Setting up Private Nameservers in Cpanel Published: Oct 28, 2003
  • Rating

    4/5

Allowing the root user to login directly is a major security issue, we'll show you how to disable it.

Allowing the root user to login directly is a major security issue, we'll show you how to disable it so you can still login as root but just not directly, reducing the security issue.

This will force a hacker to have to guess 2 seperate passwords to gain root access.
(you do have 2 seperate passwords for admin and root right?)
What happens is you'll first need to login as your admin user in SSH, then switch to the super user with the su command to get root.

We also will be forcing the use of SSH protocol 2, which is a newer, more secure SSH protocol
Just a couple more ways to help your server stay safe from the bad guys. If you're using cPanel make sure you add your admin user to the 'wheel' group so that you will be able to 'su -' to root, otherwise you may lock yourself out of root.

1. SSH into your server as 'admin' and gain root access by su 

2. Copy and paste this line to edit the file for SSH logins   
pico -w /etc/ssh/sshd_config

3. Find the line
Protocol 2, 1 

4. Uncomment it and change it to look like
Protocol 2

5. Next, find the line
PermitRootLogin yes

6. Uncomment it and make it look like PermitRootLogin no 

7. Save the file Ctrl+X then Y then enter 

8. Now you can restart SSH
/etc/rc.d/init.d/sshd restart

Now, no one will be able to login to root with out first loggin in as admin and 'su -' to root, and you will be forcing the use of a more secure protocol. Just make sure you remember both passwords! 
  • Rating

    4/5

Related Articles

Comments (25)

  • Gravatar - Jason Ruyle
    Jason Ruyle 00:22, December 7, 2003
    I'm trying to manually setup my name servers. But I dont know how they should look in:

    /etc/wwwacct.conf

    and

    /etc/nameserverips

    Could you make a general format? Thanks.
  • Gravatar - Ramprage
    Ramprage 00:36, December 8, 2003
    Article updated
  • Gravatar - Curtis
    Curtis 18:13, April 10, 2004
    Awesome! Walked me thru it step by step. Thanks!
  • Gravatar - tony
    tony 20:20, May 19, 2004
    Thanks
  • Gravatar - roy
    roy 07:37, May 23, 2004
    I can't seem to find Initial NameServer Setup from the Server Setup menu on the left of WHM.
  • Gravatar - janitor
    janitor 15:06, June 12, 2004
    great
  • Gravatar - monkeygirl
    monkeygirl 16:45, September 8, 2004
    thanks for the info!
  • Gravatar - Charlie
    Charlie 06:39, November 26, 2004
    On my server WHM 9.9.8 cPanel 9.9.8-R119 there was no Initial Nameserver Setup but I did find Nameserver Setup under Service Configuration and this seemed to work just fine.<br />
    <br />
    When I typed /etc/resolv.conf I would get a message 'Permission Denied'. Seemed that typing 'cat /etc/resolv.conf' solved this problem.<br />
  • Gravatar - Charlie
    Charlie 13:57, November 26, 2004
    To output the resolv.conf you must type<br />
    <br />
    'cat /etc/resolv.conf'<br />
    <br />
    To edit resolv.conf use pico / type:<br />
    <br />
    'pico /etc/resolv.conf'<br />
    <br />
    In my Web Host Manager there was no 'Initial NameServer Setup' under the Server Setup menu but there was a 'NameServer Setup' under 'Service Configuration'. Used this instead and it seemed to work.
  • Gravatar - Charlie
    Charlie 14:37, November 26, 2004
    I had a huge problem with the /scripts/named.conf not working and getting errors when I tried to Bind. This forum solved those problems:<br />
    <br />
    http://www.webhostingtalk.com/showthread.php?threadid=253245<br />
  • Gravatar - Gabidi
    Gabidi 20:53, December 24, 2004
    When i ever i try to setup i get the following error after entering a Name server assigning it an IP and then attempting to add an entry for it:<br />
    <br />
    "IP=205.209.141.21 Bind reloading on orion using rndc zone: [gsmliberty.com] Error reloading bind on orion: rndc: connection to remote host closed This may indicate that the remote server is using an older version of the command protocol, this host is not authorized to connect, or the key is invalid. Add Complete" <br />
    <br />
    Any ideas ?
  • Gravatar - Tong Narak
    Tong Narak 12:07, June 28, 2005
    /etc/resolv.conf<br />
    <br />
    I think these should be<br />
    Datacenter DNS.<br />
    <br />
    <br />
    ------------------------------------<br />
    <br />
    Resolver Setup <br />
    Enter the ip address of at least two nameservers that you will use for dns resolution. Your datacenter should be able to provide you with at least one ip of a dns server you can access. If you do not know the ip address of your provider's local resolvers you should contact them. It is very important that these nameservers are correct, or you server will not function properly. If you do not know what to put in the boxes below and cannot contact your provider, please close this window and go though this setup at a later time; Your server should still function normally, however connections made to the server may be slower then normal.
  • Gravatar - Martyn
    Martyn 10:11, August 1, 2005
    Re: Tong Narak<br />
    <br />
    You are correct, these IP addresses should be the ones provided by your host, they are internal and point to your internal DNS resolvers.
  • Gravatar - Joe A
    Joe A 12:28, November 19, 2005
    This is the first time I've ever seen a comprehensive explanation of how to do this. Thank you.
  • Gravatar - josh
    josh 06:16, February 13, 2006
    Yeah, well i have added the nameserver/ip/info and followed what was said, but i can only resolve hosts via nslookup on that LOCAL machine, the outside world never resolves correctly, any clues?
  • Gravatar - Aziz
    Aziz 05:25, March 10, 2006
    You can actually put any name servers any /etc/resolve.conf, it is just a resolver and has nothing to do with running a DNS server.
  • Gravatar - alberto
    alberto 02:58, April 29, 2006
    4. Reverse DNS<br />
    You may also need to get your data centre to enter a reverse DNS pointer for your nameserv.....<br />
    <br />
    ALLL OK BUT STEP 4.. what i have to do here? contact with my ISP?<br />
    <br />
    thank you!
  • Gravatar - David K. Tucker
    David K. Tucker 09:13, May 6, 2006
    Truly appreciate the help. Set my ATJEU.COM dedicated nameservers up in no time :-) Really appreciate it.<br />
    <br />
    --DAVE
  • Gravatar - Sparky
    Sparky 05:11, July 21, 2006
    Great tutorial - one problem though - dns server appears to work, but now doing a hostname lookup to hosts outside of the server (to yahoo.com, for example) fails.<br />
    <br />
    Hostname lookups to hosts on the dns server work fine, just cannot see any hosts outside of the server.<br />
    <br />
    /etc/resolv.conf looks like:<br />
    <br />
    domain mydomain.com<br />
    search mydomain.com<br />
    nameserver x.x.x.x<br />
    nameserver x.x.x.x<br />
    <br />
    Any thoughts?
  • Gravatar - Koh Kok Yew
    Koh Kok Yew 20:52, August 31, 2006
    To Gabidi:<br />
    <br />
    To fix this issue you may try running `/scripts/fixndc`
  • Gravatar - ZeRoo!
    ZeRoo! 02:06, January 22, 2007
    thank you!
  • Gravatar - Deni Wibowo
    Deni Wibowo 11:15, July 5, 2007
    I have same problem on named failure.<br />
    I just removing them an then reinstall using yum.<br />
    <br />
    #yum remove bind<br />
    #yum install bind bind-chroot bind-devel caching-nameserver<br />
    <br />
    and then restarting bind<br />
    <br />
    #service named start<br />
    <br />
    and done.
  • Gravatar - Dr Tokunboh
    Dr Tokunboh 10:02, October 19, 2007
    this is kind of difficult. i dont think i can handle ssh - what can i do?
  • Gravatar - dvijai
    dvijai 11:29, August 1, 2010
    I afraid to understand theat in domain control penal, wher to register, i maen, under which tab we need to register the ns1 and ns2, while there are many tabs like overview, name server, child name server, and many more.

    i am talking about pont no. 3. Registering the Nameservers
  • Gravatar - Myth
    Myth 08:40, August 2, 2010
    THANK YOU !

Add Your Thoughts

WebHostGear.com is a hosting directory, not a web host.

Copyright © 1998-2017 WebHostGear.com