Skip to main content

cPGuard Overview

Before installing cPGuard on your server, it's important to verify that your environment meets all the prerequisites. cPGuard is designed to run on 64-bit web servers with Apache, Nginx, or LiteSpeed — with native integration for the most popular control panels and configurable support for any supported OS through the Standalone pathway.

Supported Operating Systems

cPGuard supports a wide range of enterprise and community Linux distributions across both x86_64 and ARM architectures.

RHEL-Based Distributions

DistributionSupported Versions
CentOS7, Stream 8, Stream 9, Stream 10
RHEL7, 8, 9
CloudLinux7, 8, 9
AlmaLinux8, 9, 10
Rocky Linux8, 9, 10
Amazon Linux2

Debian-Based Distributions

DistributionSupported Versions
Ubuntu LTS18.04, 20.04, 22.04, 24.04
Ubuntu LTS (ARM)22.04, 24.04
Debian10, 11, 12, 13
Debian (ARM)12
tip

ARM architecture support is available for Ubuntu 22.04/24.04 LTS and Debian 12 — useful for servers running on ARM-based cloud instances such as AWS Graviton.

Supported Control Panels

cPGuard provides direct, native support for a wide range of web hosting control panels. This means we include built-in profiles and scripts to automatically gather information like domains, user accounts, document roots, and web server/ModSecurity paths for the WAF from the server.

Directly Supported Control Panels

  • cPanel / WHM
    • WHM/cPanel version 11.76 or higher
    • PHP IonCube must be enabled for WHM/cPanel's internal PHP
  • DirectAdmin
    • DirectAdmin version 1.57 or higher
    • CustomBuild 2.0 required
  • Plesk
    • Latest Plesk version recommended
    • ModSecurity must be enabled in Apache or Nginx within Plesk before installing cPGuard
  • Webuzo
    • ModSecurity must be pre-configured before installation (OWASP vendor rules installed and disabled inside Webuzo).
  • CyberPanel
  • Control Web Panel (CWP)
  • RunCloud
  • InterWorx
  • WebminException: Webmin requires some setup.
  • EnhanceSpecial case: Though Enhance supports most features without any input, it needs Enhance API keys configured on the main server to get some details.

Standalone Configuration

For servers running control panels other than those listed above, or for panel-free servers (bare Linux), cPGuard can be installed and configured using our Standalone configuration pathway. Standalone is used in cases where we do not have dedicated scripts or profiles for gathering information (such as docroots, domains, etc.) from the server or having a predefined path to include ModSecurity rules for the WAF.

note

Even on panel-free servers (bare Linux without a control panel), cPGuard can be installed and configured using the Standalone pathway making it suitable for any 64-bit web server running a supported OS.

Other Requirements

Beyond the OS and control panel, the following additional requirements must be met:

Architecture

  • x86_64 (64-bit) or aarch64 (ARM 64-bit)
warning

32-bit systems are not supported. cPGuard requires a 64-bit processor architecture. Attempting to install on a 32-bit system will fail.

Kernel inotify Watch Count

  • The OS must support tweaking the inotify watch count in the kernel.
warning

OpenVZ / Virtuozzo users: The inotify watch count is set at the container level by the host provider — you cannot change it yourself. Contact your hosting provider to raise the inotify watch limit before installing cPGuard. Failing to do so may cause the scanner service to malfunction.

ModSecurity (for WAF)

  • mod_security 2.9.4 or higher is required to use the Web Application Firewall (WAF) feature.

ModSecurity does not need to be installed before cPGuard itself, but it must be in place before you enable WAF rules. Refer to the relevant guide for your web server: