Before installing DirectAdmin let us see which operating system does it supports.
System Requirements
- Red Hat Enterprise
- Red Hat Enterprise Linux derivatives – CentOS Stream, Rocky Linux, AlmaLinux.
- Debian.
- Ubuntu.
Partition scheme
We suggest a simple partition structure of:
Partition | Size |
---|---|
/boot | 500 MB |
swap | 2 x RAM but no more than 16 GB |
/ | Rest of drive |
Begin the installation!
bash <(curl -fsSL https://download.directadmin.com/setup.sh) 'Provided license key should go here'
OR
bash <(curl -Ss https://www.directadmin.com/setup.sh) auto
After the setup is completed you can access your DirectAdmin control panel using port 2222
http://server.ip.address:2222
Steps to Follow Post DA Installation:
- Remove DA limited notice on login page if you are using Legacy License. https://forum.directadmin.com/threads/directadmin-1-664.70784/page-2#post-376159
- Install CSF
- Install CloudLinux and enable Cagefs
- Install Imunify 360
- Install Softaculous: https://www.softaculous.com/docs/admin/installing-softaculous-in-directadmin/
1. Install SSL for your Hostname
cd /usr/local/directadmin/scripts
./letsencrypt.sh request_single `hostname` 4096
2. Install Ion Cube
cd /usr/local/directadmin/custombuild
./build update
./build set ioncube yes
./build ioncube
3. Run Scripts / Harden PHP
Go to DA custom build scripts. Run PHP Hardening and Install Spamassassin.
4. CSF Settings
You don't need to install CSF with imunify, however, if you do you can open these common ports and also allow some scripts to run by editing process ignore list inside CSF
TCP_IN = 35000:35999,20,21,22,25,53,853,80,110,143,443,465,587,993,995,2222,4085,4083, 2087, 2086
TCP_OUT =20,21,22,25,53,80,110,113,143,443,465,587,853,993,995,2222,8443,44445,55556,7770:7800,4085,4083, 2087, 2086
###############################################################################
# Copyright 2006-2019, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
###############################################################################
# The following is a list of executables (exe) command lines (cmd) and
# usernames (user) that lfd process tracking will ignore.
#
# You must use the following format:
#
# exe:/full/path/to/file
# user:username
# cmd:command line
#
# Or, perl regular expression matching (regex):
#
# pexe:/full/path/to/file as a perl regex[*]
# puser:username as a perl regex[*]
# pcmd:command line as a perl regex[*]
#
# [*]You must remember to escape characters correctly when using regex's, e.g.:
# pexe:/home/.*/public_html/cgi-bin/script\.cgi
# puser:bob\d.*
# pcmd:/home/.*/command\s\to\smatch\s\.pl\s.*
#
# It is strongly recommended that you use command line ignores very carefully
# as any process can change what is reported to the OS.
#
# For more information see readme.txt
exe:/bin/dbus-daemon
exe:/sbin/ntpd
exe:/usr/bin/dbus-daemon
exe:/usr/bin/dbus-daemon
exe:/usr/bin/dbus-daemon-1
exe:/usr/bin/lsmd
exe:/usr/lib/polkit-1/polkitd
exe:/usr/libexec/dovecot/anvil
exe:/usr/libexec/dovecot/imap
exe:/usr/libexec/dovecot/imap-login
exe:/usr/libexec/dovecot/pop3
exe:/usr/libexec/dovecot/pop3-login
exe:/usr/libexec/dovecot/stats
exe:/usr/libexec/gam_server
exe:/usr/libexec/hald-addon-acpi
exe:/usr/libexec/hald-addon-keyboard
exe:/usr/local/directadmin/dataskq
exe:/usr/local/directadmin/directadmin
exe:/usr/local/libexec/dovecot/imap
exe:/usr/local/libexec/dovecot/imap-login
exe:/usr/local/libexec/dovecot/pop3
exe:/usr/local/libexec/dovecot/pop3-login
exe:/usr/local/mysql-5.1.54-linux-x86_64/bin/mysqld
exe:/usr/sbin/chronyd
exe:/usr/sbin/exim
exe:/usr/sbin/exim
exe:/usr/sbin/hald
exe:/usr/sbin/httpd
exe:/usr/sbin/mysqld
exe:/usr/sbin/mysqld_safe
exe:/usr/sbin/named
exe:/usr/sbin/nscd
exe:/usr/sbin/ntpd
exe:/usr/sbin/proftpd
exe:/usr/sbin/sshd
exe:/usr/sbin/apache2
exe:/usr/sbin/mysqld
exe:/lib/systemd/systemd-timesyncd
exe:/usr/local/bin/freshclam
exe:/sbin/rngd
exe:/usr/sbin/mariadbd
exe:/usr/bin/dbus-broker-launch
exe:/usr/bin/dbus-broker
# Some additional entries that you might want to ignore on DirectAdmin
# servers.
# However, be aware of the security implications under "Process Tracking" in
# the csf readme.txt when using these:
#
#cmd:/bin/sh /usr/bin/mysqld_safe
#cmd:/bin/sh /usr/bin/mysqld_safe --basedir=/usr
#pcmd:MailScanner:.*
exe:/bin/gzip
exe:/bin/tar
exe:/opt/netdata/bin/bash
exe:/opt/netdata/bin/srv/netdata
exe:/opt/netdata/usr/libexec/netdata/plugins.d/apps.plugin
exe:/opt/netdata/usr/libexec/netdata/plugins.d/go.d.plugin
exe:/usr/bin/clamd
exe:/usr/bin/curl
exe:/usr/bin/freshclam
exe:/usr/bin/rspamd
exe:/usr/bin/wget
exe:/usr/lib/systemd/systemd-timesyncd
exe:/usr/libexec/dovecot/indexer
exe:/usr/libexec/dovecot/indexer-worker
exe:/usr/libexec/dovecot/lmtp
exe:/usr/libexec/dovecot/managesieve-login
exe:/usr/local/bin/lsphp
exe:/usr/local/bin/pureftpd_uploadscan.sh
exe:/usr/local/bin/redis-server
exe:/usr/local/mysql/bin/mysqld
exe:/usr/sbin/atd
exe:/usr/sbin/nginx
exe:/usr/sbin/proxyexec
exe:/usr/sbin/pure-ftpd
exe:/usr/sbin/rsyslogd
exe:/usr/sbin/unitd
exe:/usr/selector/lsphp
exe:/usr/selector/php
exe:/usr/selector/php-cli
exe:/usr/share/cagefs-skeleton/usr/selector/lsphp
pexe:/opt/alt/php../usr/bin/lsphp
pexe:/opt/alt/php../usr/bin/php
pexe:/opt/alt/php../usr/bin/php-cgi
pexe:/usr/local/lsws/bin/lshttpd.*
pexe:/usr/local/php../bin/lsphp..
pexe:/usr/local/php../bin/php-cgi..
pexe:/usr/local/php../bin/php..
pexe:/usr/local/php../bin/php_uploadscan.sh
pexe:/usr/local/php../sbin/php-fpm..
pexe:/usr/local/safe-bin/fcgid...sh
user:mysql
user:netdata
pexe:/opt/alt/php.*/usr/bin/lsphp
exe:/var/ossec/bin/ossec-monitord
exe:/var/ossec/bin/ossec-analysisd
exe:/var/ossec/bin/ossec-remoted
Import Reseller Plans
Here is the text to be imported for above-mentioned reseller plans.
Here are some regular shared hosting plans which you can import in DA account.
Here is the text to be imported for the above-mentioned user plans.
Tweaks Under Admin Section
- Timeout (seconds) & Session Timeout (minutes)
change to 300
Max Request / Upload Size to 2 GB - Max Username Length 25
- Blacklist IPs for excessive DA login attempt to change to 5 from 20
- Prevent 127.0.0.1 from being Blacklisted check it
- Remove an IP from the blacklist after & Remove an IP from the BF blacklist after to 0
- Scan for WordPress attacks on all
Allow PHP Disabled Functions Using Cloudlinux’s PHP Selector
Read how to enable users to change disable_functions settings in DirectAdmin
Update Logs
- 12.02.2024 – Added diable_functions guide