Hi,

I've decided to bite the bullet and install Bastille/PSAD on my WHM server. I've only installed Bastille combined with Ensim in the past and could use some help identifying the ports to keep open. The below was taken from an Ensim howto:

------------------------------------------------------------------------------------
Q: TCP service names or port numbers to allow on public interfaces:[ ]

Type '20 21 22 25 53 80 110 443 19638', press [TAB], choose 'next' then press [RETURN].
------------------------------------------------------------------------------------

This obviously has to be changed to include 2082, 2083, 2086 and 2087 and drop 19638. Any more you can think of?

------------------------------------------------------------------------------------
Q: UDP service names or port numbers to allow on public interfaces:[ ]

Type '53', press [TAB], choose 'next' then press [RETURN].
------------------------------------------------------------------------------------

This is really my main question. Is it port 53 and only 53 on a CPanel server? I haven't found anything about this as yet.

------------------------------------------------------------------------------------
Q: TCP services to block: [2049 2065:2090 6000:6020 7100]

Press [TAB], choose 'next' and press [RETURN].

Q: UDP services to block: [2049 6770]

Press [TAB], choose 'next' and press [RETURN]
------------------------------------------------------------------------------------

I assume this will also work for CPanel.

Thanks for your time.

Hi, you will need to open the following ports:

All TCP (you will also need to open UDP 53 port for DNS service)

21 (FTP)
22 (unless you want SSH limited to certain IP addresses)
25 (SMTP)
53 (DNS, unless you are using different DNS server)
110 (pop3)
143 (IMAP)
443 (HTTPS)
465 (SMTPS) secure SMTP
993 (IMAPS)
995 (POP3S)
3306 (MYSQL, localhost only)
6666 (Melange CHAT, localhost only)

I hope this helps you.
A.

tazzman,

Please keep us updated on how it works out for you.

I've been thinking about installing Bastille as well on a CPanel server, but I'm afraid it might interfere with WHM somehow.

I found this list from the cpanel forums:

21 ---> FTP ---> TCP
22 ---> SSH ---> TCP
25 ---> SMTP ---> TCP
53 ---> DNS ---> TCP & UDP
80 ---> HTTP ---> TCP
110 ---> POP3 ---> TCP
143 ---> IMAP ---> TCP
443 ---> HTTPs ---> TCP
465 ---> sSMTP ---> TCP
993 ---> sIMAP ---> TCP
995 ---> sPOP3 ---> TCP
2082 ---> Cpanel ---> TCP
2083 ---> secure Cpanel
2086 ---> WHM ---> TCP
2087 ---> secure WHM
2095 ---> WebMail ---> TCP
2096 ---> secure WebMail
3306 ---> MySQL ---> TCP
6666 ---> Melange ---> TCP
7786 ---> Ichange ---> TCP

Hi,

I think some one can work on a "How-to" on Bastille for Cpanel, it should be a great stuff,

I need that too ;)

Some one ?

Cheers /-

I haven't tried it yet, but I've just ordered a new Cpanel server, so I'll try it out on that before I put it on an active server. If I find the time I might even edit the Ensim/bastille howto for Cpanel and post a link.

There is a great How-To for Ensim, at RackShack, this might give u good head start ;)

http://forum.rackshack.net/showthread.php?threadid=11334

and after u r done for cpanel, do post it here :)

cheers /-

The one at RS is ripped from unofficial-support.com, I'm well aware of it and have used it a few times in the past.

Don't open

7786 ---> Ichange ---> TCP

remotely for all IP adresses, some time ago it had a remote exploit...

ps. sorry, forgot about cpanel control panel and webmail ports:)

If you need 7786 open, just patch it. Just because it had an exploit in the past doesn't mean that you shouldn't use it. BIND and Sendmail have had plenty of exploits and no one stops using it because they are essential services. You could of course use a different application but that's a different topic ;)

Good luck and keep us posted, I'm a bit curious myself.

Probably they have released a new patch for this exploit, not sure.. :)