Original/complete walk-through
HERE.
I have edited it for use on HostV servers as some of the menus are different as are some of the options. Read the complete walk-through above for the most info, this is just a basic guide for first time VPS users like myself. (Which means I'm basing my knowledge on what information is given in the original and what research I did prior to following the guide.)
These are the following changes I made: SECURING CPANEL - WHM - AND ROOT on a VPS
=========================================
Web Host manager and CPANEL mods.
=========================================
These are items inside of WHM/Cpanel that should be changed to secure your server.
Goto Server Setup =>> Tweak Settings
Check the following items...
Under Domains
Prevent users from parking/adding on common internet domains. (ie hotmail.com, aol.com)
Under Mail
Attempt to prevent pop3 connection floods
Default catch-all/default address behavior for new accounts - blackhole
(SET TO FAIL)
Under System
Use jailshell as the default shell for all new accounts and modified accounts
Goto Security =>> Security Center
Enable php open_basedir Protection
Enable mod_userdir Protection
Disabled Compilers for unprivileged users.
Goto Security =>> Manage Wheel Group Users
Remove all users except for root and your main account from the wheel group.
Goto Security =>> Security Center =>> Shell Fork Bomb Protection
Enable Shell Fork Bomb/Memory Protection
When setting up Feature Limits for resellers in Resellers =>> Reseller Center, under Privileges always disable Allow Creation of Packages with Shell Access and enable Never allow creation of accounts with shell access; under Root Access disable All Features.
Goto Service Configuration =>> FTP Configuration
Disable Anonymous FTP
Goto Account Functions =>> Manage Shell Access
Disable Shell Access for all users
Goto Mysql =>> MySQL Root Password
Change root password for MySQL (Use a very hard, random password that is not used elsewhere as the chances of actually using it are probably slim and actually using it for databases is a security risk.)
Goto Security and run Quick Security Scan and Scan for Trojan Horses often.
=========================================
More Security Measures
=========================================
These are measures that can be taken to secure your server, with SSH access.
Update OS, Apache and CPanel to the latest stable versions.
This can be done from WHM/CPanel.
=========================================
Brute Force Detection
=========================================
Goto Security =>> Security Center =>> cPHulk Brute Force Protection
A number of suggestions to improve system security. Some of this is specific to CPanel, but much can be applied to most Linux systems.
--------------------------------------------------
Use The Latest Software
Keep the OS and 3rd party software up to date. Always!
CPanel itself can be updated from the root WHM.
--------------------------------------------------
Change Passwords
Change the root passwords at least once a month and try to make them hard to guess. Yes it's a pain to have to keep remembering them, but it's better than being hacked.
--------------------------------------------------
Avoid CPanel Demo Mode
Switch it off via WHM Account Functions => Disable or Enable Demo Mode.
--------------------------------------------------
Jail All Users
Via WHM Account Functions => Manage Shell Access => Jail All Users.
Better still never allow shell access to anyone - no exceptions.
--------------------------------------------------
Security Center (CPanel)
From the root WHM, Security -> Security Center, you will most likely want to enable:
- php open_basedir Tweak.
- SMTP tweak.
You may want to enable:
- mod_userdir Tweak. But that will disable domain preview. (Will disable:
http://serverip/~account)
--------------------------------------------------
Use SuExec (CPanel)
Already enabled for HostV
--------------------------------------------------
Use PHPSuExec (CPanel)
This needs to built into Apache (Software -> Update Apache from the root WHM) and does the same as SuExec but for PHP scripts.
Wisth PHPSuExec enabled, you users will have to make sure that all their PHP files have permissions no greater than 0755 and that their htaccess files contain no PHP directives.
--------------------------------------------------
Optimizing your VPS server (help it run more efficiently)
cPanel Tweak Setings
Login to WHM as root, and under "Server Configuration" on the nav bar hit "Tweak Settings".
Here are some suggested settings:
Default catch-all/default address behavior for new accounts. fail will generally save the most CPU time.
- Use "FAIL". If you already have some accounts setup not to use "FAIL" (by default it will not) then run this command to convert to FAIL from BLACKHOLE --> perl -pi -e "s/:blackhole:/:fail:/g;" /etc/valiases/*
Mailman
- Mailman tends to use a lot of resources, so if you don't need cpanel mailing lists then uncheck this.
Track the origin of messages sent though the mail server by adding the X-Source headers (exim 4.34+ required)
- This is just generally a good idea. So check this.
Analog Stats
- I find this useless, so uncheck this. If you want to delete the existing analog stats files just run this command --> rm -rf /home/*/tmp/analog/*
Awstats Reverse Dns Resolution
- Make sure this is unchecked, I find it pretty much useless for most users.
Delete each domain's access logs after stats run
- Make sure this is checked, otherwise disk space usage can really rack up!
terms of service
How To: Secure and Optimize Your VPS for newbs. 
Linear Mode
