How To : Pre-Provision of Shared Hosting (cPanel or DirectAdmin)

  Check Lists 
yum clean all
yum erase NetworkManager mariadb-libs* -y
yum install perl wget screen net-tools bind-utils ntpdate vim psmisc -y

• Disable the selinux

perl -pi -e "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
setenforce 0

• Stop and disable the firewalld

systemctl stop firewalld
systemctl disable firewalld

• Customize and optimize ssh service

cp /etc/ssh/sshd_config /etc/ssh/sshd_config.tmp
cat /etc/ssh/sshd_config.tmp | sed s/"#Port 22"/"Port 9321"/g > /etc/ssh/sshd_config
echo "" >> /etc/ssh/sshd_config
echo "Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,arcfour" >> /etc/ssh/sshd_config
echo "MACs hmac-sha1,hmac-ripemd160" >> /etc/ssh/sshd_config
echo "" >> /etc/ssh/sshd_config
perl -pi -e "s/\#ClientAliveInterval 0/ClientAliveInterval 900/g" /etc/ssh/sshd_config
perl -pi -e "s/\#ClientAliveCountMax 3/ClientAliveCountMax 3/g" /etc/ssh/sshd_config
echo "TMOUT=900" >> /etc/profile
systemctl restart sshd

• Update the server time, set cronjob to update it every day and auto update it every time server rebooted.

ntpdate time.ipserverone.com
echo "/sbin/ntpdate time.ipserverone.com" >> /etc/rc.d/rc.local
chmod +x /etc/rc.d/rc.local
systemctl start rc-local
(crontab -l; echo "15 00 * * * /sbin/ntpdate time.ipserverone.com > /dev/null 2>&1") | crontab -

• Create user isupport and enable root privileges.

cp /etc/sudoers /etc/sudoers.tmp
cat /etc/sudoers.tmp | sed '/NOPASSWD/ a isupport        ALL=(ALL)       NOPASSWD: ALL' > /etc/sudoers
useradd isupport

• Install development tools, update all software packages that pre-installed and reboot the server.

yum groupinstall 'development tools' -y; yum update -y; reboot

• Install Kernel Version Checker

mkdir -p /ips1
cd /ips1
wget -O /ips1/ips1-kernel-checker --user=support --password=Jz8jx001 https://ns82.small-dns.com/setup/ips1-kernel-checker
chmod +x /ips1/ips1-kernel-checker
(crontab -l; echo "30 22 * * * /ips1/ips1-kernel-checker > /dev/null 2>&1" ) | crontab -

• Install Lynis Audit

mkdir -p /ips1
cd /ips1
wget -O /ips1/ips1-lynis-audit --user=support --password=Jz8jx001 https://ns82.small-dns.com/setup/ips1-lynis-audit
chmod +x /ips1/ips1-lynis-audit
cd /usr/local
git clone https://github.com/CISOfy/lynis
ln -s /usr/local/lynis/lynis /usr/bin/lynis
(crontab -l; echo "30 00 * * * /ips1/ips1-lynis-audit > /dev/null 2>&1" ) | crontab -

• Install maldet, malware detector.

cd /ips1
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -zxf maldetect-current.tar.gz
cd maldetect-1.6.2
./install.sh
wget -O /usr/local/maldetect/conf.maldet --user=support --password=Jz8jx001 https://ns82.small-dns.com/setup/conf.maldet

• Install disk usage monitoring script.

wget -O /ips1/ips1-disk-usage-check --user=support --password=Jz8jx001 https://ns82.small-dns.com/setup/ips1-disk-usage-check
chmod +x /ips1/ips1-disk-usage-check
(crontab -l; echo "00 08 * * * /ips1/ips1-disk-usage-check > /dev/null 2>&1") | crontab -

• Install mail queue monitoring script

wget -O /ips1/ips1-mail-queue-check --user=support --password=Jz8jx001 https://ns82.small-dns.com/setup/ips1-mail-queue-check
chmod +x /ips1/ips1-mail-queue-check
(crontab -l; echo "*/15 * * * * /ips1/ips1-mail-queue-check > /dev/null 2>&1") | crontab -

• If the installation on physical server, install the RAID monitoring script

cd /opt
wget http://ipfusions.com/setup/MegaRAID.tar.gz
tar -zxf /opt/MegaRAID.tar.gz
wget -O /ips1/ips1-lsi-raid-check --user=support --password=Jz8jx001 https://ns82.small-dns.com/setup/ips1-lsi-raid-check
chmod +x /ips1/ips1-lsi-raid-check
(crontab -l; echo "00 06 * * * /ips1/ips1-lsi-raid-check") | crontab -

• If the installation with DirectAdmin, install the watchDog to monitor the server load, apache & mysql

yum install bc openssl-devel -y
cd /ips1
wget https://www.vanheusden.com/httping/httping-2.5.tgz
tar xvf httping-2.5.tgz
cd httping-2.5
./configure
make && make install
wget -O /ips1/ips1-watch-dog --user=support --password=Jz8jx001 https://ns82.small-dns.com/setup/ips1-watch-dog
wget -O /ips1/ips1-watch-dog.conf --user=support --password=Jz8jx001 https://ns82.small-dns.com/setup/ips1-watch-dog-conf
wget -O /ips1/ips1-exim-check --user=support --password=Jz8jx001 https://ns82.small-dns.com/setup/ips1-exim-check
chmod +x /ips1/ips1-exim-check
chmod +x /ips1/ips1-watch-dog
(crontab -l; echo "* * * * * /ips1/ips1-watch-dog > /dev/null 2>&1") | crontab -

• Change the network interface format from ensXX or emXX to ethXX.