Cpanel Newbie Guide:
Note: Major changes to guide as of Feb 23, 2006!

The Cpanel Newbie Guide has been moved and can now be found here:

http://www.webhostgear.com/3.html
Please update your bookmarks.

Also be sure to check out the rest of WebhostGear.com

Thanks!

Cpanel doesn't come with any firewall or anti-virus scanner.
You basically get the basic Cpanel installation with Redhat 7.3

It's required that you configure Cpanel yourself - it has the basics setup but that's about it......


You can install software based firewalls like Bastille or APF that can be found in the HOW-TOs section of these forums.

A good virus scanner is F-Prot, but there are many others available as well such as Clam (RAV is now owned by MS and shouldn't be used!).

It takes a LOT of tweaking to properly configure your server before it would be "production" ready.

A few things you would need to install and configure IMO.

- Apache httpd.conf tweaks
- Anti-Virus Scanner
- Email Anti-Virus Scanner (MailScanner)
- Intrustion Detection System (Tripwire)
- Firewall (APF)
- MRTG bandwidth monitor
- Log Sentry (Emails Log Clippings of security violations)
- Update your servers kernel and other security issues (OpenSSH)


As a general note Rackshack servers are completely unmanaged and aren't setup ready to go - you need to do lots to get them configured and up to speed.

Just having Cpanel on Redhat isnt good enough.
If you need a hand, ask around on the forums, everyone here is trying to do their best to secure their server. Over the last year I've found the forums to be Rackshacks biggest asset. Thanks for all the members who helped me get started not that long ago

Cheers!

This is excellent! Thanks very much.

One question, about the kernal upgrades, where can I get up2date, and how do I use it?

Your welcome

up2date is included with all Redhat versions. I've updated the HowTo which includes some details on up2date.

Cheers

Nice.

Regarding backups. I have a second drive and you state the following "Note: you need a second hard drive and should have it set to /backup in your fstab file"

Were is the fstab file and my 2nd drive is called /home2 when I use /home2/backups as an example I get this error:~

home2/backups is not a directory..
Backup has been disabled to prevent file loss..
/home2/backups does not exist..
Backup has been disabled to prevent file loss..

Why cant I use the 2nd drive?

Regards all.

Don't name your backup drive "home" or home anything.
Cpanel will take any partition that is called "home*" and use that for creating any new accounts - not for backups.

So if you have two partitions called home and home2 Cpanel will automatically put all new accounts in home2 and completely forget about home. This is to allow for expanding when you first drive becomes full - not for backup.

I would suggest using an alternative name to your second drive unless you want to put new accounts on it.


Do you mean your fstab has home2/backups in it? I don't think it supports sub directory names in the fstab file - only real partitions.

You may have to make a real partition for the backups and not just a sub directory of one.

thanks a lot Rampage.

I can start with this guide to configure my cpanel/server.

thanks again.

Wow thats great thanks!!

Any tips on which reseller options to allow on reseller accounts? I get confused because there are so many things and I am not sure if selecting them is going to make that option available for just the sites under the reseller's control panel of if it will give them access to everything..

It is surely alot more work than Ensim was, but it give alot more options also.. It would be nice to preset which reseller options yopu would like available with what plans..

A complete step-by-step howto for setting up nameservers and hostnames with CPanel+Rackshack+eNom (or other registrar) would be a great addition. I've noticed there are alot of conflicting posts about this too.

I like up2date a lot. Anything else (besides PERL) that I can't up2date?

Solved the below problem, remounted the drive and called it backup.

Regards,

Brian

I'm sort of a fan of adding a new user, besides root (adduser ; passwd ) adding that user account to the wheel group (edit the line that starts with 'wheel' in /etc/groups) and then dis-allowing root to login from ssh (edit /etc/ssh/sshd_config .. scroll down to "#AllowRootLogin yes" and change it to "AllowRootLogin no"

This way someone needs to know the root password, in addition to a local account and it's password.

An even better suggestion (depending on how hard core security concious we are) would be to do all of that but remove that user from wheel and ad them to the sudoers file - this way we have a better idea (via logs) of what exactly happens with root's privledges.

-neil

Fantastic. I've got my forums migtrated totally, and the server set up with backup and firewall going. Thanks to all who have helped with great advice in posts.

RS support has also been great. I'm now waiting for DNS propagation before I reopen my forums.

Glad you guys like the tutorial!

I'm not sure if anything else can't be updated using up2date. Whatever Cpanel can update should be updated with Cpanel - otherwise use up2date would probably be the best advice to follow

If you're new to Cpanel - don't be a reseller. Simple as that.
Get familiar with the system for a few months minimum before offering any reseller services. In order to provide good service you need to know what you're doing because you have many people relying on you. So no I won't offer reseller tutorials here.

I may do a name server tutorial + hostname later on though

is this true?

Ramp can you correct your docs.

Prevent the user 'nobody' from sending out mail to remote addresses (php and cgi scripts generally run as nobody if you are not using phpsuexec and suexec respectively.)
(This won't allow PHP scripts to send mail - EG formmail or anything else as they're sent using nobody)

The above, weather its checked or not, allows mail to go out as nobody unless phpsuexec is installed.

I haven't been able to find any docs on phpsuexec. How is it installed? Any docs anywhere?

There's a link in WHM to install it, it seems.

Thanks for the tutoral you have done. Please do the nameserver also.

It has been suggested to me that it is best to leave most of the updating to CPanel (such as php, apache, perl, mysql, etc) and just do kernel updates with up2date. CPanel will update just about everything that that is standard and necessary to update...

Great Tutorial, while I personally use auto edge for my servers (an very little to no problems personally so far) I agree with just about everything else. The only other thing I would mention is:
http://layer1.cpanel.net/ChangeLog

This will show you what changes are made to cPanel.

If Checked it will NOT allow mail that is sent as nobody to go out. and PHP will not allow user nobody to send a diff return to address. Something to do with nobody not being a trusted user.

As for phpSuExec. I use it on all my servers, just remember to tell all of your users to change permissions of their php scripts to 755.

This keeps spam way dopwn as I can now tell who is sending it

Nicely done ramprage. You might want to add this under Logins as well. I find it easier to remember instead of using ports. :rolleyes:

Instead of using http://sitename.com:80XX to access WHW, Cpanel and Webmail you can also use the following:

WHM
- Regular http://sitename.com/whm

Cpanel
- Regular https://sitename.com/cpanel

Webmail
- Regular https://domain.com/webmail

The only problem is that this will be non-secure.

Very nicely written, wish there was something like this when I first started using cpanel.

RS doesn't partition with usr, var and home on seperate partitions. They are all on sda3.

rpm, I suggest you start a new thread to ask these questions, as this is a HOW-TO thread and should be kept really for HOW-TO issues. Plus, you will get more answers in a separate thread.

I'd also suggest that if your using RS's nameservers then you disable bind [named] straight away - note you will have to remove it from chkserv as well as disabling the init script

How do I administer mysql user grants within CPANEL? In Ensim, we had the server-level phpMyAdmin, but in CPANEL, everything is handled through CPANEL at the domain level. I need to be able to set defaults for user priviledges, and I'm willing to do this via ssh if someone can tell me exactly where all the data is. I also have a secondary issue of needing to delete fragmented user records that were improperly converted by the CPANEL upgrade.

Lastly, does anyone know if it is possible to invoke a server-level phpMyAdmin that is not advertised by DarkOrb as a feature? Any help is appreciated.

TCP_CPORTS="21,22,53,80,110,443,2082,2083,2086,2087,2095,2096"

You need to add '2082,2083,2086,2087,2095,2096' in order to open up access to whm, cpanel and webmail (both secure and insecure).

I'm totally confused about this "nobody" business. Also on phpSuExec...

Any advice on binding IP's to the box - or do they need to be, like in Ensim?

My best wishes to ramprage. keep it up.

Very Good How-to on WHM.

thanks,

You can update your HowTo to include the remote backup feature for WHM if you want.

http://forum.rackshack.net/showthread.php?...&threadid=24947

I soooo wish there was a company that was trustworthy that I could hire to do this work for me. I just picked up a box from Rackshack and haven't the slightest idea on how to do the set up.

My last box was an Ensim, I had another company set it up, update, make it all simple so all I do is hit the control panel to add sites etc.

Any suggestions on who to use?

you should really learn how to do it yourself, but if you dont have the time I would be willing to set it up for you (at a fee of course). Contact me privately for more information.

I am also looking for some help with the same problem...

RisingHost , willing to help? for a price..... please email me.

There are a few companies on the forums that would be able to assist you - us being one of them.

Also just ask any questions in the forums for help!

What else would you like to see added to this guide?

less spam

That was some helpful input....

Guide has been updated - general info for new server users has been added.

quote:
--------------------------------------------------------------------------------
Originally posted by ramprage
There are a few companies on the forums that would be able to assist you r-fx.net being a very good one.

--------------------------------------------------------------------------------


r-fx.net will take your money and run.
I am still waiting to hear from them after two months.
I paid quite a bit to have them migrate the server, and they ran into a problem and it was going to take longer to do this. I offered to pay more, anyways to make the long story short They disappeared after they moved 1% of the server.

Just a caution.

servenut - thanks for your feedback, I edited my post to not recommend them!

Have you tried phoning them?

Myce,
Did you ever get these questions answered? I would be interested in any resolutions to these points.

Thanks

You can access securely via:
/securewhm
/securecontrolpanel
and I believe, /securewebmail

Wouldn't it be easier for people, if you added links to these How TOs next to the list?

hey guys...

Ive set up and run 3 Rackshack Cpanel servers. If you are looking for someone to pay to help you set up your server (like get the dns server working) send me an email or a pm and ill see what we can do

wade@nuffsed.net

Is that like an advertisement?

well not really. People were asking. This isnt my normal business just thought i'd be helpful.