Install CSF on CentOS with cPanel/WHM

We’ve just finished installing cPanel/WHM on a CenOS machine so the next logical step would be to install some security protection. The tool of choice nowadays is CSF(ConfigServer Security & Firewall) which is an SPI iptables firewall developed by Way to the Web Limited. This is a short guide which describes how to install CSF on CentOS and verify that is working properly.

The first step would be to download CSF from their site using wget. The output should be something similar to this:

[root@web ~]# wget http://www.configserver.com/free/csf.tgz
--2015-01-25 02:34:51-- http://www.configserver.com/free/csf.tgz
Resolving www.configserver.com (www.configserver.com)... 85.13.195.235
Connecting to www.configserver.com (www.configserver.com)|85.13.195.235|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://download.configserver.com/csf.tgz [following]
--2015-01-25 02:34:51-- http://download.configserver.com/csf.tgz
Resolving download.configserver.com (download.configserver.com)... 85.10.199.177
Connecting to download.configserver.com (download.configserver.com)|85.10.199.177|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 601886 (588K) [application/x-gzip]
Saving to: ‘csf.tgz’
100%[==================================================================================================================>] 601,886 489KB/s in 1.2s
2015-01-25 02:34:52 (489 KB/s) - ‘csf.tgz’ saved [601886/601886]

It’s a small file so the download should finish immediately. Next we’ll extract the archive using tar, change directory and install CSF on CentOS :

[root@web ~]# tar -xzf csf.tgz
[root@web ~]# cd csf
[root@web csf]# sh install.sh

We will edit the configuration file located under /etc/csf/csf.conf and add your SSH port to the exceptions list(In case we’re using something else than the default 22). Once that’s done and we’ve went through all the options in the configuration file we can adjust the following variable:

TESTING = "0"

and restart the service using csf -r. This would disable testing mode and the firewall is ready for use.

There are many options and we can also configure alerts and messages content that we receive in your email by altering the template files that exist within /etc/csf/ folder.

How to install cPanel/WHM on CentOS

This is a short guide on how to install cPanel/WHM on CentOS. Please note that cPanel requires a fresh server installation and it cannot be uninstalled. After cPanel/WHM is installed on a server the OS needs to be re-installed/formatted in order to remove it. At this time, cPanel doesn’t provide an uninstaller. cPanel provides a 15 days trial license but you’ll need to get a paid license once this trial is over.

Requirements

Before we start to install cPanel/WHM on CentOS we’ll need to make sure that our server has a fully qualified hostname. Please note that this hostname isn’t the same as the domain name that we want to host on this server. For example, if we’re going to host hostingstuff.net on this server, server.hostingstuff.net OR something.hostingstuff.net would work as a hostname. The installer will also require you to set these, however it’s better to get them properly setup before starting the install. In addition to this the server needs to have a working internet connection which is properly configured.

Please note that cPanel/WHM won’t work on a server with SELinux enabled. SELinux must remain disabled all the time, from the installation point.

Installation

In order to achieve this we’ll need to run the following commands:

cd /home
yum install wget
wget -N http://httpupdate.cpanel.net/latest
sh latest

If you’re trying to run the installer on a 5.x version of CentOS, RHEL, or CloudLinux, use the –force option when you run the it. It’s recommended to run the installer on the latest OS version(currently 6.x) supported in order to benefit from the latest features.

The installation process will take a while depending on the machine’s resources. Once this is done you’ll need to visit https://$IP:2087 in your web browser and login as root. You’ll need to go through the Initial Setup Wizard which will configure your server with the desired settings.

Documentation: https://documentation.cpanel.net/