CentOS Web panel is a free hosting control panel that comes with many features that are not available in most free hosting control panels presently. Some features that are given by default in the CentOS Web panel are not available as such, they’re not simply yet activated. To avail them we will firstly need to activate them and then use them.
After installing CWP on your CentOS server/VPS you will need to perform an essential configuration. The very next most important task after the installation of CWP is to secure your server by setting up some basic security protocols. This guide will show you some very easy and simple steps that you can perform them and add a basic layer of security to the CWP that is running on you server. It is totally up to you whether you want to follow this tutorial or not. If you ask me, following this tutorial is a must. Some protection for you server is always better than no protection at all.
The basic requirement for setting up the security protocols for CWP is a CentOS server. This CentOS server / VPS must have CWP pre-installed on it. If you do not have sucha setup with you, just follow these simple steps:
- You should take a VPS that has a minimum of 512 MB of RAM. I recommend Digital Ocean.
- Install CWP by seeing the previous guide on How to Install CWP on CentOS Server.
- You need to configure the CWP that you installed. Some basic configurations that take merely a few minutes.
- Take a hot cup of coffee with you.
STEPS FOR THE GUIDE:
- CHANGE THE DEFAULT SSH PORT
This is an important step and should be done as per my other article.
The first step is to logging into the CWP Admin page as a root. Just go to:
From there navigate to Services Config and then to SSH Configuration. A screenshot has been given below to further facilitate you:
Once you’re on the next page, you need to scroll down a bit until you can see two blue buttons. Once there, you will need to click the button that is labeled ‘Create File Backup’.
So now that you have created a successful backup of SSH configuration, it is now time to adjust a few settings. You need to find the particular line mentioned below:
Once you’ve found the line, delete the # symbol and then change the “22”. “22” is the default port, which should be changed to any number of your choice between 1025 and 65536. We will change it to 22000.
When you made this change just press the Save Changes and exit.
# ENABLING the CFS FIREWALL:
The Config Server Firewall is a free and advanced firewall that is available on most Linux based systems and VPS by default.
You have to navigate your way to the Security option and from there, browse down to CSF Firewall in the most left menu:
There you will see a button. Click on the green one that says “Firewall Enable”. Doing so will activate the firewall service.
When you browse to the next page you should see some text that might look somewhat like this:
Running /usr/local/csf/bin/csfpost.sh Starting lfd:[ OK ] csf and lfd have been enabled Step-3:
So now you have successfully activated the firewall service. Once it has been activated, you can easily edit some lines of the CSF Configuration. For hat, you will have to click on the Firewall Configuration button.
Before you begin editing the CSF file, you must make a backup of the original file. To do that, simply click on the Create Backup File button.
Once you’re on the next page, you will see that there are many configuration lines. The lines are of both, firewall and the lfd service. You will then add the new SSH ports that you have defined in the previous steps above:
Once you are done with all the editing, simply press Save Changes button.
Just for you information, the services that use each port are:
- Port 20: FTP data transfer
- Port 21: FTP control
- Port 22: Secure shell (SSH)
- Port 25: Simple mail transfer protocol (SMTP)
- Port 53: Domain name system (DNS)
- Port 80: Hypertext transfer protocol (HTTP)
- Port 110: Post office protocol v3 (POP3)
- Port 113: Authentication service/identification protocol
- Port 123: Network time protocol (NTP)
- Port 143: Internet message access protocol (IMAP)
- Port 443: Hypertext transfer protocol over SSL/TLS (HTTPS)
- Port 465: URL Rendesvous Directory for SSM (Cisco)
- Port 587: E-mail message submission (SMTP)
- Port 993: Internet message access protocol over SSL (IMAPS)
- Port 995: Post office protocol 3 over TLS/SSL (POP3S)
- Port 2030: CWP login page (non SSL)
- Port 2031: CWP login page (SSL)
There are some other settings which you might also want to adjust:
SETTING UP MOD SECURITY:
Mod security is free open source software that protects your website against various attacks by blocking commonly known exploits. For this purpose it uses regular expressions and set of rules. It basically is a web application firewall and generally can be described as an Apache module which helps to protect your website. Commonly it is known as the “Swiss Army Knife” of WAFs. To install it is a necessity.
You have to navigate your way to the Security option and from there, browse down to Mod Security menu:
This module is not installed by default. You will surely need to install and activate it. Firstly you will need to install it. To do so just go to the green button and click it:
When you have clicked on the green button you will see a message. The message will be like, ”Running compiler in background………..”. This message means to tell you that the installation has begun. This will be running in the background and you will notice that OSWAP modules and Mod Security are not yet installed. Be patient, wait for a minute or two and then refresh the page.
There you have it. Mod Security has been installed on your system. Mod Security has a bunch of necessary setting already by default. If by chance you are feeling like you want to edit and configure the advance settings, you will have to manually edit and configure each and every setting.