Linux, Windows, Software Tips, Articles and Hacks
When running the Security Advisor in cPanel at Home / Security Center / Security Advisor, I received this error:
Apache vhosts are not segmented or chroot()ed. Enable “mod_ruid2” in the “EasyApache 4” area, enable “Jail Apache” in the “Tweak Settings” area, and change users to jailshell in the “Manage Shell Access” area. Consider a more robust solution by using “CageFS on CloudLinux”. Note that this may break the ability to access mailman via Apache.
You may follow the steps below to enable PHP-FPM for one domain or multiple domains.
Procedure
Enable PHP-FPM for one domain:
Enable PHP-FPM for multiple domains:
Further information on PHP-FPM configuration in MultiPHP Manager can be found in our documentation here.
Here is a link to the cPanel and WHM log files.
https://docs.cpanel.net/knowledge-base/cpanel-product/the-cpanel-log-files/#apache
Redis is an open source, in-memory, key-value data store most commonly used as a primary database, cache, message broker, and queue. Redis delivers sub-millisecond response times, enabling fast and powerful real-time applications
Redis Object Cache is a persistent object cache backend powered by Redis. Supports Predis, PhpRedis, Relay, replication, sentinels, clustering and WP-CLI.For a faster cache plugin.
What this means is that we can increase performance for your cPanel WordPress Site.
ConfigServer Security & Firewall (CSF) is a popular security solution for Linux servers. It provides an easy-to-use interface for managing firewall rules, blocking IP addresses and countries, and monitoring server activity.
Run a backup
/usr/local/cpanel/bin/backup
Run a single account backup
To back up a single cPanel account, you can use The pkgacct Script instead.
/usr/local/cpanel/scripts/pkgacct [options] USERNAME DIRECTORY
The /usr/local/cpanel/scripts/pkgacct script accepts the following options:
| Option | Description | Example |
|---|---|---|
USERNAME | Required The cPanel account username for which to create a cpmove archive. You must pass this option after any options, but before the DIRECTORY option. | example |
DIRECTORY | The directory path in which to store the archive. By default, the script uses the /home directory. You must pass this option after the USERNAME option. | /usr/local/cpanel/backups |
--allow-override | Use the /var/cpanel/lib/Whostmgr/Pkgacct/pkgacct file to package the account, if it exists.Note:You must pass this option before any other options. | --allow-override |
--mysql=VERSION | The archive’s required minimum version of MySQL®. | --mysql=5.1.1 |
--roundcube=VERSION | The archive’s required minimum version of Roundcube. | --roundcube=3.0 |
--dbbackup=TYPE | The type of database backup to perform:all — The script backs up all of the database information. This is the default option.schema — The script only backs up the database schemas. Only use this option to track a database’s users if you back up your databases through a different method.name — The script only backs up the database names. MySQL databases transfer as placeholders containing a CREATE TABLE statement. PostgreSQL® databases transfer as empty .tar placeholder files. | --dbbackup=all |
--dbbackup_mysql=TYPE | An override of the --dbbackup option for MySQL only. This option accepts the same values as the --dbbackup option.Note:If you pass both this option and the --dbbackup option, the system applies the --dbbackup_mysql option to MySQL and the --dbbackup option to PostgreSQL.This option has no effect on PostgreSQL backups. | --dbbackup_mysql=all |
--get_version | Display the version of the pkgacct script. | --get_version |
--use_backups | Use the account’s last known successful backup as a template when the script creates the archive. Use this option to speed up the backup process. | --use_backups |
--incremental | Update the destination file with any new content since the previous backup. This option also removes any content that no longer exists on the account. If the destination file does not exist, the script creates a new file in that location.Note:This option will pass the --nocompress option to create an uncompressed archive. | --incremental |
--split | Create the archive in smaller data files. This option reduces the overall load on the system and makes it easier to transfer the files. The system creates these files in the cpmove-USERNAME.tar.gz.part00001 format, where USERNAME is the user’s account and part00001 is the file’s incremental ID. | --split |
--nocompress | Do not compress the archive. | --nocompress |
--userbackup | Allow the user to use the archive as a backup file for the account (for example, backup-3.18.2020_09-16-55_USERNAME). The system creates the file in the /home/USERNAME directory, where USERNAME is the user’s account name. This file is compatible with WHM’s Restore a Full Backup/cpmove File interface (WHM >> Home >> Backup >> Restore a Full Backup/cpmove File). | --userbackup |
--backup=FILEPATH | Use the archive as a backup for the account at the given file path. This option creates the username.tar.gz file, where username represents the account’s username. | --backup=/usr/local/cpanel/backups |
--skipacctdb | Exclude the account’s MySQL and PostgreSQL databases from the archive. | --skipacctdb |
--skipapitokens | Exclude the account’s API tokens from the archive. | --skipapitokens |
--skipauthlinks | Exclude the account’s external authentication credentials from the archive. | --skipauthlinks |
--skipbwdata | Exclude the account’s bandwidth data from the archive. | --skipbwdata |
--skipdnszones | Exclude the account’s DNS zone file information from the archive. | --skipdnszones |
--skipdomains | Exclude the account’s subdomains, parked domains (aliases), and addon domains from the archive. | --skipdomains |
--skipftpusers | Exclude the account’s FTP user accounts from the archive. | --skipftpusers |
--skiphomedir | Exclude the account’s /home directory from the archive. Use this option if you will save or transfer the /home directory with another method, such as the rsync command. | --skiphomedir |
--skipintegrationlinks | Exclude the account’s integration links from the archive. | --skipintegrationlinks |
--skiplinkednodes | Exclude the account’s server node linkages from the archive. | --skiplinkednodes |
--skiplocale | Exclude the account’s locale information or customized locale from the archive. | --skiplocale |
--skiplogs | Exclude the account’s log files from the archive. | --skiplogs |
--skipmail | Exclude the account’s mail directory from the archive. | --skipmail |
--skipmailconfig | Exclude the account’s mail configuration information from the archive. | --skipmailconfig |
--skipmailman | Exclude the account’s Mailman mailing lists from the archive. | --skipmailman |
--skipmysql | Exclude the account’s MySQL databases, database users, and database grants from the archive. | --skipmysql |
--skippasswd | Exclude the account’s password from the archive. | --skippasswd |
--skippgsql | Exclude the account’s PostgreSQL databases, database users, and database grants from the archive. | --skippgsql |
--skippublichtml | Exclude the account’s /public_html directory. | --skippublichtml |
--skipquota | Exclude the account’s disk quota limits from the archive. | --skipquota |
--skipresellerconfig | Exclude the account’s reseller privileges from the archive. | --skipresellerconfig |
--skipshell | Exclude the account’s shell information and privileges from the archive. | --skipshell |
--skipssl | Exclude the server’s SSL certificates and files in the Apache® configuration. This option does not exclude the SSL files in the account’s /home directory. | --skipssl |
--skipuserdata | Exclude the account’s subaccount information. You create these accounts in cPanel’s User Manager interface (cPanel >> Home >> Preferences >> User Manager). | --skipuserdata |
--help | Display a brief help message. | --help |
--man | Display the script’s full documentation. | --man |
Installation
Execute the below commands from the SSH root command prompt. Select RPM for servers that support the RPM packaging standard, Debian for servers that support the Debian packaging standard, or select Standard for any type of server.
wget https://data.installatron.com/installatron-plugin.sh
chmod +x installatron-plugin.sh
./installatron-plugin.sh -f
Installatron Plugin is now ready to use in cPanel and WHM.
The main WHM account will see an Installatron Admin button in the Addons portion of the side menu.
Resellers will see an Installatron Admin button in WHM and an Installatron button in cPanel.
Website owners will see an Installatron Applications Installer button in cPanel.
A vulnerability in Apache Log4j, a widely used logging package for Java has been found. The vulnerability, which can allow an attacker to execute arbitrary code by sending crafted log messages, has been identified as CVE-2021-44228 and given the name Log4Shell. It was first reported privately to Apache on November 24 and was patched with version 2.15.0 of Log4j on December 9. It affects Apache Struts, Apache Solr, Apache Druid, Elasticsearch, Apache Dubbo, and VMware vCenter. Since then, it has been disclosed that in certain non-default conditions, the original patch was incomplete; this was designated as CVE-2021-45046 and a new version of Log4j, 2.16.0, has been released.
To install and use WP-CLI, you will need access to your server’s command line. Administrators with root access can log in with SSH. cPanel users can log in with SSH if it’s available or cPanel’s built-in Terminal.
Download WP-CLI
curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
Change Permissions
chmod +x wp-cli.phar
To allow every user to run WP-CLI, we have to move it to a directory in the system’s PATH.
mv wp-cli.phar /usr/local/bin/wp
This moves the file to “/usr/local/bin,” Renames it to “wp”. Now, all users should be able to run WP-CLI from as “wp.”
To test as a cPanel user, lo into the terminal.
Run the following:
# wp
Output:
NAME
wp
DESCRIPTION
Manage WordPress through the command-line.
SYNOPSIS
wp <command>
SUBCOMMANDS
akismet Filter spam comments.
cache Adds, removes, fetches, and flushes the WP Object Cache object.
cap Adds, removes, and lists capabilities of a user role.
cli Reviews current WP-CLI info, checks for updates, or views defined aliases.
comment Creates, updates, deletes, and moderates comments.
config Generates and reads the wp-config.php file.
core Downloads, installs, updates, and manages a WordPress installation.
cron Tests, runs, and deletes WP-Cron events; manages WP-Cron schedules.
db Performs basic database operations using credentials stored in wp-config.php.
embed Inspects oEmbed providers, clears embed cache, and more.
eval Executes arbitrary PHP code.
eval-file Loads and executes a PHP file.
export Exports WordPress content to a WXR file.
help Gets help on WP-CLI, or on a specific command.
i18n Provides internationalization tools for WordPress projects.
import Imports content from a given WXR file.
language Installs, activates, and manages language packs.
maintenance-mode Activates, deactivates or checks the status of the maintenance mode of a site.
media Imports files as attachments, regenerates thumbnails, or lists registered image sizes.
menu Lists, creates, assigns, and deletes the active theme's navigation menus.
network Perform network-wide operations.
option Retrieves and sets site options, including plugin and WordPress settings.
package Lists, installs, and removes WP-CLI packages.
plugin Manages plugins, including installs, activations, and updates.
post Manages posts, content, and meta.
post-type Retrieves details on the site's registered post types.
redis Enables, disabled, flushes, and checks the status of the object cache.
rewrite Lists or flushes the site's rewrite rules, updates the permalink structure.
role Manages user roles, including creating new roles and resetting to defaults.
scaffold Generates code for post types, taxonomies, plugins, child themes, etc.
search-replace Searches/replaces strings in the database.
server Launches PHP's built-in web server for a specific WordPress installation.
shell Opens an interactive PHP console for running and testing PHP code.
sidebar Lists registered sidebars.
site Creates, deletes, empties, moderates, and lists one or more sites on a multisite installation.
super-admin Lists, adds, or removes super admin users on a multisite installation.
taxonomy Retrieves information about registered taxonomies.
term Manages taxonomy terms and term meta, with create, delete, and list commands.
theme Manages themes, including installs, activations, and updates.
transient Adds, gets, and deletes entries in the WordPress Transient Cache.
user Manages users, along with their roles, capabilities, and meta.
widget Manages widgets, including adding and moving them within sidebars.
GLOBAL PARAMETERS
--path=<path>
Path to the WordPress files.
--url=<url>
Pretend request came from given URL. In multisite, this argument is how the target site is specified.
--ssh=[<scheme>:][<user>@]<host|container>[:<port>][<path>]
Perform operation against a remote server over SSH (or a container using scheme of "docker", "docker-compose", "docker-compose-run", "vagrant").
--http=<http>
Perform operation against a remote WordPress installation over HTTP.
--user=<id|login|email>
Set the WordPress user.
--skip-plugins[=<plugins>]
Skip loading all plugins, or a comma-separated list of plugins. Note: mu-plugins are still loaded.
--skip-themes[=<themes>]
Skip loading all themes, or a comma-separated list of themes.
--skip-packages
Skip loading all installed packages.
--require=<path>
Load PHP file before running the command (may be used more than once).
--exec=<php-code>
Execute PHP code before running the command (may be used more than once).
--context=<context>
Load WordPress in a given context.
--[no-]color
Whether to colorize the output.
--debug[=<group>]
Show all PHP errors and add verbosity to WP-CLI output. Built-in groups include: bootstrap, commandfactory, and help.
--prompt[=<assoc>]
Prompt the user to enter values for all command arguments, or a subset specified as comma-separated values.
--quiet
Suppress informational messages.
Run 'wp help <command>' to get more information on a specific command.
Good Info:
https://www.interserver.net/tips/kb/install-lets-encrypt-cpanel-whm-server/
https://lowendtalk.com/discussion/106071/installing-free-ssl-for-server-hostname-using-letsencrypt
Login to the server via ssh andlLet’s run the following command to install Let’s Encrypt provider:
/scripts/install_lets_encrypt_autossl_provider
Once you have installed Let’s Encrypt provider, change auto SSL provider to Let’s Encrypt from cPanel (powered by Sectigo).
Login to WHM >> Manage AutoSSL.
Select Let’s Encrypt from cPanel (powered by Sectigo). Check the “I agree to these terms of service.”, and the “Recreate my current registration with “Let’s Encrypt”.
Install Self-Signed Certificate to Hostname.
Login to WHM as a root user. Go to “Service Configuration”.
Then select the following services and click on “Browse Certificate”. Calendar, cPanel, WebDisk, Webmail, and WHM Services, Dovecot Mail Server, Exim (SMTP) Server, FTP Server.
Select hostname and click on “Use Certificate”.
Then click on “Install”.
Restart cpsrvd
Replace Self Signed Certificates with Valid Let’s Encrypt Certificates.
Once you have installed the self-signed certificate, run the following command to check SSL certificates
/usr/local/cpanel/bin/checkallsslcerts --verbose
We can see the SSL CRT’s have been requested for your services. The hostname for the SSL CRT will be with one that is currently defined in cPanel:
# whmapi1 gethostname|grep hostname: hostname: server1.hostname.com
While the process is not always this fast, after a few moments, we can see the SSL CRT’s are ready for install.
Then re-ran the ‘/usr/local/cpanel/bin/checkallsslcerts –verbose’ command which would have been ran at maintenance time. You may verify at WHM > Service Configuration > Manage Service SSL Certificates.
You can verify SSL installation by running https://server1.hostname.com:2087