AWS Monster | Your Technical Partner

First, update your Base Repository for Cpanel/CWP7/VestaCP installation, then install latest EPEL # yum update -y Reboot The Machine # reboot # rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY* # yum -y install epel-release Run Update again & Check # yum update -y # yum repolist If you have getting any error then run: # yum clean all # rm -rf /var/cache/yum # yum update -y # yum repolist Don't need to install latest EPEL before EFA installation. We will install EPEL after EFA installation.

Server Time Zone is very important for any Internet Services. My Time Zone is Asia/Dhaka . Follow the steps to configure your Time Zone. # timedatectl list-timezones # timedatectl list-timezones | grep Asia # mv /etc/localtime /root/localtime.old # ln -s /usr/share/zoneinfo/Asia/Dhaka /etc/localtime # timedatectl set-ntp yes # timedatectl set-timezone Asia/Dhaka # systemctl restart systemd-timedated.service # timedatectl Local time: Wed 2018-10-31 11:15:50 +06 Universal time: Wed 2018-10-31 05:15:50 UTC RTC time: Wed 2018-10-31 05:15:50 Time zone: Asia/Dhaka (+06, +0600) NTP enabled: yes NTP synchronized: yes RTC in local TZ: no DST active: n/a # hwclock Wed 31 Oct 2018 11:21:37 AM +06 -0.084209 seconds

Accurate time keeping is important for a number of reasons in IT. This setup is the best practice that helps with problem diagnosis and informal server monitoring. I am living in Asia that's why i'm using this pool. Install Chrony and Configure The NTP server . # yum -y install chrony ( for rpm based ) # apt install chrony ( for debian based ) # vi /etc/chrony.conf ( for rpm based ) # vi /etc/chrony/chrony.conf ( for debian based ) #server 0.centos.pool.ntp.org iburst #server 1.centos.pool.ntp.org iburst #server 2.centos.pool.ntp.org iburst #server 3.centos.pool.ntp.org iburst server 0.asia.pool.ntp.org iburst server 1.asia.pool.ntp.org iburst server 2.asia.pool.ntp.org iburst server 3.asia.pool.ntp.org iburst add the network range you allow to receive requests allow 127.0.0.1 or allow your network cidr :x (save & quit) Reminder: We have disabled firewalld, So we will add the port 123/udp after the CWP installation using CSF firewall.  Start the services and e

This Tutorial describes how to disable the Network Manager service. The Network Manager service automates the network's settings and disrupts connections to the IP addresses that reside in the ipaliases module. We recommend that you disable the Network Manager service and enable the network.service service before you install EFA/Cpanel/CWP7/VestaCP. # systemctl stop NetworkManager # systemctl disable NetworkManager # nmcli device status # systemctl list-unit-files | grep NetworkManager # systemctl enable network.service # systemctl restart network.service Reboot The Machine # reboot I have two NIC in my VPS, So Add the below parameter in /etc/sysconfig/network-scripts/ifcfg-eXXX of interfaces that are managed by NetworkManager to make it unmanaged. NM_CONTROLLED="no“ # vi /etc/sysconfig/network-scripts/ifcfg-ens33 BOOTPROTO=static NM_CONTROLLED=no ONBOOT=yes #DOMAIN=datahead.biz HOSTNAME=host.datahead.biz :x (save & quit) # vi /etc/sysconfig/network-scripts/if

A computer hostname represents a unique name that gets assigned to a computer in a network in order to uniquely identify that computer in that specific network. The hostname is set at the time when the CentOS operating system is installed or if you are spinning up a virtual machine it is dynamically assigned to the instance at startup. The hostname is used by many of the networking programs (such as sendmail, Apache servers) to identify the machine. By default, your server is started with the server’s given name as the hostname. Some software, such as cPanel, CWP requires a valid Fully Qualified Domain Name (FQDN) for the hostname. Types of hostnames (The hostname can be configured as follows): Static host name assigned by sysadmin. For example, “server1”, “wwwBot2”, or “host.datahead.biz”. Transient/dynamic host name assigned by DHCP or mDNS server at run time. Pretty host name assigned by sysadmin/end-users and it is a free-form UTF8 host name for presentation to the user.

CentOS 7 comes with firewalld by default. So disable firewalld because Cpanel & CWP uses CSF Firewall & LFD with IPTables. Here CSF - ConfigServer Security & Firewall LFD - Login Failure Daemon # systemctl stop firewalld.service # systemctl disable firewalld.service Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. # systemctl mask firewalld.service Created symlink from /etc/systemd/system/firewalld.service to /dev/null. Reboot your server so that all updates can take affect and then check your Firewalld Status. # reboot # systemctl status firewalld In EFA , FirewallD & Fail2Ban Intrusion Detector comes with by default. But I prefer to use CSF. So i will disable firewalld services.  

SELinux is an acronym for Security-enhanced Linux. It is a security feature of the Linux kernel. It is designed to protect the server against misconfigurations and/or compromised daemons. In the Linux kernel, SELinux relies on mandatory access controls (MAC) that restrict users to rules and policies set by the system administrator. MAC is a higher level of access control than the standard discretionary access control (DAC) , and prevents security breaches in the system by only processing necessary files that the administrator pre-approves. SELinux was initially released as a collaborative between Red Hat and the National Security Agency . SELinux receives periodic updates and additions as new Linux distributions are released. SELinux modes There are three modes of SELinux: Enforcing, Permissive and Disabled. Enforcing mode is the default mode at installation of SELinux. It will enforce the policies on the system, deny access and log actions. Permissive mode is the most com