Change Log

May 22, 2019 · View on GitHub

Author: Myles McNamara
Version: 1.5.0
Last Update: May 22, 2019

cpsetup is a custom bash/shell script to setup and harden/configure cPanel CentOS/RHEL server with a wide range of applications, plugins, and modules. This script will also install cPanel if it's not already installed.

Each installation and configuration/hardening is organized into functions. By default running the script without any arguments will prompt for each install/configuration as well as prompt for any required configs (email, api key, etc).

You can also run any of the available functions individually ... to see a list of functions available, execute this command:

./cpsetup --functions

Usage

wget https://github.com/tripflex/cpsetup/raw/master/cpsetup
chmod +x cpsetup
./cpsetup

Features Include:

Install ClamAV from Source (CentOS 7+)
Install Let's Encrypt for cPanel AutoSSL
Install AfterLogic WebMail Lite
Install ConfigServer Explorer
Install ConfigServer MailManage
Install ConfigServer MailQueues
Install ConfigServer Firewall
Install ConfigServer ModSecurity Control
Install ConfigServer MailScanner
Install ConfigServer Exploit Scanner
Install R-fx Malware Detect
Install Softaculous
Install WatchMySQL
Install MySQL Tuner
Install cPanel mod_cloudflare (cloudflarecp)
Install CloudFlare RailGun
Install yum terminal colors
Configure/Setup CloudFlare RailGun
Configure CloudFlare RailGun and MemCached (using socket)
Update Firewall Allow list with CloudFlare IPs
Update Firewall Configuration
Update SSH Configuration ( Port, and UseDNS )
Update cPanel Configurations
Update Pure FTP Configurations
Update cPanel Tweak Settings
Update MySQL Settings
Update PHP Settings
Update Apache Global Configuration

Deprecated (but still available) Features/Functions:

Install Account DNS Check* (depreciated)
Install PHP.ini Manager* (depreciated)
Install Clean Backups* (depreciated)

Future Enhancements:

You tell me, open up an issue and suggest a new feature!

Depreciated Functions/Installs (*)

Name	Reason
Account DNS Check	Reported to no longer work on CentOS 7, or WHM > 11.52
PHP.INI Manager	WHM now has built in handling, and unsure of status of plugin
Clean Backups	No longer works or updated?

I decided to remove these from the auto install process because I either do not know the status of them (compatibility wise) with WHM, they are not compatible with latest release, or because the developers either do not provide ANY changelog, or even if they do, they don't even date the versions, which IMO is sloppy dev work, and as such, they do not belong in the auto install process.

Available Arguments

cpsetup - sMyles cPanel Setup Script
Usage example:
./cpsetup [(-h|--help)] [(-v|--verbose)] [(-V|--version)] [(-u|--unattended)] [(-m|--menu)] [(-r|--run) value] [(-R|--functions)]
Options:
-h or --help: Displays this information.
-v or --verbose: Verbose mode on.
-V or --version: Displays the current version number.
-u or --unattended: Unattended installation ( bypasses all prompts ).
-r or --run: Run a specific function.
-R or --functions: Show available functions to use with -r or --run command.

Firewall Updates

Option	Original Value	New Value
`RESTRICT_SYSLOG`	0	3
`SMTP_BLOCK`	0	1
`LF_SCRIPT_ALERT`	0	1
`SYSLOG_CHECK`	0	1800
`PT_ALL_USERS`	0	1

SSH Updates

Any options that have (prompt) means you will be prompted to specify your own custom value if -u was not used as an argument.

Option	Original Value	New Value
`Port`	22	222 (prompt)
`UseDNS`	yes	no

cPanel Config Updates

Option	Original Value	New Value
Shell Fork Bomb Protection	Disabled	Enabled
Compiler Access	Enabled	Disabled
Root Forwarder Email	None	User Specified (prompt)

Pure FTP Updates

Option	Original Value	New Value	Result
`RootPassLogins`	yes	no	Can't login with root pw
`AnonymousCantUpload`	no	yes	Anonymous can't upload
`NoAnonymous`	no	yes	Anonymous can't login

cPanel Tweak Settings Updates

Option	Original Value	New Value
BoxTrapper	Enabled	Disabled
Referrer Blank Sanity Check	Disabled	Enabled
Referrer Safety Check	Disabled	Enabled
Hide Login PW from CGI Scripts	Disabled	Enabled
Max Emails Account Can Send Per Hour	Unlimited	199
Restrict outgoing SMTP to root, exim, and mailman	Enabled	Disabled
Proxy Subdomains (whm.example.com, etc)	Enabled	Disabled

MySQL Settings Updates

Option	Original Value	New Value
local-infile	1	0

PHP Configuration Updates

Option	Original Value	New Value
enable_dl	On	Off
disable_functions	None	show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen, ini_set

Apache Global Configuration Updates

Option	Original Value	New Value
Server Signature	On	Off
Server Tokens	All	ProductOnly
Trace Enable	On	Off

CloudFlare RailGun Configuration

Option	Original Value	New Value
memcached.servers	/tmp/memcached.sock	/var/run/memcached/memcached.sock
activation.railgun_host	YOUR_PUBLIC_IP_OR_HOSTNAME	(user defined)
activation.token	YOUR_TOKEN_HERE	(user defined)

CloudFlare RailGun MemCached Configurations

Option	Original Value	New Value
PORT	11211	22222
USER	memcached	memcached
MAXCONN	1024	20480
CACHESIZE	64	4096
OPTIONS		-s /var/run/memcached/memcached.sock

Caution

Use at your own risk, if you don't know what you're doing you should probably not be using this script. Myself and any contributors to this project take absolutely no responsibility for anything you do with this script. I strongly recommend reading the script so you understand what it does before using.

Change Log

1.5.0 (May 22, 2019)

Full Changelog

Implemented enhancements:

Replace disable_functions in all /opt/cpanel/ea-phpXX/root/etc/php.ini where XX is PHP version
Replace enable_dl in all /opt/cpanel/ea-phpXX/root/etc/php.ini where XX is PHP version
Added installJetBackup function (not called by default)
Updated ClamAV version to 0.101.2
Updated ClamAV install from source now uses init for CentOS 7+
Added libjson-c-dev libcurl-devel for clamsubmit support
Added version output in header display

Bug Fixes:

Fixed PHP replacement for disable_functions not replacing entire line if functions already defined
Removed never implemented -m and --menu args
Check for -R or --functions at start of script execution
Updated Y/N check to y/N to signify N as default when nothing entered

1.4.0 (Feb 1, 2017)

Full Changelog

Implemented enhancements:

Added AfterLogic WebMail Lite installer
Added Let's Encrypt AutoSSL for cPanel installer
Added import for CloudFlare new public key
Added Disable Proxy Subdomains (whm.example.com, etc) to harden config call
Added Disable SMTP Restrictions to harden config call (when using CSF this should NOT be enabled)
Use hostname if nothing set at prompt or in file for RailGun Host
Moved CloudFlare RailGun install process and config process to separate functions

Bug Fixes:

Fixed/Updated URL to download ConfigServer Firewall install file
Fixed incorrect function call for MySQL Tuner install

Other:

Removed prompt to install CleanBackups
Removed prompt to install PHP.ini Manager
Removed prompt to install Account DNS Check