cPanel Removal

It's a poorly-kept secret that cPanel wants to prevent Server owners and/or administrators from being able to purge their systems from the rootkit-like software.  While they've recently made a change claiming to focus on support for primarily rpm-based Linux distributions, i.e. mainly Red Hat and CentOS; cPanel software breaks almost EVERYTHING RHEL/rpm-related on the system!

Their use of binary packages and perl scripts along with choosing to disable SELinux completely puts this outdated and soon-to-be obsolete software in direct conflict with anything Linux! I wish they had switched to support Windows instead.

In any case, here's yet another blog post online outlining the procedure attempting to, relatively cleanly, remove cPanel from a VPS running CentOS 7 in a Virtuozzo container.
yum list \*cpanel\*
yum remove \*cpanel\*

Remove the line in /etc/yum.conf starting with "exclude".
# cat /etc/yum.conf 
[main]
#; exclude=courier* dovecot* exim* filesystem httpd* mod_ssl* mydns* mysql* nsd* php* proftpd* pure-ftpd* spamassassin* squirrelmail*
tolerant=1
errorlevel=1
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit=5
bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
distroverpkg=centos-release
Then execute: 
yum clean all; yum check-update; yum upgrade

You might have to add "--skip-broken" to yum when installing packages that replace the cPanel-provided software; e.g. perl packages, php, httpd.

Install the "epel-release" package, which installs/enables the "epel" software repository on CentOS 7. 
yum install epel-release
yum repolist all
yum-config-manager --enable epel
yum-config-manager --enable epel-testing
yum clean all; yum check-update; yum upgrade -y --skip-broken

As per this Answer on ask.fedoraproject.org, "firewalld" does not work correctly in a virtuozzo/openVZ container! Therefore, you might be better suited installing the "iptables" packages:
yum install iptable\*


Check the /etc Directory

The cpanel-related systemd services are placed in the /etc/systemd/system/ directory. They're also linked to the "/etc/systemd/system/multi-user.target.wants/" directory when enabled. Therefore, you might have to disable them first before you remove the ".service" files. 
systemctl disable cpanel.service
systemctl disable cpanel...
Then remove the service files, assuming no other service files are placed there by you 
rm /etc/systemd/system/*.service
Take heed of hidden cron jobs in the usual locations, i.e.

  • /etc/cron.d/
  • /etc/cron.daily/
  • /etc/cron.hourly/
  • /etc/cron.weekly/
  • root user's crontab:  # crontab -e
  • /var/spool/cron/$USER
Additionally, your hosting provider might have their internal software packages installed as well as a way to facilitate the cPanel installation in their specific environment/setup.


cat /etc/prelink.conf.d/cpanel.conf                                                                                                                                                                                                          
-l /usr/local/cpanel/perl


Check the /etc/bashrc file for cPanel-related directories:

16 # whoami=`whoami`
17 # if [ -e "~/.dns" ]; then
18 #    DNS=`cat ~/.dns`
19 #    PS1="\u@$DNS [\w]# "
20 # else
21 #    if [ -e "/var/cpanel/users/$whoami" ]; then
22 #        eval `grep DNS= /var/cpanel/users/$whoami`
23 # 
24 #            if [ ! "$DNS" = "" ]; then
25 #                echo -n "$DNS" > ~/.dns
26 #                PS1="\u@$DNS [\w]# "
27 #            fi
28 #    fi
29 # fi



unlink /etc/httpd/apache
unlink /etc/httpd/logs
rm -rf /usr/local/apache
rm -rf /usr/local/cpanel
rm -rf /var/cpanel
rm /etc/user*
rm /etc/www*
rm -rf /var/softaculous
The main issue comes from the virtfs "jail shell" that cPanel utilizes for every user in the /home directory; along with the following users: 
grep -i cpanel /etc/passwd
cpanel:x:201:201::/var/cpanel/userhomes/cpanel:/usr/local/cpanel/bin/noshell
cpanelphpmyadmin:x:202:202::/var/cpanel/userhomes/cpanelphpmyadmin:/usr/local/cpanel/bin/noshell
cpanelphppgadmin:x:203:203::/var/cpanel/userhomes/cpanelphppgadmin:/usr/local/cpanel/bin/noshell
cpanelroundcube:x:204:204::/var/cpanel/userhomes/cpanelroundcube:/usr/local/cpanel/bin/noshell
cpanelrrdtool:x:205:205::/var/cpanel/userhomes/cpanelrrdtool:/usr/local/cpanel/bin/noshell
mailman:x:206:206::/usr/local/cpanel/3rdparty/mailman/mailman:/usr/local/cpanel/bin/noshell
cpanellogin:x:997:994::/var/cpanel/userhomes/cpanellogin:/usr/local/cpanel/bin/noshell
cpaneleximfilter:x:996:993::/var/cpanel/userhomes/cpaneleximfilter:/usr/local/cpanel/bin/noshell
cpaneleximscanner:x:995:992::/var/cpanel/userhomes/cpaneleximscanner:/usr/local/cpanel/bin/noshell
cpanelconnecttrack:x:994:991::/var/cpanel/userhomes/cpanelconnecttrack:/usr/local/cpanel/bin/noshell
cpses:x:993:990::/var/cpanel/cpses:/sbin/nologin

First, change the login shell for the users in the "home" subdirectories: 
usermod -s /bin/bash
Then, change the login shell for each additional user you wish to keep and delete the other irrelevant users. 
userdel cpanel
userdel cpanellogin
...
Additionally, the "virtfs" directory is present in the /etc/mtab file. Therefore, the relevant lines should me commented out or delted. 
cat /etc/mtab
/dev/vzfs / reiserfs rw,usrquota,grpquota 0 0
# /dev/vzfs /home/virtfs/schuler/usr vzfs ro,nosuid,relatime,usrquota,grpquota 0 0
# /dev/vzfs /home/virtfs/schuler/usr/backup/cpainl-resid/cpanel/3rdparty/mailman vzfs ro,relatime,usrquota,grpquota 0 0
#/dev/vzfs /home/virtfs/schuler/usr/backup/cpainl-resid/cpanel/3rdparty/mailman/logs vzfs rw,noatime,relatime,usrquota,grpquota 0 0
#/dev/vzfs /home/virtfs/schuler/usr/backup/cpainl-resid/cpanel/3rdparty/mailman/lists vzfs rw,noatime,relatime,usrquota,grpquota 0 0
#/dev/vzfs /home/virtfs/schuler/usr/backup/cpainl-resid/cpanel/3rdparty/mailman/locks vzfs rw,noatime,relatime,usrquota,grpquota 0 0
#/dev/vzfs /home/virtfs/schuler/usr/backup/cpainl-resid/cpanel/3rdparty/mailman/qfiles vzfs rw,noatime,relatime,usrquota,grpquota 0 0
#/dev/vzfs /home/virtfs/amel/usr vzfs ro,nosuid,relatime,usrquota,grpquota 0 0
#/dev/vzfs /home/virtfs/amel/usr/backup/cpainl-resid/cpanel/3rdparty/mailman vzfs ro,relatime,usrquota,grpquota 0 0
#/dev/vzfs /home/virtfs/amel/usr/backup/cpainl-resid/cpanel/3rdparty/mailman/logs vzfs rw,noatime,relatime,usrquota,grpquota 0 0
#/dev/vzfs /home/virtfs/amel/usr/backup/cpainl-resid/cpanel/3rdparty/mailman/lists vzfs rw,noatime,relatime,usrquota,grpquota 0 0
#/dev/vzfs /home/virtfs/amel/usr/backup/cpainl-resid/cpanel/3rdparty/mailman/locks vzfs rw,noatime,relatime,usrquota,grpquota 0 0
#/dev/vzfs /home/virtfs/amel/usr/backup/cpainl-resid/cpanel/3rdparty/mailman/qfiles vzfs rw,noatime,relatime,usrquota,grpquota 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,relatime 0 0
...
Better, yet; simply delete the /etc/mtab file and it will be recreated during the next boot. However, before the reboot, make sure to unmount all "bind" directories: 
# for i in `cat /proc/mounts | grep /home/virtfs | cut -d' ' -f 2` ; do umount -l -R $i ; done
Then, check to make sure /home/virtfs/ sub-directories are empty (**unmounted**!!) before deleting them. 
rmdir /home/virtfs/user1adfal/usr/lib
rmdir /home/virtfs/user1adfal/usr
rmdir /home/virtfs/user1adfal
rmdir /home/virtfs

See Also:

Popular posts from this blog

Password Policy in RHEL 7

In Red Hat Enterprise Linux 7, the pam_pwquality PAM module replaced pam_cracklib, which was used in Red Hat Enterprise Linux 6 as a default module for password quality checking. It uses the same back end as pam_cracklib.
The code was originally based on pam_cracklib module, and the module is backwards compatible with its options.

The pam_pwquality module can be customized and configured in the file /etc/security/pwquality.conf. The possible options in the file are: difok Number of characters in the new password that must not be present in the old password. (default 5)

minlen Minimum acceptable size for the new password (plus one if credits are not disabled which is the default). (See pam_pwquality(8).) Cannot be set to lower value than 6. (default 9)

dcredit The maximum credit for having digits in the new password. If less than 0 it is the minimum number of digits in the new password. (default 1)

ucredit T…
Read more

Centos 7 pulseaudio

Image
Centos 7 doesn't come with an option for `awesome-wm` installation.  Therefore, the only way to make use of this light-weight tiling manager one has to enable Fedora 19 repo or build the package from source.  For the Fedora 19 repo approach, see:

https://gist.github.com/ILMostro/1909a50e1858d0ee7e10

To use without GDM, GNOME's display manager, and without gnome services, one has to be aware of certain shortcomings that the gnome-services provide by default.  One such shortcoming is the lack of built-in Sound and Volume management.  Never fret, though, as there is a solution; namely, the PulseAudio-focused tools pavucontrol and pavumeter.  These packages are available from the "nux-desktop" repository available at at http://li.nux.ro/repos.html .
nux-desktop My unofficial, as-is, not for profit RPM repositories for EL (RHEL, CentOS, ScientificLinux etc): These repos may or may not be up to date or behave the way you expect them to; use them at your OWN RISK!

Some of…
Read more

Password Aging and Authentication in RHEL7

As I posted in a previous note, the password policy in RHEL 7, and most other linux distributions, is handled by the dynamically-configurable PAM (Pluggable Authentication Modules) system. However, there are a number of other tools implemented in securing the RHEL system. One such tool is the shadow password suite. The shadow suite creates an additional layer of abstraction for the system's login passwords, by removing the account passwords from the /etc/passwd file to a separate file /etc/shadow;while maintaining the unobstructed use of the rest of the accounts system. The Linux Documentation Project explains it: the password is stored as a single "x" character (ie. not actually stored in this file). A second file, called ``/etc/shadow'', contains encrypted password as well as other information such as account or password expiration values, etc. The /etc/shadow file is readable only by the root account and is therefore less of a security risk.
According t…
Read more