Learn how to configure cPanel firewalls in most cloud platforms or use other security tools to harden and protect your cPanel server from malicious attacks.
Imagine that after the initial erection of the walls for this new house has been completed, the house is left with no roof to shield its occupants from the elements nor doors to keep them safe from wild animals that will want to gobble them up for dinner.
The above analogy is often what happens when a server administrator deploys a server and then forgets the most fundamental aspect of the process: security.
The cloud has given server administrators the ability to rustle up any kind of server in less than 55 seconds.
The problem with that is that often, server administrators tend the forget the most fundamental aspect of the process: security.
While most of the biggest cloud system we have come to embrace have in-built measures designed to keep us from becoming victims of our human nature, it hasn’t changed that fact that when you deploy a system and didn’t from its conception design it to be secure, you will face a hard road down the line.
The fact is that 98% of most of the attacks that a system connected online will face are opportunistic in nature rather than targeted.
When a malicious user tries his or her luck with a system and finds it robustly protected, he or she will move on to easier targets.
With an unprotected server, the story will be different as anyone with malicious intent will immediately see the box as a low-hanging ripe for the picking.
An unprotected server also shouldn’t be online, not only because it goes against everything a good admin should be, but because it makes the internet more insecure.
What are Firewalls In Computing?
In computing infrastructure designing, the internet is always treated as an untrusted external network.
A firewall monitors and controls incoming and outgoing network traffic based on predetermined security rules.
Just as any well-designed building should have a wall intended to contain fire within a building, designated entry & exit points and rules about who should be allowed access and who should be turned back, a well-implemented firewall enables a system administrator to define what inbound and outbound communication is allowed from a server and also the ability to mitigate threats within a set parameter.
As a system administrator, the standard place to start when it comes to security is to:
- be aware that any software can be exploited including cPanel.
- understand & treat every user input is potentially hostile& malicious
- apply good security practices to defend an infrastructure
- avoid rolling out any security solution that you do not understand as in understanding.
- log all suspicious behavior if and when it is needed to forensic
- design a system in such a way that it will enable you to restore the infrastructure to its pre-compromise state.
- go beyond port firewalling to hide insecure protocols but relying on the security of the protocols that you use to defend your infrastructure.
- provide the minimal privilege needed to complete an operation successfully but nothing more than what is needed.
How To Set Up A cPanel Firewall For Mitigation
So how does one go about securing, for example, a public-facing cPanel web server in order to and lower the chances of it being compromised?
Let’s start with the basics when installing a new cPanel server.
Remove all existing rules
Just as you wouldn’t start building a building on top of what someone has already created, it is always better to rip out any existing firewall rules before implementing a new one.
Doing so gives you a clear, coherent idea of what you are allowing and blocking on your system, a piece of information you would want to have in your head when dealing with an ongoing threat.
When installing cPanel on a new machine, you should deactivate the firewall before running the installation script with:
iptables-save > ~/firewall.rules
systemctl stop firewalld.service
systemctl disable firewalld.service
where ~/firewall.rules represents the firewall rules file.
The same command will work on CentOS, Red Hat® Enterprise Linux, CloudLinux™, and Amazon® too.
When the installation process finishes, you can then select and configure a firewall from any of the options below.
Disable SELinux
SELinux (Security-Enhanced Linux) in enforcing mode is purposely built to make your web server a fortress but frankly, it takes a lot of work to configure SELinux even a basic Linux machine.
And while cPanel & WHM may be able to function with SELinux in permissive mode, it generates a large number of log entries that you wouldn’t want.
It is highly recommended that you disable SELinux and reboot the system before installing cPanel on any system.
To disable SELinux security features, use one of the following methods:
Pull up your Terminal and run:
$ sudo cp /etc/selinux/config /etc/selinux/config.backup
$ sudo vi /etc/selinux/config
The /etc/selinux/config file allows you to set the SELINUX parameters that you want the server to run.
When it opens, you will see something like this:
This file controls the state of SELinux on the system.
SELINUX= can take one of these three values:
enforcing - SELinux security policy is enforced.
permissive - SELinux prints warnings instead of enforcing.
disabled - No SELinux policy is loaded.
SELINUX=enabled
SELINUXTYPE= can take one of these two values:
targeted - Only targeted network daemons are protected.
strict - Full SELinux protection.
SELINUXTYPE=targeted
The parameter you are looking for is “SELINUX=enable”
All you have to do is to replace the word “enabled” with “disabled“.
Save the file by running “:wq” and exit.
Reboot the server:
sudo systemctl reboot
systemctl is a command-line utility and primary tool to manage the systemd daemons/services such as (start, restart, stop, enable, disable, reload & status).
You can now start your cPanel installation and once that is done, it will be time to start the security configuration.
What Kind Of Firewall Can You Use With cPanel?
The kind of firewall you will use with cPanel will largely depend on two things:
- the deployment environment (on-premise or cloud-based)
- your level of familiarity with the tools you want to use
