Install memcached with CentOS and WHM/cPanel

This guide will walk you through installing memcache and memcached on a dedicated or vps server.

For the wiki version of this guide visit:

root# yum install libevent libevent-devel -y

Head over to and grab the latest version.

root# yum install libevent-devel libevent gcc make -y
root# wget
root# tar xvf memcached-1.4.5.tar.gz
root # cd memcached-1.4.5
root# ./configure && make && make install

Open /etc/memcached.conf with your favorite editor and paste in:

#Memory a usar
-m 16
# default port
-p 11211
# user to run daemon nobody/apache/www-data
-u nobody
# only listen locally
touch /etc/init.d/memcached
chmod +x /etc/init.d/memcached

Open /etc/init.d/memcached with your favorite editor and paste in:

# memcached    This shell script takes care of starting and stopping
#              standalone memcached.
# chkconfig: - 80 12
# description: memcached is a high-performance, distributed memory
#              object caching system, generic in nature, but
#              intended for use in speeding up dynamic web
#              applications by alleviating database load.
# processname: memcached
# config: /etc/memcached.conf
# Source function library.
. /etc/rc.d/init.d/functions
[ -x $DAEMON ] || exit 0
[ -x $DAEMONBOOTSTRAP ] || exit 0
start() {
 echo -n $"Starting $DESC: "
 [ $RETVAL -eq 0 ] && touch $PIDFILE
 return $RETVAL
stop() {
 echo -n $"Shutting down $DESC: "
 killproc $NAME
 [ $RETVAL -eq 0 ] && rm -f $PIDFILE
 return $RETVAL
# See how we were called.
case "$1" in
  status $prog
  echo $"Usage: $0 {start|stop|restart|status}"
  exit 1
exit $RETVAL
touch /usr/local/bin/start-memcached
chmod +x  /usr/local/bin/start-memcached

Open /usr/local/bin/start-memcached with your favorite editor and paste in:

#!/usr/bin/perl -w
# start-memcached
# 2003/2004 - Jay Bonci <[email protected]>
# This script handles the parsing of the /etc/memcached.conf file
# and was originally created for the Debian distribution.
# Anyone may use this little script under the same terms as
# memcached itself.
use strict;
if ($> != 0 and $< != 0) {
 print STDERR "Only root wants to run start-memcached.\n";
my $etcfile = shift || "/etc/memcached.conf";
my $params = [];
my $etchandle;
# This script assumes that memcached is located at /usr/bin/memcached, and
# that the pidfile is writable at /var/run/
my $memcached = "/usr/local/bin/memcached";
my $pidfile = "/var/run/";
# If we don't get a valid logfile parameter in the /etc/memcached.conf file,
# we'll just throw away all of our in-daemon output. We need to re-tie it so
# that non-bash shells will not hang on logout. Thanks to Michael Renner for
# the tip
my $fd_reopened = "/dev/null";
sub handle_logfile {
 my ($logfile) = @_;
 $fd_reopened = $logfile;
sub reopen_logfile {
 my ($logfile) = @_;
 open *STDERR, ">>$logfile";
 open *STDOUT, ">>$logfile";
 open *STDIN, ">>/dev/null";
 $fd_reopened = $logfile;
# This is set up in place here to support other non -[a-z] directives
my $conf_directives = {
 "logfile" => \&handle_logfile
if (open $etchandle, $etcfile) {
 foreach my $line (<$etchandle>) {
  $line =~ s/\#.*//go;
  $line = join ' ', split ' ', $line;
  next unless $line;
  next if $line =~ /^\-[dh]/o;
  if ($line =~ /^[^\-]/o) {
   my ($directive, $arg) = $line =~ /^(.*?)\s+(.*)/;
  push @$params, $line;
unshift @$params, "-u root" unless (grep $_ eq '-u', @$params);
$params = join " ", @$params;
if (-e $pidfile) {
 open PIDHANDLE, "$pidfile";
 my $localpid = <PIDHANDLE>;
 chomp $localpid;
 if (-d "/proc/$localpid") {
  print STDERR "memcached is already running.\n";
 } else {
  `rm -f $localpid`;
my $pid = fork();
if ($pid == 0) {
 exec "$memcached $params";
} elsif (open PIDHANDLE,">$pidfile") {
 print PIDHANDLE $pid;
} else {
 print STDERR "Can't write pidfile to $pidfile.\n";

Now we start the memcached daemon. (it is ok if “shutting down memcached” says fail.)

[root@ ~]# /etc/init.d/memcached restart
Shutting down memcached:                                   [  OK  ]
Starting memcached:                                        [  OK  ]

Make sure its running by:

[root@srv01 init.d]# ps aux  | grep memcached
nobody    5966  0.5  0.3 18248 16444 pts/0   S    13:55   0:00 /usr/local/bin/memcached -u root -m 16 -p 11211 -u nobody -l

Now we will set memcached to run at startup:

[root@ ~]# /sbin/chkconfig memcached on
[root@ ~]# /sbin/chkconfig --list | grep memcached
memcached       0:off   1:off   2:on    3:on    4:on    5:on    6:off

Now we will install the memcache plugin for PHP.

Download the latest stable version of memcache from

root# wget
root# tar xvf memcache-2.2.5.tgz
root# cd memcache-2.2.5
root# phpize
root# ./configure && make && make install

Now open /usr/local/lib/php.ini with your favorite text editor and find the dynamic extension section.

Add this

Now restart apache with:

service httpd restart

We will now check to make sure memcached is running.

Create an empty file called test.php and place this in it:

<? phpinfo();  ?>
root# php -f test.php  | grep "memcache support"
memcache support => enabled

If this command does not return any thing the memcache plugin did not load correctly.

You can now delete test.php, your memcache installation should be functional.


cPanel and basic iptables

Save this to a file and run it, This will empty your iptables and set a solid set of secure rules that are compatible with cPanel servers running DNS clustering. If you run DNS locally be sure to allow 53 on TCP AND UDP!

/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -Z
/sbin/iptables -P INPUT DROP
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p tcp ! --syn -j REJECT --reject-with tcp-reset
/sbin/iptables -A INPUT -m state --state INVALID -j DROP
/sbin/iptables -P OUTPUT DROP
/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp ! --syn -j REJECT --reject-with tcp-reset
/sbin/iptables -A OUTPUT -m state --state INVALID -j DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A FORWARD -p tcp ! --syn -j REJECT --reject-with tcp-reset
/sbin/iptables -A FORWARD -m state --state INVALID -j DROP
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
/sbin/iptables -A FORWARD -i lo -o lo -j ACCEPT

##Acceptable IP
/sbin/iptables -A INPUT -s x.x.x.xx -j ACCEPT #YOUR TRUSTED IP's

##General Web/File Services
/sbin/iptables -A INPUT -p tcp --dport 80  -j ACCEPT #HTTP
/sbin/iptables -A INPUT -p tcp --dport 443 -j ACCEPT #HTTPS
/sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT #FTP
/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT #SSH
/sbin/iptables -A INPUT -p tcp --dport 5666 -j ACCEPT #NRPE

##Email Services
/sbin/iptables -A INPUT -p tcp --dport 25 -j ACCEPT #SMTP
/sbin/iptables -A INPUT -p tcp --dport 110 -j ACCEPT #POP3
/sbin/iptables -A INPUT -p tcp --dport 143 -j ACCEPT #IMAP
/sbin/iptables -A INPUT -p tcp --dport 465 -j ACCEPT #SMTPs
/sbin/iptables -A INPUT -p tcp --dport 993 -j ACCEPT #IMAPs
/sbin/iptables -A INPUT -p tcp --dport 995 -j ACCEPT #POP3s

##cPanel Services
/sbin/iptables -A INPUT -p tcp --dport 2083 -j ACCEPT #cPanel
/sbin/iptables -A INPUT -p tcp --dport 2087 -j ACCEPT #WHM
/sbin/iptables -A INPUT -p tcp --dport 2096 -j ACCEPT #Webmail

##Allow Ping
/sbin/iptables -A INPUT -p icmp --icmp-type 8/0 -j ACCEPT

##Final Blocks
/sbin/iptables -A INPUT -j DROP
/sbin/iptables -A OUTPUT -j ACCEPT
/sbin/iptables -A FORWARD -j DROP

Guide on removing iptable rules

If you loose access to your server while using this, well that sucks.   Setup a cron job to stop the iptables service every 5 minutes just in case.