Loading ...
cPanel Configuration Files and Handy Commands for Shell

cPanel Configuration Files and Handy Commands for Shell

Since I use cPanel and CentOS alot now a days, I want to make sure that I have a handy place I can keep and search for anything I might need for configuring or managing the servers.

Without any further ado, I present you the most comprehensive list of cPanel Stuff, I have ever seen 😉

Configurations and Services They Are Tied To

  • CPanel

    • Configuration File: cpanel.config
    • Path: /var/cpanel/cpanel.config
    • Service: cpanel
  • Apache

    • Default Port: 80
    • Configuration File: httpd.conf
    • Path: /etc/httpd/conf/httpd.conf Or /usr/local/apache/conf/httpd.conf
    • Service: httpd
  • Exim

    • Configuration File: exim.conf
    • Path: /etc/exim.conf
    • Service: exim
  • Bind

    • Default Port: 53
    • Configuration File: named.conf
    • Path: /etc/named.conf
    • Service: named
    • DB location: /var/named
  • FTP server

    • proftp
      • Default Port: 20, 21
      • Configuration File: proftpd.conf
      • Path: /etc/proftpd.conf
      • Service: proftpd
    • pureftp
      • Default Port: 20, 21
      • Configuration File: pure-ftpd.conf
      • Path: /etc/pure-ftpd.conf
      • Service: pure-ftpd
  • MySQL

    • Default Port: 3306
    • Configuration File: my.cnf
    • Path: /etc/my.cnf
    • Service: mysql
    • Recommended Configuration
      • query_cache_type=1
        query_cache_size=16M
        query_cache_limit=1M
        sort_buffer_size=4M
        join_buffer_size=4M
        tmp_table_size=4M
        max_heap_table_size=4M
        thread_cache_size=16M
        max_connections=250
        max_allowed_packet=16M
        key_buffer_size=128M
        read_buffer_size=256K
  • PHP

    • Configuration File: php.ini
    • Path: /usr/local/lib/php.ini
    • Recommended Configuration
  • nGinx

    • Configuration File: nginx.conf
    • Path: /etc/nginx/nginx.conf
    • Service: nginx
    • Recommended Global Configuration
      • user www-data;
        worker_processes 8;
        pid /run/nginx.pid;
        
        events {
         worker_connections 768;
         # multi_accept on;
        }
        
        http {
        
         sendfile on;
         tcp_nopush on;
         tcp_nodelay on;
         keepalive_timeout 10;
         types_hash_max_size 2048;
         server_tokens off;
         fastcgi_read_timeout 3600;
         include /etc/nginx/mime.types;
         default_type application/octet-stream;
         access_log /var/log/nginx/access.log;
         error_log /var/log/nginx/error.log;
         gzip on;
         gzip_disable "msie6";
         gzip_vary on;
         gzip_proxied any;
         gzip_comp_level 9;
         gzip_buffers 16 32k;
         gzip_min_length 50;
         gzip_types 
         text/css
         text/plain
         text/javascript
         application/javascript
         application/json
         application/x-javascript
         application/xml
         application/xml+rss
         application/xhtml+xml
         application/x-font-ttf
         application/x-font-opentype
         application/vnd.ms-fontobject
         image/svg+xml
         image/x-icon
         application/rss+xml
         application/atom_xml;
         
         ignore_invalid_headers on;
         client_max_body_size 1024M;
         client_body_buffer_size 15m;
         client_header_timeout 400;
         client_body_timeout 400;
         send_timeout 400;
         connection_pool_size 256;
         client_header_buffer_size 4k;
         large_client_header_buffers 4 32k;
         request_pool_size 4k;
         output_buffers 4 32k;
         postpone_output 1460;
         open_file_cache max=10000 inactive=10m;
         open_file_cache_valid 2m;
         open_file_cache_min_uses 1;
         open_file_cache_errors on;
         include /etc/nginx/conf.d/*.conf;
         include /etc/nginx/sites-enabled/*;
        }
        

         

    • Recommended VHost Configuration

      • NOTE: Since CPanel needs Apache to run, we have to set nGinx and php-fpm as proxies.  This one is made special for WordPress
      • server {
                listen 80;
                server_name www.yourdomainname.com;
                rewrite ^(.*) http://yourdomainname.com$1 permanent;
        }
        server {
                listen 80;
                server_name yourdomainname.com;
        
                client_max_body_size 5m;
                client_body_timeout 60;
        
                access_log /var/log/nginx/yourdomainname.com.log;
                error_log /var/log/nginx/yourdomainname.com error;
        
                root /home/theaccountname/public_html;
                index  index.html index.php;
        
                ### root directory ###
                location / {
                        try_files $uri $uri/ /index.php?$args;
                }
        
                ### security ###
                error_page 403 =404;
                location ~ /. { access_log off; log_not_found off; deny all; }
                location ~ ~$ { access_log off; log_not_found off; deny all; }
                location ~* wp-admin/includes { deny all; }
                location ~* wp-includes/theme-compat/ { deny all; }
                location ~* wp-includes/js/tinymce/langs/.*.php { deny all; }
                location /wp-includes/ { internal; }
                #location ~* wp-config.php { deny all; }
                location ~* ^/wp-content/uploads/.*.(html|htm|shtml|php)$ {
                        types { }
                        default_type text/plain;
                }
        
        	# Uncomment this to block access
                #  location ~* wp-admin {
                #      allow <YOUR_IP>;
                #      allow 127.0.0.1;
                #      deny all;
                #  }
        
                ### disable logging ###
                location = /robots.txt { access_log off; log_not_found off; }
                location = /favicon.ico { access_log off; log_not_found off; }
        
                ### caches ###
                include /etc/nginx/conf.d/caches.conf;
        
                ### php block ###
                location ~ .php?$ {
                        try_files $uri =404;
                        include fastcgi_params;
                        #fastcgi_pass 127.0.0.1:9001;
                        fastcgi_pass unix:/var/run/php-main.socket;
                        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                        fastcgi_intercept_errors on;
                        fastcgi_split_path_info ^(.+.php)(.*)$;
                        #Prevent version info leakage
                        fastcgi_hide_header X-Powered-By;
                }
        }

         

  • php-fpm

    • Configuration File: www.conf
    • Path: /etc/php-fpm.d/www.conf
    • Service: php5-fpm
    • Recommended Configuration
      • user = nginx
        group = nginx
        pm = dynamic
        pm.max_children = 16 # 50% Available RAM
        pm.start_servers = 2 # 25% of Total CPU Cores
        pm.min_spare_servers = 1
        pm.max_spare_servers = 8 # Total CPU Cores
        pm.max_children = 10 
        pm.max_requests = 500

         

  • Networking Setup

    • /etc/sysconfig/network
    • /etc/hosts – Host entries
    • /etc/resolv.conf – Resolver Configuration
    • /etc/nameserverips – Nameserver IPs
  • clamav

    • Configuration File: clamav.conf
    • Path: /etc/clamav.conf
    • Service: clamd

Contents of /home/user

  • etc
  • mail
  • logs
  • public_html
  • public_ftp
  • hidden directories

Accessing The Control Panel

  • https://192.168.0.1:2083
    • This URL allows you to access cPanel over an encrypted connection with your IP address.
  • https://example.com:2083
    • This URL allows you to access cPanel over an encrypted connection with your domain name.
  • http://192.168.0.1:2082
    • This URL allows you to access cPanel over an unencrypted connection with your IP address.
  • http://example.com:2082
    • This URL allows you to access cPanel over an unencrypted connection with your domain name.
  • WHM Ports: 2086 and 2087
  • WebMail Ports: 2095 and 2096

Scripts & Usage (common first)

  1. Change CPanel Password
    1. /scripts/chpass username password
  2. Syncronize FTP Password
    1. /scripts/ftpupdate
  3. CPHulk Whitelisting
    1. /scripts/cphulkdwhitelist XXX.XXX.XXX.XXX # IP Address
  4. CSF/LFD Whitelisting
    1. csf -a XXX.XXX.XXX.XXX #Allow an IP Address
    2. csf -dr XXX.XXX.XXX.XXX #Remove an IP Address from the blacklist
    3. csf -r #Restart
  5. Check for Shellshock Bash Hack
    1. env X=”() { :;} ; echo shellshock” /bin/sh -c “echo completed”
    2. env X=”() { :;} ; echo shellshock” `which bash` -c “echo completed”
  6. Check for Base64 or Eval Hacks
    1. #!/bin/bash
      
      for filename in /home/* ; do
      
      	ACCT=$(stat -c '%U' "$filename");
      
      	if [ -d "$filename" -a "$ACCT" != "root" ]; then
      		#Possible File Hacks
      		find /home/$ACCT/public_html/ ( -name "*.php" ) -type f -print0 | xargs -0 grep --binary-files=without-match -ir "base64_decodes*(" | awk '{print $1}' | cut -d: -f 1 >> /possible-hacks.txt;
      		find /home/$ACCT/public_html/ ( -name "*.php" ) -type f -print0 | xargs -0 grep --binary-files=without-match -ir "evals*(" | awk '{print $1}' | cut -d: -f 1 >> /possible-hacks.txt;
      		#Possible Image Hacks
      		find /home/$ACCT/public_html/ ( -name "*" ) -type f -print0 | xargs -0 grep --binary-files=without-match -ir "base64_decodes*(" |grep 'jpg|gif|png|bmp' | awk '{print $1}' | cut -d: -f 1 >> /possible-image-hacks.txt;
      		find /home/$ACCT/public_html/ ( -name "*" ) -type f -print0 | xargs -0 grep --binary-files=without-match -ir "evals*(" |grep 'jpg|gif|png|bmp' | awk '{print $1}' | cut -d: -f 1 >> /possible-image-hacks.txt;
      	fi;
      done;
  7. Rebuild Httpd Config
    1. /scripts/rebuildhttpdconf
  8. Clean Out Old Logs
    1. find /the/path/to/search -type f -name “*.log” -mtime +30 -exec rm -f {} ;
  9. Full Account Backup
    1. /scripts/pkgacct ACCOUNTNAME
    2. backup is stored in /home as cpmove-ACCOUNT.tar.gz
  10. Full Account Restore
    1. /scripts/restorepkg –force /path/to/cpmove-file.tar.gz
  11. Verify CPanel License
    1. /usr/local/cpanel/cpkeyclt
  12. Watch an Accounts Traffic
    1. tail -f /usr/local/apache/domlogs/accountname/accountdomain.ext
  13. View All Current Connections
    1. netstat -an –inet

Scripts & Usage (alphabetical)

https://documentation.cpanel.net/display/ALD/WHM+Scripts#WHMScripts-Scripts