I made this guide a few years back and i just found it. I tried to update some parts but i hope it will be useful to you guys. Post any changes that i need to make to it. Thanks!
The guide is color coded but thats in HTML.
SSH Setup
First SSH in and install cpanel with the following command.
cd /home;mkdir cpins;cd cpins;wget layer1.cpanel.net/latest;sh latest
When it is complete (takes around 30mins) run the following commands
1. /scripts/sysup
2. /scripts/updatenow
3. /scripts/fixndc
4. pico /etc/sysconfig/named
When the file opens go to the last line and place a # in front of the command. Save and exit.
5. pico /etc/named.conf
Remove the - from rndc-key on the first line.
6. service named restart
7. pico /scripts/securetmp
and find near the bottom where it has 256000 and replace 256 with 1024 so it reads 1024000 and save and exit.
8. /scripts/securetmp
Minimize the SSH window for now and go to
https://IPADDRESS:2086/
WHM startup setup
When it loads two windows will pop up. Close the one about skin migrations. In the next click the setup forwarding button to take it the window to the root email page. Enter YOUR EMAIL ADDRESS.
Click the change button then close that window.
Click the "Next" button to start the cpanel setup, scroll on the right to the bottom and click the I agree button.
Next it will take you to the setup page. Scroll down to minimum UID setting and set to 500, down a bit further to the server contact email address, again this is YOUR EMAIL ADDRESS
Scroll down a bit more and cut and paste the nameservers included in the info sent to you into the appropriate boxes. Scroll down and click save.
Click next step and then click next step again, no need to wait for the text on the right. Now click the OK button on the right and wait for it to start the nameserver and restart bind, then click next step again
Click continue on the right and cut and paste the main IP into the middle box, then click continue
Back to the left, click next step, then in the right do a key mash of numbers and/or letters to set the mysql root pass (no special characters please or it'll mess up mysql) then click "change password".
Click finish followed by continue.
WHM Nameserver setup
Then when the window reloads just close the pop up box about the hostname.
Scroll down on the left to the IP section and click add IP's, the IP range will be sent to you in the info email, cut and paste into the box and click add.
Scroll back the top top on the left and click modify resolver config. Cut and paste the main IP and into both empty boxes but adjust the last box to be one IP higher then click continue.
Next click "manage nameserver ip's" and wait for the list to load, take the first nameserver included in the info email and paste into the box and click assign. Do the same for the second.
NOTE: If you get a result from the first nameserver that it already has an IP assigned to it that is not a server IP then max the SSH window again and type
pico /etc/nameserverips
Enter the nameservers at the end of the appropriate IP's (in place of the zeron) save and exit, now you can close the SSH window for now.
IF YOU HAD TO MANUALLY DO THE NAMESERVERS VIA SSH then you need to click edit DNS zone and mod the ns1 and ns2 zones to the actual IP's on the server not the remote ones. If you were able to set them up via manage nameserver IP's then you can skip this step.
Next click on "edit setup" and scroll down to the nameservers and click to add an A entry for each and click in the popup boxes too.
Then scroll down and click save again.
Next click on "change hostname" and change to the one in the info email. Click change, then click add an A entry then click add the entry.
WHM Basic Setup
Next click tweak settings.
Disable the following:
Webalizer
Mailman
FormMail-clone cgi
Allow cPanel users to reset their password via email
Enable the following:
Awstats
Email users when they have reached 80% of their bandwidth
Keep Stats Log (/usr/local/cpanel/logs/stats_log) between cpanel restarts (default is off)
Allow Sharing Nameserver Ips
delete domains access logs after stats run
prevent pop3 flooding
Silently Discard all FormMail-clone requests with a bcc: header in the subject line
Display Errors in cPanel instead of logging them to /usr/local/cpanel/logs/error_log
Allow perl updates from rpm based linux vendors
Do not warn about features that will be depreciated in later releases
prevent ppl adding on or parking common domain names
Set the following:
Set "The number of times users are allowed to check their mail using pop3 per hour:" to 200
Set The maximum each domain can send out per hour (0 is unlimited): to 1000
Change the load the cpu stops doing stats from 0 to 1 and the load to show server status red to 3 (4 for xeons) (2 for celerons)
Now click save and wait for the screen to change.
Click change update preferences, if it doesn't load click a few more times then it will load.
Change to manual update current release (for now, usually it's stable release) then click save
Next click to change the bandmin password
Username: username
Pasword: password
Click to save
Click change root password : Set the password to your liking
Click "shell/forkbomb protection" and enable it
Scroll down to install an RPM,
Install the following:
Imagemagick cc+ develop
Imagemagick-perl RPM
Scroll down (menu bar) to system health menu and select the background process killer, check all the process boxes and click save
Scroll down (menu bar) to Security and click on Quick Security Scan and scan the server. You will se FAILED services are these were already shutdown.
Next click (under the cpanel section) to upgrade to latest version and wait till completed.
When done refresh the page to load the new WHM and scroll down on the left to the Service configuration menu (new layout and look for these)
Click FTP Config and change it to Pure. The page will not reload just wait 30secs and then click on ftp config again.
Then scroll down and do a gracefull reboot.
When the server comes back up (5 minutes)
Go to Manage Wheel Group Users and add YOURUSERNAME(for root logins).
Installing Scripts
1. SSH into your server as 'YOURUSERNAME' and gain root access by -su.
SSH Change
1. pico -w /etc/ssh/sshd_config
2. Find the line '#Port 22' and uncomment it and change it to look like 'Port 20069'
3. Find the line '#ListenAddress 0.0.0.0' and make it look like 'ListenAddress ##.##.##.##' replacing the number signs with the ip address.
4. Find the line '#Protocol 2, 1' and uncomment it and change it to look like 'Protocol 2'
5. Find the line '#PermitRootLogin yes' and uncomment it and make it look like 'PermitRootLogin no'.
6. /etc/rc.d/init.d/sshd restart
7. EXIT and RELOGIN
8. First try to login with a diff ip address (and port 22) (not one in the listenaddress) Then if you can get in to did something wrong
9. Then try to login with the ip you listed and port 22 If that doesn't work then that is good.
10. After that login with the ip you listed and port 20069. After you get in -su to root. If all works then it all good. Logout and do it again to make sure it stays.
LogWatch
1. wget
ftp://ftp.kaybee.org/pub/redhat/RPMS...1-1.noarch.rpm
2. rpm -Uvh logwatch-5.1-1.noarch.rpm
3. rm -rf logwatch-5.1-1.noarch.rpm
4. pico -w /etc/log.d/conf/logwatch.conf
5. CTRL-W - Type: MailTo
SET TO YOUR EMAIL ADDRES
6. CTRL-W - Type: Detail
SET LOW TO HIGH
SSH Warnings
1. pico /etc/motd
ADD: This computer system is for authorized users only. All activity is logged and regulary checked by systems personal. Individuals using this system without authority or in excess of their authority are subject to having all their services revoked. Any illegal services run by user or attempts to take down this server or its services will be reported to local law enforcement, and said user will be punished to the full extent of the law. Anyone using this system consents to these terms.
Disable Telnet
pico -w /etc/xinetd.d/telnet
Note: (change disable = no to yes)
Save and Exit
/etc/init.d/xinetd restart
ImageMagick
1: mkdir /home/src
2: cd /home/src
3: wget
ftp://ftp.fifi.org/pub/ImageMagick/I...6.2.4-6.tar.gz
4: tar xvzf ImageMagick-6.2.4-6.tar.gz
5: cd ImageMagick-6.2.4
6: ./configure
7: make
8: make install
9: cd PerlMagick
10: perl Makefile.PL
11: make
12: make install
Zend
/scripts/installzendopt
CGI FormMail
1. cd /usr/local/cpanel/cgi-sys
2. chmod 0 formmail.cgi FormMail.cgi FormMail-clone.cgi formmail.pl FormMail.pl realsignup.cgi guestbook.cgi
3. chattr +i formmail.cgi FormMail.cgi FormMail-clone.cgi formmail.pl FormMail.pl realsignup.cgi guestbook.cgi
SIM
1.
http://www.hostinglife.com/security/sim.php - visit to log to put here
Root Kit
1. cd /
2. mkdir /usr/local/chkrootkit
3. wget
ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz
4. tar xvzf chkrootkit.tar.gz
5. rm -rf chkrootkit.tar.gz
6. cp chkrootkit-0.44 /usr/local/chkrootkit
7. cd /usr/local/chkrootkit
8. make sense
9. ./chkrootkit
10. pico /etc/cron.daily/chkrootkit.sh
#!/bin/bash
cd /usr/local/chkrootkit
ADD: ./chkrootkit | mail -s "Daily chkrootkit from Server" EMAIL
APF Firewall
2. cd /root/downloads
3. wget
http://www.rfxnetworks.com/downloads/apf-current.tar.gz
4. tar -xvzf apf-current.tar.gz
5. cd apf-0.9.4-6/
6. ./install.sh
7. pico /etc/apf/conf.apf
FIND: USE_DS="0"
CHANGE TO: USE_DS="1"
# Common ingress (inbound) TCP ports -3000_3500 = passive port range for Pure FTPD
IG_TCP_CPORTS="21,22,25,53,80,110,143,443,2082,2083,2086,2087,2095,2096,20069,30000_35000"
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="53"
# Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,25,80,443,43"
# Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53"
8. /usr/local/sbin/apf -s
9. chkconfig --level 2345 apf on
Now type /scripts/easyapache
When the option screen comes up choose option 6 and hit enter.
When the other screen loads cursor down to php module and hit enter
Disable the following: Php 4.3.3 or whatever it is
Enable the following:
Php 4.3.5 (or whatever version you want)
Curl
CurlSSL
mcrypt
flash
GD
imap
mcrypt
OpenSSL
Freetype
XML
Now hit tab followed by enter, then hit tab followed by enter again to leave, hit enter again to save and grab something to drink as it's gonna take about 20-30 minutes to recompile.
Then do a Graceful Reboot and you will be done. (done in whm)
please help me. I was following your instructions and I change the SSH port. The problem is that I have APF installed and the Port I used for SSH is not in the allowed ports of APF 
Linear Mode
