Author: Myles McNamara
Version: 1.3.0
Last Update: June 2, 2015
cpsetup is a custom bash/shell script to setup and harden/configure cPanel CentOS/RHEL server with a wide range of applications, plugins, and modules.
Each installation and configuration/hardening is organized into functions. By default running the script without any arguments will prompt for each install/configuration as well as prompt for any required configs (email, api key, etc).
You can also run any of the available functions individually ... to see a list of functions available, execute this command:
./cpsetup --functionswget https://raw.githubusercontent.com/tripflex/cpsetup/master/cpsetup
chmod +x cpsetup
./cpsetup
|
|
cpsetup - sMyles cPanel Setup Script
Usage example:
./cpsetup [(-h|--help)] [(-v|--verbose)] [(-V|--version)] [(-u|--unattended)] [(-m|--menu)] [(-r|--run) value] [(-R|--functions)]
Options:
-h or --help: Displays this information.
-v or --verbose: Verbose mode on.
-V or --version: Displays the current version number.
-u or --unattended: Unattended installation ( bypasses all prompts ).
-m or --menu: Show interactive UI menu (NOT yet implimented)
-r or --run: Run a specific function.
-R or --functions: Show available functions to use with -r or --run command.
| Option | Original Value | New Value |
|---|---|---|
RESTRICT_SYSLOG |
0 | 3 |
SMTP_BLOCK |
0 | 1 |
LF_SCRIPT_ALERT |
0 | 1 |
SYSLOG_CHECK |
0 | 1800 |
PT_ALL_USERS |
0 | 1 |
Any options that have (prompt) means you will be prompted to specify your own custom value if -u was not used as an argument.
| Option | Original Value | New Value |
|---|---|---|
Port |
22 | 222 (prompt) |
UseDNS |
yes | no |
| Option | Original Value | New Value |
|---|---|---|
| Shell Fork Bomb Protection | Disabled | Enabled |
| Compiler Access | Enabled | Disabled |
| Root Forwarder Email | None | User Specified (prompt) |
| Option | Original Value | New Value | Result |
|---|---|---|---|
RootPassLogins |
yes | no | Can't login with root pw |
AnonymousCantUpload |
no | yes | Anonymous can't upload |
NoAnonymous |
no | yes | Anonymous can't login |
| Option | Original Value | New Value |
|---|---|---|
| BoxTrapper | Enabled | Disabled |
| Referrer Blank Sanity Check | Disabled | Enabled |
| Referrer Safety Check | Disabled | Enabled |
| Hide Login PW from CGI Scripts | Disabled | Enabled |
| Max Emails Account Can Send Per Hour | Unlimited | 199 |
| Option | Original Value | New Value |
|---|---|---|
| local-infile | 1 | 0 |
| Option | Original Value | New Value |
|---|---|---|
| enable_dl | On | Off |
| disable_functions | None | show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen, ini_set |
| Option | Original Value | New Value |
|---|---|---|
| Server Signature | On | Off |
| Server Tokens | All | ProductOnly |
| Trace Enable | On | Off |
| Option | Original Value | New Value |
|---|---|---|
| memcached.servers | /tmp/memcached.sock | /var/run/memcached/memcached.sock |
| activation.railgun_host | YOUR_PUBLIC_IP_OR_HOSTNAME | (user defined) |
| activation.token | YOUR_TOKEN_HERE | (user defined) |
| Option | Original Value | New Value |
|---|---|---|
| PORT | 11211 | 22222 |
| USER | memcached | memcached |
| MAXCONN | 1024 | 20480 |
| CACHESIZE | 64 | 4096 |
| OPTIONS | -s /var/run/memcached/memcached.sock |
Use at your own risk, if you don't know what you're doing you should probably not be using this script. Myself and any contributors to this project take absolutely no responsibility for anything you do with this script. I strongly recommend reading the script so you understand what it does before using.