UnixServerAdmin

Server Administration & Management

Lockout Issues for CSF, when installed in VPS “OR” Can’t enter into server after CSF installation on VPS

If the required IP table modules are not properly loaded to the container node, you may lockout yourself after the installation. If you have access to the main Hardware node, you can perform the following to get it up or ask your VPS provider to perform this on the Hardware (main) node.

Before enabling iptables on VPS, it needs to make sure that the iptables modules are enabled on the Hardware Node. In order to enable iptables modules on Hardware Node, Edit it as the following:-

# /etc/vz/vz.conf
——————————–
IPTABLES_MODULES=”ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ip_conntrack_ftp ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp xt_state ipt_recent”
——————————–

# /etc/sysconfig/iptables-config
——————————–
IPTABLES_MODULES=”ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ip_conntrack_ftp ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp xt_state ipt_recent”
——————————–

Now your Hardware node is fine. You need to enable the iptable modules to the VPS nodes. (CID – container ID. You can find the value for each node by using the command vzlist -a)

# vzctl stop CID

# vzctl set CID –iptables ipt_REJECT –iptables ipt_tos –iptables ipt_TOS –iptables ipt_LOG –iptables ip_conntrack –iptables ipt_limit –iptables ipt_multiport –iptables iptable_filter –iptables iptable_mangle –iptables ipt_TCPMSS –iptables ipt_tcpmss –iptables ipt_ttl –iptables ipt_length  –iptables ipt_state –iptables iptable_nat –iptables ip_nat_ftp –save

# vzctl set CID –numiptent 2000 –save

# vzctl start CID

Now try entering into your node and restart CSF. It should start working fine.

October 29, 2011 Posted by | CSF, Firewall, Virtualization, Virtuozzo | , , , , | Leave a comment

How to make Virtuozzo Container be able to run ConfigServer Firewall(CSF)

CSF is a powerful Firewall for Linux and cPanel servers are here are the steps to get it working with Virtuozzo VPS

1. Installation

# rm -rvf csf.tgz
# wget http://www.configserver.com/free/csf.tgz
# tar -xzf csf.tgz
# cd csf
# sh install.sh

2. After the installation you will need to customize CSF to run on VPS, edit /etc/sysconfig/iptables and add

# vi /etc/sysconfig/iptables
——————————————–
-A FORWARD -j ACCEPT -p all -s 0/0 -i venet0
-A FORWARD -j ACCEPT -p all -s 0/0 -o venet0
-A INPUT -i venet0 -j ACCEPT
-A OUTPUT -o venet0 -j ACCEPT
——————————————–

3. Create file /etc/csf/csfpre.sh and enter all the extra rules directly into it prefixed with “iptables” so the contents of that file should look something like:

# vi /etc/csf/csfpre.sh
——————————————————
iptables -A INPUT -i venet0 -j ACCEPT
iptables -A OUTPUT -o venet0 -j ACCEPT
iptables -A FORWARD -j ACCEPT -p all -s 0/0 -i venet0
iptables -A FORWARD -j ACCEPT -p all -s 0/0 -o venet0
——————————————————

4. edit /etc/csf/csf.conf file and add and search for

# vi /etc/csf/csf.conf file
——————————
ETH_DEVICE = “”
change to
ETH_DEVICE = “venet+”
——————————

5. Restart

# /usr/sbin/csf -r  “OR”

# /etc/init.d/csf restart

==================================================================
Lockout Issues for CSF, when installed in VPS

“or”

Cannot enter into server after CSF installation on VPS

If the required IP table modules are not properly loaded to the container node, you may lockout yourself after the installation. If you have access to the main Hardware node, you can perform the following to get it up or ask your VPS provider to perform this on the Hardware (main) node.

Before enabling iptables on VPS, it needs to make sure that the iptables modules are enabled on the Hardware Node. In order to enable iptables modules on Hardware Node, Edit it as the following:-

# /etc/vz/vz.conf
——————————–
IPTABLES_MODULES=”ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ip_conntrack_ftp ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp xt_state ipt_recent”
——————————–

# /etc/sysconfig/iptables-config
——————————–
IPTABLES_MODULES=”ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ip_conntrack_ftp ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp xt_state ipt_recent”
——————————–

Now your Hardware node is fine. You need to enable the iptable modules to the VPS nodes. (CID – container ID. You can find the value for each node by using the command vzlist -a)

# vzctl stop CID

# vzctl set CID –iptables ipt_REJECT –iptables ipt_tos –iptables ipt_TOS –iptables ipt_LOG –iptables ip_conntrack –iptables ipt_limit –iptables ipt_multiport –iptables iptable_filter –iptables iptable_mangle –iptables ipt_TCPMSS –iptables ipt_tcpmss –iptables ipt_ttl –iptables ipt_length  –iptables ipt_state –iptables iptable_nat –iptables ip_nat_ftp –save

# vzctl set CID –numiptent 2000 –save

# vzctl start CID

Now try entering into your node and restart CSF. It should start working fine.

October 28, 2011 Posted by | CSF, Firewall, Virtualization, Virtuozzo | , , , , | Leave a comment

How to install BFD (Brute Force Detection)

BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the linux community that work in conjunction with a firewall or real-time facility to place bans. BFD is available at: http://www.rfxnetworks.com/bfd.php This guide will show you how to install and configure BFD to protect your system from brute force hack attempts.

Requirements:
:- You MUST have APF Firewall Installed before installing BFD, it works with APF and requires some APF files to operate.
:- Root SSH access to your server

# cd /usr/local/src/

# wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz

# tar -xvzf bfd-current.tar.gz

# cd bfd-*

# ./install.sh [Run the install file]

You will receive a message saying it has been installed
.: BFD installed
Install path:    /usr/local/bfd
Config path:     /usr/local/bfd/conf.bfd
Executable path: /usr/local/sbin/bfd

Edit the configuration file & Enable brute force hack attempt alerts

# vi /usr/local/bfd/conf.bfd

Find: EMAIL_USR=”root” CHANGE TO: EMAIL_USR=”unixserv@unixserveradmin.com”

# vi /usr/local/bfd/ignore.hosts  [Prevent locking yourself out and add your own trusted IPs]

# /usr/local/sbin/bfd -s [Run the program!]

Customize your applicatoins brute force configuration, Check out the rules directory in your /usr/local/bfd Here you’ll find all kinds of pre-made rules for popular services such as Apache, and PureFTPD w00t! If you have any clue about shell scripting you can customize them or create new rules for enhanced brute force detection and prevent attacks.

July 24, 2011 Posted by | CSF, Firewall, Security, Tips & Tricks, Unix/Linux | , , , , , | Leave a comment

How to install the LWP perl module (libwww-perl) for CSF Firewall

If you want to install CSF Firewal in New Linux Server, On installing CSF firewall, you got following error :-

# ./install.sh

=====================================================================
Configuring for OS

Checking for perl modulesfailed
You need to install the LWP perl module (libwww-perl) and then install csf
=====================================================================

To fix the error, install LWP perl module (libwww-perl)

# yum install perl-libwww-perl

“OR”

# cpan
cpan>
cpan> h [Obtaining help]
cpan> install Bundle::LWP [Installing LWP]

June 14, 2011 Posted by | CSF, Firewall | , , , , | 4 Comments

How to allow only specific countries with CSF

This is assuming you have CSF installed already and setup properly. Assuming that, you will want to go into the configuration via WHM (WHM –> Plugins –> ConfigServer Security & Firewall –> Firewall Configuration) or in SSH via vi /etc/csf/csf.conf

# vi /etc/csf/csf.conf

What you are looking for is CC_ALLOW_FILTER

First, you will want to get a list of ISO Country Codes to allow.

For example, if you only wanted United States, Canada, Great Britian, Australia, and Mexico to be whitelisted, you would specify:

US,CA,GB,AU,MX

What this will do is download a list of IP ranges belonging to those countries, then add them to a whitelist, and deny everything else, that is, deny all other countries’ IP ranges. So, India will not be able to connect to your server, Russia will not be able to connect, etc..

Once you have change this in your configuration, don’t forget to restart your firewall to apply the new configuration.

May 16, 2011 Posted by | CSF, Firewall | , , | 1 Comment

flush_csf.sh

#################################################
# Script for IP Block Remove Due to CSF Firewall
#################################################
# flush_csf.sh
#################################################
##### CSF – Flush All Block IP #####
#!/bin/bash
echo Flush All Block IP..
cd /etc/csf/
rm -rvf csf.deny
rm -rvf csf.tempban
touch csf.deny
touch csf.tempban
exit
#################################################

May 3, 2011 Posted by | CSF, Firewall, Security, Shell Script | , , | 3 Comments

How to block a country using CSF

Login to WHM-cPanel configuration via WHM

1. WHM
2. Plugins
3. ConfigServer Security & Firewall
4. Firewall Configuration)

“OR”

1. Login via SSH

# vi /etc/csf/csf.conf

What you are looking for is “CC_DENY

First, you will want to get a list of ISO Country Codes to allow.

http://www.countryipblocks.net/country-blocks/ “OR”

http://www.ipdeny.com/ipblocks/ “OR”

http://www.iana.org/domains/root/db/

For example, if you only wanted United States, Canada, Great Britian, Australia, and Mexico to be whitelisted, you would specify:

US,CA,CN,AU,MX

What this will do is download a list of IP ranges belonging to those countries, then add them to a deny list, that is, deny all specific countries’ IP ranges. So, United States, Canada, China will not be able to connect, etc..

Once you have change this in your configuration, don’t forget to restart your firewall to apply the new configuration.

May 1, 2011 Posted by | CSF, Firewall, Security | , , , | 3 Comments

How to allow only specific countries with CSF

Login to WHM-cPanel configuration via WHM

1. WHM
2. Plugins
3. ConfigServer Security & Firewall
4. Firewall Configuration)

“OR”

1. Login via SSH

# vi /etc/csf/csf.conf

What you are looking for is “CC_ALLOW_FILTER

First, you will want to get a list of ISO Country Codes to allow.

http://www.countryipblocks.net/country-blocks/ “OR”

http://www.ipdeny.com/ipblocks/ “OR”

http://www.iana.org/domains/root/db/

For example, if you only wanted United States, Canada, Great Britian, Australia, and Mexico to be whitelisted, you would specify:

US,CA,GB,AU,MX

What this will do is download a list of IP ranges belonging to those countries, then add them to a whitelist, and deny everything else, that is, deny all other countries’ IP ranges. So, India will not be able to connect to your server, Russia will not be able to connect, etc..

Once you have change this in your configuration, don’t forget to restart your firewall to apply the new configuration.

April 30, 2011 Posted by | CSF, Firewall, Security | , , , | 3 Comments

How to remove APF Firewall

# service iptables stop

# chkconfig apf off

# /bin/rm -rfv /etc/apf

# /bin/rm -fv /etc/cron.daily/fw

# /bin/rm -fv /etc/init.d/apf

# iptables -L -n

April 8, 2011 Posted by | CSF, Firewall | , , , | 2 Comments

How to install & configure CSF Firewall

Installation
============
Installation is quite straightforward:

Login as the root user to SSH and run the following commands.

#rm -vf csf.tgz
#wget http://www.configserver.com/free/csf.tgz
#tar -xzf csf.tgz
#cd csf
#sh install.sh

If you would like to disable APF+BFD (which you will need to do if you have them installed otherwise they will conflict horribly):

#sh disable_apf_bfd.sh

That’s it. You can then configure csf and lfd in WHM, or edit the files
directly in /etc/csf/*

Installation Completed

Don’t forget to:

1. Configure the TCP_IN, TCP_OUT, UDP_IN and UDP_OUT options in the csf configuration to suite your server

2. Restart csf and lfd

3. Set TESTING to 0 once you’re happy with the firewall

csf is preconfigured to work on a cPanel server with all the standard cPanel ports open. It also auto-configures your SSH port if it’s non-standard on installation.

You should ensure that kernel logging daemon (klogd) is enabled. Typically, VPS servers have this disabled and you should check /etc/init.d/syslog and make sure that any klogd lines are not commented out. If you change the file, remember to restart syslog.

Now – login to your cPanel server’s WHM as root and go to the bottom left menu. If already logged in then reload the page. In Plugins – you will see:  ConfigServer Security&Firewall

The firewall is STOPPED by default – it is not running. We need to configured it, and then take it out of Test Mode.

Click on Firewall Configuration

ETH_DEVICE =: Set this to eth+

TCP_IN/TCP_OUT/UDP_IN/UDP_OUT = : These are the ports you want to leave open for your server to operate. If you change the default SSH port make sure to add it here. Also add any other services you might have running such as Shoutcast or game servers. By default most of the ports used should already be configured.

MONOLITHIC_KERNEL = 0 : Only change this to 1 if your firewall will not start – otherwise leave it as it.

LF_DSHIELD = 0 : Change this option to 86400. This is an automatic updated list of known attacking IPs. Enabling this will stop them from being able to connect to your server.

Spam Protection Alerts
If you want to add some spam protection, CSF can help. Look in the configuration for the following:

LF_SCRIPT_ALERT = 0 change this to 1. This will send an email alert to the system administrator when the limit configured below is reached within an hour.

LF_SCRIPT_LIMIT = 100 change this to 250. This will alert you when any scripts sends out 250 email messages in an hour.

Configuration Complete – Almost Scroll down to the bottom and click on Change to save the settings. Then click Restart csf+lfd

You should see a big page of ACCEPT and near the bottom you should see:

csf: TESTING mode is enabled – don’t forget to disable it in the configuration Starting lfd:[  OK  ]

Click on Return

Now TEST all your services to make sure everything is working – SSH, FTP, http. After you do a few quick tests go back into the Firewall Configuration page.

TESTING = 1 change this to 0 and click Change at the bottom. Then Restart csf+lfd

That’s it, the firewall is successfully installed and running!!
Firewall Status: Running – you should see this on the main CSF page in WHM.

Uninstallation
==============
Removing csf and lfd is even more simple:

#cd /etc/csf
#sh uninstall.sh

January 3, 2011 Posted by | cPanel, CSF, Firewall | , , , | 8 Comments