_USERS01

SSH Updates

Any options that have (prompt) means you will be prompted to specify your own custom value if -u was not used as an argument.

OptionOriginal ValueNew Value
Port22222 (prompt)
UseDNSyesno

cPanel Config Updates

OptionOriginal ValueNew Value
Shell Fork Bomb ProtectionDisabledEnabled
Compiler AccessEnabledDisabled
Root Forwarder EmailNoneUser Specified (prompt)

Pure FTP Updates

OptionOriginal ValueNew ValueResult
RootPassLoginsyesnoCan't login with root pw
AnonymousCantUploadnoyesAnonymous can't upload
NoAnonymousnoyesAnonymous can't login

cPanel Tweak Settings Updates

OptionOriginal ValueNew Value
BoxTrapperEnabledDisabled
Referrer Blank Sanity CheckDisabledEnabled
Referrer Safety CheckDisabledEnabled
Hide Login PW from CGI ScriptsDisabledEnabled
Max Emails Account Can Send Per HourUnlimited199
Restrict outgoing SMTP to root, exim, and mailmanEnabledDisabled
Proxy Subdomains (whm.example.com, etc)EnabledDisabled

MySQL Settings Updates

OptionOriginal ValueNew Value
local-infile10

PHP Configuration Updates

OptionOriginal ValueNew Value
enable_dlOnOff
disable_functionsNoneshow_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen, ini_set

Apache Global Configuration Updates

OptionOriginal ValueNew Value
Server SignatureOnOff
Server TokensAllProductOnly
Trace EnableOnOff

CloudFlare RailGun Configuration

OptionOriginal ValueNew Value
memcached.servers/tmp/memcached.sock/var/run/memcached/memcached.sock
activation.railgun_hostYOUR_PUBLIC_IP_OR_HOSTNAME(user defined)
activation.tokenYOUR_TOKEN_HERE(user defined)

CloudFlare RailGun MemCached Configurations

OptionOriginal ValueNew Value
PORT1121122222
USERmemcachedmemcached
MAXCONN102420480
CACHESIZE644096
OPTIONS-s /var/run/memcached/memcached.sock

Caution

Use at your own risk, if you don't know what you're doing you should probably not be using this script. Myself and any contributors to this project take absolutely no responsibility for anything you do with this script. I strongly recommend reading the script so you understand what it does before using.

Change Log

1.5.0 (May 22, 2019)

Full Changelog

Implemented enhancements:

Bug Fixes:

1.4.0 (Feb 1, 2017)

Full Changelog

Implemented enhancements:

Bug Fixes:

Other: