For new admins that want to be able to access your cPanel server via SSH from multiple locations, you need to have a firewall solution in place. It is also a really good idea to have a solution in place that will block malicious SSH connection attempts.
Shorewall with Fail2Ban are two really good programs to use for these needs. Thankfully, the Fedora Project has set up an extra’s repository that houses these two programs in easy to install RPMs. From the Fedora Project Wiki:
What is EPEL?
EPEL (Extra Packages for Enterprise Linux) is a volunteer-based community effort from the Fedora project to create a repository of high-quality add-on packages that complement the Fedora-based Red Hat Enterprise Linux (RHEL) and its compatible spinoffs, such as CentOS and Scientific Linux.
As part of the Fedora packaging community, EPEL packages are 100% free/libre open source software (FLOSS).
To install these programs, you will first need to obtain the RPMs from the EPEL repository. You can either add the repo to your repo list or wget the RPMs directly.
wget http://download.fedora.redhat.com/pub/epel/5/i386/shorewall-shell-4.0.15-1.el5.noarch.rpm
wget http://download.fedora.redhat.com/pub/epel/5/i386/shorewall-perl-4.0.15-1.el5.noarch.rpm
wget http://download.fedora.redhat.com/pub/epel/5/i386/shorewall-4.0.15-1.el5.noarch.rpm
wget http://download.fedora.redhat.com/pub/epel/5/i386/fail2ban-0.8.4-23.el5.noarch.rpm
Now you will want to satisfy a simple requirement using yum:
With that out of the way, you can install the RPMs that you have downloaded:
rpm -Uvh shorewall-shell-4.0.15-1.el5.noarch.rpm
rpm -Uvh shorewall-perl-4.0.15-1.el5.noarch.rpm
rpm -Uvh shorewall-4.0.15-1.el5.noarch.rpm
rpm -Uvh fail2ban-0.8.4-23.el5.noarch.rpm
Now that they are both installed you will want to set Fail2Ban to start up with the system:
chkconfig fail2ban on
service fail2ban start
Congratulations! You now have Shorewall and Fail2Ban installed on your Centos server. Now you may want to configure Fail2Ban if you want to to change the way that it logs or if you need to white-list an IP.
The new update to cPanel 11.28.X has removed the admin’s ability to directly interact with certain functionality from the command line using standard bash commands. The idea is that cPanel wants admins to interact with the API or do everything through the WHM GUI. 
I am not about to load up WHM to perform simple task, so I have written scripts for the most common CLI tasks to interact with the cPanel XML API. The first one is an update to my dbuser script.
This script will create the following:
MySQL database
MySQL database user
The important part is this: The script will map the database and database user to a cPanel account.
Even more important?: The script will map the database user to the database. This is the only way to perform this final step outside of the cPanel GUI.
#Written By Brendan Clemmer
#only way to properly create and assign a MySQL db+user since the cPanel 11.28 debacle
use strict;
use LWP::UserAgent;
BEGIN {push (@INC,"/usr/local/cpanel");}
my($whm) = Cpanel::Accounting->new;
my $file = '/root/.accesshash';
open(FILE, $file);
my @lines = ;
close(FILE);
use Cpanel::Accounting;
use Term::ANSIColor;
use Cwd;
my $dir = getcwd;
my $UN = `echo $dir|cut -d/ -f3`;
$UN =~ s/\s//g;
my $hash = "@lines";
$hash =~ s/\s//g;
my $auth = "WHM root:" . $hash;
$whm->{host} = "localhost";
$whm->{user} = "root";
$whm->{accesshash} = $hash;
if ($#ARGV != 2) {
print color 'green';
print "usage: perl <(GET yourscriptdomain.com/dbuser) dbname mysqluser password\n";
print color 'reset';
exit;
}
my $user = $UN; # cPanel username
my $DBNAME = $ARGV[0]; # database name
my $DBUSER = $ARGV[1]; # database username
my $DBPASS = $ARGV[2]; # database password
my $module = 'Mysql';
my $DBUHmodule = 'adduser';
my $DBAUHmodule = 'adduserdb';
my $DBAUHperms = 'alter temporary routine create delete drop select insert update references index lock all';
my $DBHmodule = 'adddb';
my $DBUHmodule = 'adduser';
my $checkpath = '/var/cpanel/users/'.$UN;
unless (-e $checkpath && -f $checkpath) {
print color 'red';
print "You need to run this from the user's home. Try Again.\n";
print color 'reset';
exit;
}
if ($DBNAME =~ /\_/){
print color 'red';
print "Don't append the cPanel username to the database name. Try again.\n";
print color 'reset';
exit;
}
if ($DBUSER =~ /\_/){
print color 'red';
print "Don't append the cPanel username to the MySQL username. Try again.\n";
print color 'reset';
exit;
}
my $length = '7';
my $checklength = length($DBUSER);
unless ($checklength < $length) { print color 'red'; print "Your MySQL username is too long. There are limits. Try again.\n"; print color 'reset'; exit; } my $version = $whm->showversion();
if ($whm->{error} ne "") {
print "There was an error while processing your request: Cpanel::Accounting returned [$whm->{error}]\n";
exit;
}
print "cPanel version: $version";
print "\n";
my $dbhack = $whm->api1( $user, $module, $DBHmodule, $DBNAME );
if ($whm->{error} ne "") {
print "There was an error while processing your request: Cpanel::Accounting returned [$whm->{error}]\n";
exit;
}
my $dbuserhack = $whm->api1( $user, $module, $DBUHmodule, $DBUSER, $DBPASS );
if ($whm->{error} ne "") {
print "There was an error while processing your request: Cpanel::Accounting returned [$whm->{error}]\n";
exit;
}
my $dbadduserhack = $whm->api1( $user, $module, $DBAUHmodule, $DBNAME, $DBUSER, $DBAUHperms );
if ($whm->{error} ne "") {
print "There was an error while processing your request: Cpanel::Accounting returned [$whm->{error}]\n";
exit;
}
print color 'green';
print "SUCCESS::We created the user $user\_$DBUSER on $user\_$DBNAME using the password $DBPASS";
print color 'reset';
print "\n";
exit;
EDIT: cPanel has made another change. They have decided to remove the functionality of the cPanel Accounting perl module in 11.28.64 making this script not work properly. I do have an update, but will not be posting it here. If you are interested maybe we can work something out $$, contact me.
Got broken perl? If you see messages like this you do:
BEGIN failed--compilation aborted at /scripts/*somescript*
I see this happen frequently due to botched installations or incomplete upgrades. You will see this when trying to run anything out of /scripts/, likely you won’t even be able to run /scripts/upcp due to borked perl modules.
The fix is pretty simple, but can take awhile.
The first thing you want to do is cd to a directory to work with the installation (I use /usr/src). You then want to grab the latest perl installer from this link: http://httpupdate.cpanel.net/
Next you untar the package, cd into the installation directory and install.
wget http://httpupdate.cpanel.net/perl588installer.tar.gz
tar xvfz perl588installer.tar.gz
cd perl588installer.tar.gz
./install
/scripts/upcp --force
I ran into an issue with a new cPanel install not allowing me to install the lwp-request aliases: GET, POST, HEAD.
There are some suggestions out there that seem to imply that the following code will work:
Well, in most cases this will NOT work. If you want a fool-proof way to install the perl lwp-request aliases then follow these steps:
First you will need to download the latest libwww from cpan.org
You will need to untar and gunzip this file and cd into that directory like so:
Once inside of that directory you will need to tell libwww to set up the aliases and install the module:
make && make install
Now you have the libwww (LWP) aliases installed on your system. You can use the GET, POST, and HEAD aliaes to the lwp-request command.
There comes a time in everyone’s life where they need to generate a MD5 or SHA1 hash of a string. Well, maybe not everyone, but definitely sysadmins and webmasters. I have set up a website for just this! It is a free to use service for generating a MD5 and SHA1 hash from a string.
This is a handy tool for changing your WordPress Admin password from the database in case you are unable to access the dashboard from a browser due to hacking or data loss.
You can visit the site here: md5.me
Of course if you have access to a terminal you can just run the following:
1f3870be274f6c49b3e31a0c6728957f -
Ever try to add a database user from the command line and it doesn’t show up in a user’s cPanel account?
The following bit of code can be used to create a database, database user, and assign the same privileges that would have been assigned if the user were created in the cPanel GUI. Once the script has been run the output will let you know the name of the database, database user, and the password assigned.
If you run the script without any command line arguments then the usage instructions will be printed on screen.
The basic instructions are to run the script from inside the users account ( /home/username/* ) and supply the database name, database username, and password. Do not add the cPanel username or the script will error out.
EDIT:: This is now outdated with the 11.28 Patch. Please see this new post for an updated script.
#dbuser.sh
# Database and database user creation script
# by Brendan Clemmer
# This script will create a database if it does not exist, create a user, and assign that user to the database.
EXPECTED_ARGS=3
E_BADARGS=65
SQLBASE=$1
SQLUSER=$2
SQLPASS=$3
user_check(){
if [ ! -f /var/cpanel/users/$UN ]; then
echo -e "\E[0;31mScript dying, you need to run this from the user's home";tput sgr0
exit
fi
create_database(){
if [[ $SQLBASE == "$UN"_* ]];
then
echo -e "\E[0;31mOnly enter the database name, not the cPanel username prefix, try again. ";tput sgr0
exit 2
else
mysql -e "create database if not exists ${UN}_${SQLBASE}"
fi
}
create_user(){
if [[ $SQLUSER == "$UN"_* ]];
then
echo -e "\E[0;31mOnly enter the database username, not the cPanel username prefix, try again. ";tput sgr0
exit 2
else
mysql -Be "GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, CREATE ROUTINE ON \`"$UN"\\_"$SQLBASE"\`.* TO '"$UN"_"$SQLUSER"'@'localhost' IDENTIFIED BY '$SQLPASS';FLUSH PRIVILEGES"
status=$?
fi
}
quit(){
if test $status -eq 0
then
printf "\E[0;32mSUCCESS::We created the user ${UN}_${SQLUSER} on ${UN}_${SQLBASE} with the password $SQLPASS.\n";tput sgr0
exit 2
else
echo -e "\E[0;31mHoly CARP! you messed up! MySQL error listed above.";tput sgr0
exit 2
fi
}
if [ $# -ne $EXPECTED_ARGS ]
then
echo -e '\E[0;31mUsage: ./dbuser.sh database user dbpass';tput sgr0
echo -e '\E[0;32mRun this script from the users home directory.'
echo -e '\E[0;32mThe script will place the username and underscore prefix'
echo -e '\E[0;32min the appropriate place for the db name and user name.';tput sgr0
exit $E_BADARGS
fi
create_database
create_user
quit
I have spent countless hours scouring the internets looking for tips and tricks on doing the needful in cPanel. Everything I find tends to be, well wrong. I’ll back up and talk about what.. I’m talking.. about. Do it from the command line! WHM/cPanel are great in that they allow you to perform most of the server management tasks from a GUI. This makes Linux server administration(?) more assessable to people that wouldn’t normally get involved in it.
Fact of the matter is, it is faster to do anything from the command line. If you want to package an account for a backup you have to type `/scripts/pkgacct username` and it’s done. From inside the GUI you have to, well do more. I don’t feel like typing out an instructional document on clicking your way through cPanel to get a backup made.
I am going to provide a bunch of tutorials that get the job done from beginning to end. I will also provide some nifty one liners so you can surf /b/ and not worry.
