Quote:
Originally Posted by The Calling
Can someone suggest performance tweaks (and security) for a cpanel hosting environment (shared and reseller mixed)?
I'm running:
Centos 6 64bit
MySQL 5.1
Cpanel 11
PHP 5.3
Apache 2.2
Thanks.
|
I've found performance and security to be at odds, sometimes. But since you mention both, I will give you just the performance tips that don't jeopardize security (as far as I know!) and security tips I've used that don't seem to impact performance.
If you host a database driven site using MySQL, you can improve the performance of MySQL by adding cache. I use a script called mysqltuner.pl for this:
Code:
wget mysqltuner.pl
chmod 755 mysqltuner.pl
./mysqltuner.pl
MySQL should have been running for 24 - 48 hours before running mysqltuner so there's enough history for it to evaluate. It will give you a number of recommendations, including the admonition to increase some settings gradually (especially table_cache). This is important, as you can cause data corruption with incorrect settings.
It's a good idea to backup all your MySQL databases before you start tweaking the config file.
On my cPanel VPS, the configuration file for MySQL is at /etc/my.cnf. It is empty because the default configuration is someplace else. Any values you add will overwrite the cPanel default values. I set the values either "4" higher (in the case of table_cache), or 8 to 16 higher (some values are in KB, some in MB, and some are not specified as memory allocations, such as table_cache).
After setting the values, restart MySQL ("/etc/init.d/mysqld restart") and let it run for 24 - 48 hours. If MySQL refuses to restart, you probably have a typo in your my.cnf file. Not specifying the memory "M" for instance, or including a memory allocation when there is none for that setting). After running for 24 - 48 hours, log back in and run ./mysqltuner.pl and see what it recommends.
For security, I like the CSF / LFD product from
http://configserver.com ... a free firewall that provides a UI in WHM after installation. Check out their site for the installation instructions for a cPanel server. It includes a "security audit" feature that gives some recommendations.
I recently bought their ConfigServer eXploit Scanner (cxs) product and like it very much; it enables you to scan for suspicious files using pre-configured "fingerprints" or profiles you create yourself. For instance, after seeing a "new to me" javascript redirect exploit that used hacked .htaccess files to append a file to each file served by the web server, I have it looking for "auto_append_file" ... a command I know I would never use. It's $50, one time.
rkhunter (root kit hunter) and chrootkit are similar scanning scripts that can scan for rootkits. I have rkhunter installed so far, and on a cPanel server, you need to edit the config file to allow some commands to be run as scripts, allow some hidden files, and ignore certain files (it will flag /usr/share/man/man1/..1.gz, for instance). The commands are already in the config file; you just have to un-comment them.
Linear Mode
