βœ… Install, Secure & Configure DirectAdmin (AlmaLinux / CloudLinux)

By /

Here’s your complete guide to installing, securing, and configuring DirectAdmin, now updated to include CloudLinux and CageFS considerations.

πŸ› οΈ 1. Install DirectAdmin

Step 1: System Update

yum update -y

Step 2: Install Prerequisites

yum install -y wget gcc gcc-c++ flex bison make bind bind-libs bind-utils \
openssl openssl-devel perl quota libaio libcom_err-devel libcurl-devel gd \
zlib-devel zip unzip libcap-devel cronie bzip2 cyrus-sasl-devel \
perl-ExtUtils-Embed autoconf automake libtool which patch mailx \
bzip2-devel lsof glibc-headers kernel-devel expat-devel

Step 3: Install Additional Tools

yum install -y psmisc net-tools systemd-devel libdb-devel perl-DBI \
perl-Perl4-CoreLibs xfsprogs rsyslog logrotate crontabs file kernel-headers

Step 4: Download and Install DirectAdmin

wget https://www.directadmin.com/setup.sh
chmod 755 setup.sh
./setup.sh

πŸ“Œ Make sure your DirectAdmin license is valid and registered to your server IP.

Step 5: Disable firewalld (use CSF or Imunify360 instead)

systemctl stop firewalld.service
systemctl disable firewalld.service

πŸ“š Ref: https://help.directadmin.com/item.php?id=527

Step 6: Access DirectAdmin Panel

  • URL: http://YOUR.SERVER.IP:2222
  • Login: admin
  • If password forgotten:
passwd admin

☁️ CloudLinux + CageFS Integration

CloudLinux offers performance isolation and enhanced security.

Enable CloudLinux Features:

If your server uses CloudLinux:

cldetect --detect
cldetect --install

Enable CageFS for all users:

cagefsctl --init
cagefsctl --enable-all

To add software inside CageFS (e.g., compilers, mail clients):

cagefsctl --addrpm PACKAGE-NAME
cagefsctl --force-update

Recommended packages:

cagefsctl --addrpm s-nail
cagefsctl --addrpm curl

πŸ”’ 2. Secure DirectAdmin

Step 7: Harden PHP with secure_php

cd /usr/local/directadmin/custombuild
./build update
./build secure_php

Step 8: Tweak Cron & Update Settings

Edit:

nano /usr/local/directadmin/custombuild/options.conf

Recommended settings:

cron=yes
cron_frequency=daily
[email protected]
notifications=yes
da_autoupdate=yes
updates=yes
webapps_updates=yes

Apply:

./build update_versions

Step 9: Restrict MySQL to Localhost

nano /etc/my.cnf

Add:

bind-address = 127.0.0.1

Then:

systemctl restart mysqld

πŸ” 3. Enable Let’s Encrypt SSL

Install SSL for Hostname:

πŸ“š How to Install Let’s Encrypt SSL for DirectAdmin Hostname

If LE is not enabled:

πŸ“š Enable Let’s Encrypt support

πŸ”₯ Recommended Security Add-ons

Install CSF (Firewall)

cd /usr/src
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

Install Imunify360 (For CloudLinux or standard DirectAdmin)

wget https://repo.imunify360.cloudlinux.com/defence360/i360deploy.sh
bash i360deploy.sh

πŸ›‘οΈ Optional Hardening Tips

  • Enable ModSecurity:
cd /usr/local/directadmin/custombuild
./build set modsecurity yes
./build modsecurity
  • Use Fail2Ban for brute-force protection.
  • Enforce strong passwords and enable 2FA in DA admin settings.
  • Set up SSH key-only login and disable password auth.

Scroll to Top