Originally Posted by The Calling
Can someone suggest performance tweaks (and security) for a cpanel hosting environment (shared and reseller mixed)?
Centos 6 64bit
I've found performance and security to be at odds, sometimes. But since you mention both, I will give you just the performance tips that don't jeopardize security (as far as I know!) and security tips I've used that don't seem to impact performance.
If you host a database driven site using MySQL, you can improve the performance of MySQL by adding cache. I use a script called mysqltuner.pl for this:
chmod 755 mysqltuner.pl
MySQL should have been running for 24 - 48 hours before running mysqltuner so there's enough history for it to evaluate. It will give you a number of recommendations, including the admonition to increase some settings gradually (especially table_cache). This is important, as you can cause data corruption with incorrect settings.
It's a good idea to backup all your MySQL databases before you start tweaking the config file.
On my cPanel VPS, the configuration file for MySQL is at /etc/my.cnf. It is empty because the default configuration is someplace else. Any values you add will overwrite the cPanel default values. I set the values either "4" higher (in the case of table_cache), or 8 to 16 higher (some values are in KB, some in MB, and some are not specified as memory allocations, such as table_cache).
After setting the values, restart MySQL ("/etc/init.d/mysqld restart") and let it run for 24 - 48 hours. If MySQL refuses to restart, you probably have a typo in your my.cnf file. Not specifying the memory "M" for instance, or including a memory allocation when there is none for that setting). After running for 24 - 48 hours, log back in and run ./mysqltuner.pl and see what it recommends.
For security, I like the CSF / LFD product from http://configserver.com
... a free firewall that provides a UI in WHM after installation. Check out their site for the installation instructions for a cPanel server. It includes a "security audit" feature that gives some recommendations.
rkhunter (root kit hunter) and chrootkit are similar scanning scripts that can scan for rootkits. I have rkhunter installed so far, and on a cPanel server, you need to edit the config file to allow some commands to be run as scripts, allow some hidden files, and ignore certain files (it will flag /usr/share/man/man1/..1.gz, for instance). The commands are already in the config file; you just have to un-comment them.