cPanel Removal

It's a poorly-kept secret that cPanel wants to prevent Server owners and/or administrators from being able to purge their systems from the rootkit-like software.  While they've recently made a change claiming to focus on support for primarily rpm-based Linux distributions, i.e. mainly Red Hat and CentOS; cPanel software breaks almost EVERYTHING RHEL/rpm-related on the system!

Their use of binary packages and perl scripts along with choosing to disable SELinux completely puts this outdated and soon-to-be obsolete software in direct conflict with anything Linux! I wish they had switched to support Windows instead.

In any case, here's yet another blog post online outlining the procedure attempting to, relatively cleanly, remove cPanel from a VPS running CentOS 7 in a Virtuozzo container.
yum list \*cpanel\*
yum remove \*cpanel\*

Remove the line in /etc/yum.conf starting with "exclude".
# cat /etc/yum.conf 
[main]
#; exclude=courier* dovecot* exim* filesystem httpd* mod_ssl* mydns* mysql* nsd* php* proftpd* pure-ftpd* spamassassin* squirrelmail*
tolerant=1
errorlevel=1
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit=5
bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
distroverpkg=centos-release
Then execute: 
yum clean all; yum check-update; yum upgrade

You might have to add "--skip-broken" to yum when installing packages that replace the cPanel-provided software; e.g. perl packages, php, httpd.

Install the "epel-release" package, which installs/enables the "epel" software repository on CentOS 7. 
yum install epel-release
yum repolist all
yum-config-manager --enable epel
yum-config-manager --enable epel-testing
yum clean all; yum check-update; yum upgrade -y --skip-broken

As per this Answer on ask.fedoraproject.org, "firewalld" does not work correctly in a virtuozzo/openVZ container! Therefore, you might be better suited installing the "iptables" packages:
yum install iptable\*


Check the /etc Directory

The cpanel-related systemd services are placed in the /etc/systemd/system/ directory. They're also linked to the "/etc/systemd/system/multi-user.target.wants/" directory when enabled. Therefore, you might have to disable them first before you remove the ".service" files. 
systemctl disable cpanel.service
systemctl disable cpanel...
Then remove the service files, assuming no other service files are placed there by you 
rm /etc/systemd/system/*.service
Take heed of hidden cron jobs in the usual locations, i.e.

  • /etc/cron.d/
  • /etc/cron.daily/
  • /etc/cron.hourly/
  • /etc/cron.weekly/
  • root user's crontab:  # crontab -e
  • /var/spool/cron/$USER
Additionally, your hosting provider might have their internal software packages installed as well as a way to facilitate the cPanel installation in their specific environment/setup.


cat /etc/prelink.conf.d/cpanel.conf                                                                                                                                                                                                          
-l /usr/local/cpanel/perl


Check the /etc/bashrc file for cPanel-related directories:

16 # whoami=`whoami`
17 # if [ -e "~/.dns" ]; then
18 #    DNS=`cat ~/.dns`
19 #    PS1="\u@$DNS [\w]# "
20 # else
21 #    if [ -e "/var/cpanel/users/$whoami" ]; then
22 #        eval `grep DNS= /var/cpanel/users/$whoami`
23 # 
24 #            if [ ! "$DNS" = "" ]; then
25 #                echo -n "$DNS" > ~/.dns
26 #                PS1="\u@$DNS [\w]# "
27 #            fi
28 #    fi
29 # fi



unlink /etc/httpd/apache
unlink /etc/httpd/logs
rm -rf /usr/local/apache
rm -rf /usr/local/cpanel
rm -rf /var/cpanel
rm /etc/user*
rm /etc/www*
rm -rf /var/softaculous
The main issue comes from the virtfs "jail shell" that cPanel utilizes for every user in the /home directory; along with the following users: 
grep -i cpanel /etc/passwd
cpanel:x:201:201::/var/cpanel/userhomes/cpanel:/usr/local/cpanel/bin/noshell
cpanelphpmyadmin:x:202:202::/var/cpanel/userhomes/cpanelphpmyadmin:/usr/local/cpanel/bin/noshell
cpanelphppgadmin:x:203:203::/var/cpanel/userhomes/cpanelphppgadmin:/usr/local/cpanel/bin/noshell
cpanelroundcube:x:204:204::/var/cpanel/userhomes/cpanelroundcube:/usr/local/cpanel/bin/noshell
cpanelrrdtool:x:205:205::/var/cpanel/userhomes/cpanelrrdtool:/usr/local/cpanel/bin/noshell
mailman:x:206:206::/usr/local/cpanel/3rdparty/mailman/mailman:/usr/local/cpanel/bin/noshell
cpanellogin:x:997:994::/var/cpanel/userhomes/cpanellogin:/usr/local/cpanel/bin/noshell
cpaneleximfilter:x:996:993::/var/cpanel/userhomes/cpaneleximfilter:/usr/local/cpanel/bin/noshell
cpaneleximscanner:x:995:992::/var/cpanel/userhomes/cpaneleximscanner:/usr/local/cpanel/bin/noshell
cpanelconnecttrack:x:994:991::/var/cpanel/userhomes/cpanelconnecttrack:/usr/local/cpanel/bin/noshell
cpses:x:993:990::/var/cpanel/cpses:/sbin/nologin

First, change the login shell for the users in the "home" subdirectories: 
usermod -s /bin/bash
Then, change the login shell for each additional user you wish to keep and delete the other irrelevant users. 
userdel cpanel
userdel cpanellogin
...
Additionally, the "virtfs" directory is present in the /etc/mtab file. Therefore, the relevant lines should me commented out or delted. 
cat /etc/mtab
/dev/vzfs / reiserfs rw,usrquota,grpquota 0 0
# /dev/vzfs /home/virtfs/schuler/usr vzfs ro,nosuid,relatime,usrquota,grpquota 0 0
# /dev/vzfs /home/virtfs/schuler/usr/backup/cpainl-resid/cpanel/3rdparty/mailman vzfs ro,relatime,usrquota,grpquota 0 0
#/dev/vzfs /home/virtfs/schuler/usr/backup/cpainl-resid/cpanel/3rdparty/mailman/logs vzfs rw,noatime,relatime,usrquota,grpquota 0 0
#/dev/vzfs /home/virtfs/schuler/usr/backup/cpainl-resid/cpanel/3rdparty/mailman/lists vzfs rw,noatime,relatime,usrquota,grpquota 0 0
#/dev/vzfs /home/virtfs/schuler/usr/backup/cpainl-resid/cpanel/3rdparty/mailman/locks vzfs rw,noatime,relatime,usrquota,grpquota 0 0
#/dev/vzfs /home/virtfs/schuler/usr/backup/cpainl-resid/cpanel/3rdparty/mailman/qfiles vzfs rw,noatime,relatime,usrquota,grpquota 0 0
#/dev/vzfs /home/virtfs/amel/usr vzfs ro,nosuid,relatime,usrquota,grpquota 0 0
#/dev/vzfs /home/virtfs/amel/usr/backup/cpainl-resid/cpanel/3rdparty/mailman vzfs ro,relatime,usrquota,grpquota 0 0
#/dev/vzfs /home/virtfs/amel/usr/backup/cpainl-resid/cpanel/3rdparty/mailman/logs vzfs rw,noatime,relatime,usrquota,grpquota 0 0
#/dev/vzfs /home/virtfs/amel/usr/backup/cpainl-resid/cpanel/3rdparty/mailman/lists vzfs rw,noatime,relatime,usrquota,grpquota 0 0
#/dev/vzfs /home/virtfs/amel/usr/backup/cpainl-resid/cpanel/3rdparty/mailman/locks vzfs rw,noatime,relatime,usrquota,grpquota 0 0
#/dev/vzfs /home/virtfs/amel/usr/backup/cpainl-resid/cpanel/3rdparty/mailman/qfiles vzfs rw,noatime,relatime,usrquota,grpquota 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,relatime 0 0
...
Better, yet; simply delete the /etc/mtab file and it will be recreated during the next boot. However, before the reboot, make sure to unmount all "bind" directories: 
# for i in `cat /proc/mounts | grep /home/virtfs | cut -d' ' -f 2` ; do umount -l -R $i ; done
Then, check to make sure /home/virtfs/ sub-directories are empty (**unmounted**!!) before deleting them. 
rmdir /home/virtfs/user1adfal/usr/lib
rmdir /home/virtfs/user1adfal/usr
rmdir /home/virtfs/user1adfal
rmdir /home/virtfs

See Also:

Popular posts from this blog

Set Focus to Follow Mouse Cursor in GNOME 3

Install dconf-editor in RHEL or Fedora, then go to org -> gnome -> desktop -> wm -> preferences and make sure auto-raise check-box is checked on. Also, change the focus-mode to sloppy or mouse . The window focus mode indicates how windows are activated. It has three possible values; "click" means windows must be clicked in order to focus them, "sloppy" means windows are focused when the mouse enters the window, and "mouse" means windows are focused when the mouse enters the window and unfocused when the mouse leaves the window. There's a nice, detailed write-up available on worldofgnome.org . Auto Raise Delay: The time delay before raising a window if auto-raise is set to true. The delay is given in thousandths of a second. Focus Mode: The window focus mode indicates how windows are activated. It has three possible values; “click” means windows must be clicked in order to focus them, “sloppy” means windows are focused when th
Read more

RHEL 7 and CentOS 7 syslog Rate Limit

https://access.redhat.com/solutions/1417483 In RHEL 7 there is rate-limiting both in systemd-journald and in rsyslog's imjournal module Lower Ratelimit Interval Lower the interval for rate-limiting and increase the burst level in order to minimize the possibility of losing log messages when the threshold is reached for the specified number of messages logged within the specified interval. Rate-limiting is specific to each process, so there's usually no reason to change this. It is also inadvisable to disable this feature entirely! grep -i rate /etc/systemd/journald.conf #RateLimitInterval=30s #RateLimitBurst=1000 RateLimitInterval=10s RateLimitBurst=3000 grep -i rate /etc/rsyslog.conf #$imjournalRatelimitInterval 600 <--default $imjournalRatelimitInterval 300 $imjournalRatelimitBurst 30000 journal corruption journalctl --verify journalctl --force
Read more

Password Policy in RHEL 7

In Red Hat Enterprise Linux 7, the pam_pwquality PAM module replaced pam_cracklib, which was used in Red Hat Enterprise Linux 6 as a default module for password quality checking. It uses the same back end as pam_cracklib. The code was originally based on pam_cracklib module, and the module is backwards compatible with its options. The pam_pwquality module can be customized and configured in the file /etc/security/pwquality.conf . The possible options in the file are: difok Number of characters in the new password that must not be present in the old password. (default 5) minlen Minimum acceptable size for the new password (plus one if credits are not disabled which is the default). (See pam_pwquality(8).) Cannot be set to lower value than 6. (default 9) dcredit The maximum credit for having digits in the new password. If less than 0 it is the minimum number of digits in the
Read more