Saturday, June 19, 2010

Server Install: CentOS 5.3 and cPanel

SkyHi @ Saturday, June 19, 2010

Today I helped David Kosmider at HillSeven configure a secure CentOS server with cPanel. Below is a walk-through of how I did it.

Before We Begin

  • Your server’s IP address must be authorized to install cPanel. This can be done when purchasing your license.
  • This post does not cover the CentOS installation. I hope to write on this in the future.
  • Important: I’m assuming you have a fresh/clean install of CentOS 5.3. cPanel requires that you have no other software installed. If you have installed other software, there is a good chance the install may fail.
  • There are many ways to configure a server. This is how I do it. I offer no guarantees that this will work for you.

Let’s begin.

Login As Root

Log into your machine using SSH. Use the ’su’ command to become the root user. You will be prompted for a password.

Password: [enter password]

Set Hostname

Open the file /etc/sysconfig/network and change the HOSTNAME= value to mach your Fully Qualified Domain Name (FQDN) host name.

nano /etc/sysconfig/network

Change the host associated with your main private IP address in your /etc/hosts file.

nano /etc/hosts localhost
192.168.x.x hostname

Finally, run the hostname command, replacing with your FQDN.


Update Yum Repositories

Let’s update our YUM packages.

yum update

Press ‘y’ to continue.

Install Perl

Perl needs to be installed. Let’s install that now.

yum install perl

Download cPanel Installation Files

cd ~

Begin cPanel Installation

Let’s now start the installation. This may take several hours to complete. Maybe a good time to see that movie at the theater you’ve been itching to.

sh latest

Logging In

Once completed, you should see:

cPanel Layer 2 Install Complete

Now you can login to your cPanel.

Visiting http://[your_ip_address]:2086 or https://[your_ip_address]:2087 should bring up a login prompt.

Enter root for the user ID and your root password.

Complete cPanel Installation

You should see the cPanel interface now. Go through these steps. Basic networking knowledge is needed to complete this.

Once you’re finished, you have successfully installed cPanel on CentOS Server! Congrats! The last thing is to secure your machine. We will use the iptables firewall in CentOS for this.

Securing CentOS

There are many many ways to secure your server. The important thing is to secure it using something. This is the configuration I used. You may want to add or remove entries as needed. These commands will setup a firewall using iptables and will allow basic service ports to be accessed. I suggest you read up on iptables to gain a better understanding first.

Let’s make sure iptables is installed:

yum install iptables

Enter the commands below to build your firewall:

/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -i ! lo -d -j REJECT
/sbin/iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -j ACCEPT
/sbin/iptables -A INPUT -p tcp –dport 80 -j ACCEPT
/sbin/iptables -A INPUT -p tcp –dport 443 -j ACCEPT
/sbin/iptables -A INPUT -p tcp –dport 110 -j ACCEPT
/sbin/iptables -A INPUT -p tcp –dport 25 -j ACCEPT
/sbin/iptables -A INPUT -p tcp –dport 2082 -j ACCEPT
/sbin/iptables -A INPUT -p tcp –dport 2083 -j ACCEPT
/sbin/iptables -A INPUT -p tcp –dport 2086 -j ACCEPT
/sbin/iptables -A INPUT -p tcp –dport 2087 -j ACCEPT
/sbin/iptables -A INPUT -p tcp –dport 2089 -j ACCEPT
/sbin/iptables -A INPUT -p tcp –dport 2095 -j ACCEPT
/sbin/iptables -A INPUT -p tcp –dport 2096 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m state –state NEW –dport 22 -j ACCEPT
/sbin/iptables -A INPUT -p icmp -m icmp –icmp-type 8 -j ACCEPT
/sbin/iptables -A INPUT -j REJECT
/sbin/iptables -A FORWARD -j REJECT

What did we just do?

You restricted all incoming traffic to the following ports/services:

  • Port 80 – HTTP
  • Port 443 – HTTPS
  • Port 110 – POP3
  • Port 25 – SMTP
  • Port 2082 – cPanel
  • Port 2083 – cPanel
  • Port 2086 – cPanel
  • Port 2087 – cPanel
  • Port 2089 – cPanel Licensing
  • Port 2095 – Webmail
  • Port 2096 – Webmail (Secure)
  • Port 22 – SSH
  • ICMP – Ability to ping server

You can read more on the ports that cPanel uses at

If you need to start over, use this command to remove the current iptables:

/sbin/iptables -F

After you are done, save your iptables. If you do not, you will lose your firewall settings on reboot:

/sbin/service iptables save

You’re Done

Admittedly, I am no cPanel expert; however, if you run into difficulty, let me know. I will do my best to help. As always, I would love to hear feedback. Happy installing everyone!

Admittedly, I am no cPanel expert; however, if you run into difficulty, let me know. I will do my best to help. As always, I would love to hear feedback. Happy installing everyone!

To run cPanel on your server without any problem you need to open following ports on your servers in firewall / IPTables.

20 FTP TCP inbound and outbound

21 FTP TCP,UDP inbound and outbound

22 SSH inbound

25 SMTP TCP inbound and outbound

26 SMTP TCP inbound and outbound

37 RDATE TCP outbound

43 WHOIS TCP outbound

53 DNS TCP/UDP inbound and outbound

80 HTTP TCP inbound and outbound

110 POP3 TCP inbound

113 IDENT TCP outbound

143 IMAP TCP inbound

443 HTTPS TCP inbound

465 SMTP TLS/SSL TCP/UDP inbound and outbound

873 RSYNC TCP/UDP outbound

993 IMAP SSL TCP inbound

995 POP3 SSL TCP inbound

2082 CPANEL TCP inbound

2083 CPANEL SSL TCP inbound

2086 WHM TCP inbound

2087 WHM SSL TCP inbound

2089 CP LICENCE TCP outbound

2095 WEBMAIL TCP inbound

2096 WEBMAIL SSL TCP inbound


cPanel Command List

Ever locked yourself out of your Server while making some iptables changes? What about when you change your SSH port and then forget what you set it to? These are common support tickets we receive at In many cases this is something our customer’s can fix on their own if they are using cPanel on thier VPS/Server.

cPanel comes with a number of “hidden” autofix commands that allow for administrators to fix common problems simply be logging into WHM and going to a special URL. Two of the most useful ones I’ve seen are flushing iptables and restarting SSH in “safe mode” (basically the default settings and port).

Flushing iptables rules

Restart SSH in safe mode

Once you hit the URL you will be prompted to log in. Simply enter your root password and cPanel will do the rest. These have definitely saved me on more than one occasion when my attempt to ’secure’ my server worked a little too well. Remember that if you happen to also lock yourself out of WHM through iptables, you will not be able to hit the URL’s I mentioned. In that case, contact support.

Here are some other userful commands as well:

Reset the Firewall Settings

Reset the SSH Settings



Compress Zlib














Good Luck, and if you need more help you can always Contact Support!