We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
[HOWTO] Install CSF + Use it's GUI in VestaCP
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
Code: Select all
*Error* The path to iptables is either not set or incorrect for IPTABLES [/sbin/ ip6tables] in /etc/csf/csf.conf at /usr/local/csf/lib/ConfigServer/LookUpIP.pm l ine 26.
Compilation failed in require at /usr/sbin/csf line 20.
BEGIN failed--compilation aborted at /usr/sbin/csf line 20.
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
CSF needs iptables to run. Please reinstall iptables then it should work. You might have to re-run the installer (but you shouldn't have to).ArisC wrote:https://i.imgur.com/ZyKHm9W.pngCode: Select all
*Error* The path to iptables is either not set or incorrect for IPTABLES [/sbin/ ip6tables] in /etc/csf/csf.conf at /usr/local/csf/lib/ConfigServer/LookUpIP.pm l ine 26. Compilation failed in require at /usr/sbin/csf line 20. BEGIN failed--compilation aborted at /usr/sbin/csf line 20.
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
Now It's Working. Thank'sSS88 wrote:CSF needs iptables to run. Please reinstall iptables then it should work. You might have to re-run the installer (but you shouldn't have to).ArisC wrote:https://i.imgur.com/ZyKHm9W.pngCode: Select all
*Error* The path to iptables is either not set or incorrect for IPTABLES [/sbin/ ip6tables] in /etc/csf/csf.conf at /usr/local/csf/lib/ConfigServer/LookUpIP.pm l ine 26. Compilation failed in require at /usr/sbin/csf line 20. BEGIN failed--compilation aborted at /usr/sbin/csf line 20.
-
- Posts: 25
- Joined: Fri May 05, 2017 12:18 am
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
Thank you.SS88 wrote:Change the file /etc/csf/csf.conf and findServerHost wrote:Hello,
I installed on my vps, but it does not work with Proftpd. Do not block!
How do I block Proftpd?and change to where proftpd log isCode: Select all
FTPD_LOG = "/var/log/vsftpd.log"
Code: Select all
FTPD_LOG = "/path/to/proftpd.log"
Worked perfectly on my Centos 6.9 server. However on my Centos 7 server it did not work, it is not blocking proftpd.
Centos 6.9 OK!
Centos 7 Does not work
What could be happening?
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
I'm not 100% sure. This is a CSF issue.ServerHost wrote:Thank you.SS88 wrote:Change the file /etc/csf/csf.conf and findServerHost wrote:Hello,
I installed on my vps, but it does not work with Proftpd. Do not block!
How do I block Proftpd?and change to where proftpd log isCode: Select all
FTPD_LOG = "/var/log/vsftpd.log"
Code: Select all
FTPD_LOG = "/path/to/proftpd.log"
Worked perfectly on my Centos 6.9 server. However on my Centos 7 server it did not work, it is not blocking proftpd.
Centos 6.9 OK!
Centos 7 Does not work
What could be happening?
This post should help you: viewtopic.php?f=20&t=10209&start=80#p57236
but you would need to modify it for proftpd to match the login fails.
-
- Posts: 25
- Joined: Fri May 05, 2017 12:18 am
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
SS88 wrote:I'm not 100% sure. This is a CSF issue.ServerHost wrote:Thank you.SS88 wrote:
Change the file /etc/csf/csf.conf and findand change to where proftpd log isCode: Select all
FTPD_LOG = "/var/log/vsftpd.log"
Code: Select all
FTPD_LOG = "/path/to/proftpd.log"
Worked perfectly on my Centos 6.9 server. However on my Centos 7 server it did not work, it is not blocking proftpd.
Centos 6.9 OK!
Centos 7 Does not work
What could be happening?
This post should help you: viewtopic.php?f=20&t=10209&start=80#p57236
but you would need to modify it for proftpd to match the login fails.
Thak you again.
I found these posts but it did not work. :(
https://goo.gl/B6wirA
https://goo.gl/ojpykK
Would you have any ideas or suggestions?
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
Try this instead:ServerHost wrote:SS88 wrote:I'm not 100% sure. This is a CSF issue.ServerHost wrote:
Thank you.
Worked perfectly on my Centos 6.9 server. However on my Centos 7 server it did not work, it is not blocking proftpd.
Centos 6.9 OK!
Centos 7 Does not work
What could be happening?
This post should help you: viewtopic.php?f=20&t=10209&start=80#p57236
but you would need to modify it for proftpd to match the login fails.
Thak you again.
I found these posts but it did not work. :(
https://goo.gl/B6wirA
https://goo.gl/ojpykK
Would you have any ideas or suggestions?
Edit file /etc/csf/regex.custom.pm
Add the following BEFORE return 0;
Code: Select all
if (($lgfile eq $config{FTPD_LOG}) and ($line =~ /FAIL LOGIN: Client \"(\S+)\"/)) { return ("Failed FTP login from",$1,"vsftpd_ss88","5","20,21","1"); }
So your file will look something like this:
Code: Select all
#!/usr/bin/perl
###############################################################################
# Copyright 2006-2016, Way to the Web Limited
# URL: http://www.configserver.com
# Email: [email protected]
###############################################################################
sub custom_line {
my $line = shift;
my $lgfile = shift;
# Do not edit before this point
###############################################################################
#
# Custom regex matching can be added to this file without it being overwritten
# by csf upgrades. The format is slightly different to regex.pm to cater for
# additional parameters. You need to specify the log file that needs to be
# scanned for log line matches in csf.conf under CUSTOMx_LOG. You can scan up
# to 9 custom logs (CUSTOM1_LOG .. CUSTOM9_LOG)
#
# The regex matches in this file will supercede the matches in regex.pm
#
# Example:
# if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ pure-ftpd: \(\?\@(\d+\.\d+\.\d+\.\d+)\) \[WARNING\] Authentication failed for user/)) {
# return ("Failed myftpmatch login from",$1,"myftpmatch","5","20,21","1");
# }
#
# The return values from this example are as follows:
#
# "Failed myftpmatch login from" = text for custom failure message
# $1 = the offending IP address
# "myftpmatch" = a unique identifier for this custom rule, must be alphanumeric and have no spaces
# "5" = the trigger level for blocking
# "20,21" = the ports to block the IP from in a comma separated list, only used if LF_SELECT enabled. To specify the protocol use 53;udp,53;tcp
# "1" = n/temporary (n = number of seconds to temporarily block) or 1/permanant IP block, only used if LF_TRIGGER is disabled
if (($lgfile eq $config{FTPD_LOG}) and ($line =~ /FAIL LOGIN: Client \"(\S+)\"/)) { return ("Failed FTP login from",$1,"vsftpd_ss88","5","20,21","1"); }
# If the matches in this file are not syntactically correct for perl then lfd
# will fail with an error. You are responsible for the security of any regex
# expressions you use. Remember that log file spoofing can exploit poorly
# constructed regex's
###############################################################################
# Do not edit beyond this point
return 0;
}
1;
-
- Posts: 25
- Joined: Fri May 05, 2017 12:18 am
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
Did not work.SS88 wrote:Try this instead:ServerHost wrote:SS88 wrote:
I'm not 100% sure. This is a CSF issue.
This post should help you: viewtopic.php?f=20&t=10209&start=80#p57236
but you would need to modify it for proftpd to match the login fails.
Thak you again.
I found these posts but it did not work. :(
https://goo.gl/B6wirA
https://goo.gl/ojpykK
Would you have any ideas or suggestions?
Edit file /etc/csf/regex.custom.pm
Add the following BEFORE return 0;
Code: Select all
if (($lgfile eq $config{FTPD_LOG}) and ($line =~ /FAIL LOGIN: Client \"(\S+)\"/)) { return ("Failed FTP login from",$1,"vsftpd_ss88","5","20,21","1"); }
So your file will look something like this:Code: Select all
#!/usr/bin/perl ############################################################################### # Copyright 2006-2016, Way to the Web Limited # URL: http://www.configserver.com # Email: [email protected] ############################################################################### sub custom_line { my $line = shift; my $lgfile = shift; # Do not edit before this point ############################################################################### # # Custom regex matching can be added to this file without it being overwritten # by csf upgrades. The format is slightly different to regex.pm to cater for # additional parameters. You need to specify the log file that needs to be # scanned for log line matches in csf.conf under CUSTOMx_LOG. You can scan up # to 9 custom logs (CUSTOM1_LOG .. CUSTOM9_LOG) # # The regex matches in this file will supercede the matches in regex.pm # # Example: # if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ pure-ftpd: \(\?\@(\d+\.\d+\.\d+\.\d+)\) \[WARNING\] Authentication failed for user/)) { # return ("Failed myftpmatch login from",$1,"myftpmatch","5","20,21","1"); # } # # The return values from this example are as follows: # # "Failed myftpmatch login from" = text for custom failure message # $1 = the offending IP address # "myftpmatch" = a unique identifier for this custom rule, must be alphanumeric and have no spaces # "5" = the trigger level for blocking # "20,21" = the ports to block the IP from in a comma separated list, only used if LF_SELECT enabled. To specify the protocol use 53;udp,53;tcp # "1" = n/temporary (n = number of seconds to temporarily block) or 1/permanant IP block, only used if LF_TRIGGER is disabled if (($lgfile eq $config{FTPD_LOG}) and ($line =~ /FAIL LOGIN: Client \"(\S+)\"/)) { return ("Failed FTP login from",$1,"vsftpd_ss88","5","20,21","1"); } # If the matches in this file are not syntactically correct for perl then lfd # will fail with an error. You are responsible for the security of any regex # expressions you use. Remember that log file spoofing can exploit poorly # constructed regex's ############################################################################### # Do not edit beyond this point return 0; } 1;
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
Of sorry, that was for vsftpd. Can you show me the logs of Proftpd which show the login errors and I can make a regular expression to match the ip address.ServerHost wrote:Did not work.SS88 wrote:Try this instead:ServerHost wrote:
Thak you again.
I found these posts but it did not work. :(
https://goo.gl/B6wirA
https://goo.gl/ojpykK
Would you have any ideas or suggestions?
Edit file /etc/csf/regex.custom.pm
Add the following BEFORE return 0;
Code: Select all
if (($lgfile eq $config{FTPD_LOG}) and ($line =~ /FAIL LOGIN: Client \"(\S+)\"/)) { return ("Failed FTP login from",$1,"vsftpd_ss88","5","20,21","1"); }
So your file will look something like this:Code: Select all
#!/usr/bin/perl ############################################################################### # Copyright 2006-2016, Way to the Web Limited # URL: http://www.configserver.com # Email: [email protected] ############################################################################### sub custom_line { my $line = shift; my $lgfile = shift; # Do not edit before this point ############################################################################### # # Custom regex matching can be added to this file without it being overwritten # by csf upgrades. The format is slightly different to regex.pm to cater for # additional parameters. You need to specify the log file that needs to be # scanned for log line matches in csf.conf under CUSTOMx_LOG. You can scan up # to 9 custom logs (CUSTOM1_LOG .. CUSTOM9_LOG) # # The regex matches in this file will supercede the matches in regex.pm # # Example: # if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ pure-ftpd: \(\?\@(\d+\.\d+\.\d+\.\d+)\) \[WARNING\] Authentication failed for user/)) { # return ("Failed myftpmatch login from",$1,"myftpmatch","5","20,21","1"); # } # # The return values from this example are as follows: # # "Failed myftpmatch login from" = text for custom failure message # $1 = the offending IP address # "myftpmatch" = a unique identifier for this custom rule, must be alphanumeric and have no spaces # "5" = the trigger level for blocking # "20,21" = the ports to block the IP from in a comma separated list, only used if LF_SELECT enabled. To specify the protocol use 53;udp,53;tcp # "1" = n/temporary (n = number of seconds to temporarily block) or 1/permanant IP block, only used if LF_TRIGGER is disabled if (($lgfile eq $config{FTPD_LOG}) and ($line =~ /FAIL LOGIN: Client \"(\S+)\"/)) { return ("Failed FTP login from",$1,"vsftpd_ss88","5","20,21","1"); } # If the matches in this file are not syntactically correct for perl then lfd # will fail with an error. You are responsible for the security of any regex # expressions you use. Remember that log file spoofing can exploit poorly # constructed regex's ############################################################################### # Do not edit beyond this point return 0; } 1;
-
- Posts: 25
- Joined: Fri May 05, 2017 12:18 am
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
See my /var/log/proftpd/proftpd.logSS88 wrote:Of sorry, that was for vsftpd. Can you show me the logs of Proftpd which show the login errors and I can make a regular expression to match the ip address.ServerHost wrote:Did not work.SS88 wrote:
Try this instead:
Edit file /etc/csf/regex.custom.pm
Add the following BEFORE return 0;
Code: Select all
if (($lgfile eq $config{FTPD_LOG}) and ($line =~ /FAIL LOGIN: Client \"(\S+)\"/)) { return ("Failed FTP login from",$1,"vsftpd_ss88","5","20,21","1"); }
So your file will look something like this:Code: Select all
#!/usr/bin/perl ############################################################################### # Copyright 2006-2016, Way to the Web Limited # URL: http://www.configserver.com # Email: [email protected] ############################################################################### sub custom_line { my $line = shift; my $lgfile = shift; # Do not edit before this point ############################################################################### # # Custom regex matching can be added to this file without it being overwritten # by csf upgrades. The format is slightly different to regex.pm to cater for # additional parameters. You need to specify the log file that needs to be # scanned for log line matches in csf.conf under CUSTOMx_LOG. You can scan up # to 9 custom logs (CUSTOM1_LOG .. CUSTOM9_LOG) # # The regex matches in this file will supercede the matches in regex.pm # # Example: # if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ pure-ftpd: \(\?\@(\d+\.\d+\.\d+\.\d+)\) \[WARNING\] Authentication failed for user/)) { # return ("Failed myftpmatch login from",$1,"myftpmatch","5","20,21","1"); # } # # The return values from this example are as follows: # # "Failed myftpmatch login from" = text for custom failure message # $1 = the offending IP address # "myftpmatch" = a unique identifier for this custom rule, must be alphanumeric and have no spaces # "5" = the trigger level for blocking # "20,21" = the ports to block the IP from in a comma separated list, only used if LF_SELECT enabled. To specify the protocol use 53;udp,53;tcp # "1" = n/temporary (n = number of seconds to temporarily block) or 1/permanant IP block, only used if LF_TRIGGER is disabled if (($lgfile eq $config{FTPD_LOG}) and ($line =~ /FAIL LOGIN: Client \"(\S+)\"/)) { return ("Failed FTP login from",$1,"vsftpd_ss88","5","20,21","1"); } # If the matches in this file are not syntactically correct for perl then lfd # will fail with an error. You are responsible for the security of any regex # expressions you use. Remember that log file spoofing can exploit poorly # constructed regex's ############################################################################### # Do not edit beyond this point return 0; } 1;
2017-05-10 16:16:36,926 server.domain.com proftpd[30716] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session opened.
2017-05-10 16:16:37,351 server.domain.com proftpd[30716] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): USER user: no such user found from 200.105.xxx.xxx [200.105.xxx.xxx] to ::ffff:192.98.xxx.xxx:21
2017-05-10 16:16:39,719 server.domain.com proftpd[30716] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session closed.
2017-05-10 16:16:45,316 server.domain.com proftpd[30717] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session opened.
2017-05-10 16:16:45,770 server.domain.com proftpd[30717] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): USER user: no such user found from 200.105.xxx.xxx [200.105.xxx.xxx] to ::ffff:192.98.xxx.xxx:21
2017-05-10 16:16:48,695 server.domain.com proftpd[30717] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session closed.
2017-05-10 16:16:53,935 server.domain.com proftpd[30719] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session opened.
2017-05-10 16:16:54,347 server.domain.com proftpd[30719] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): USER user: no such user found from 200.105.xxx.xxx [200.105.xxx.xxx] to ::ffff:192.98.xxx.xxx:21
2017-05-10 16:16:57,455 server.domain.com proftpd[30719] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session closed.
2017-05-10 16:17:51,363 server.domain.com proftpd[30727] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session opened.
2017-05-10 16:17:51,805 server.domain.com proftpd[30727] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): USER user: no such user found from 200.105.xxx.xxx [200.105.xxx.xxx] to ::ffff:192.98.xxx.xxx:21
2017-05-10 16:17:55,304 server.domain.com proftpd[30727] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session closed.
2017-05-10 16:18:05,902 server.domain.com proftpd[30728] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session opened.
2017-05-10 16:18:08,694 server.domain.com proftpd[30728] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): USER admin (Login failed): Incorrect password
2017-05-10 16:18:09,591 server.domain.com proftpd[30728] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session closed.
2017-05-10 16:18:14,167 server.domain.com proftpd[30729] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session opened.
2017-05-10 16:18:16,702 server.domain.com proftpd[30729] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): USER admin (Login failed): Incorrect password
2017-05-10 16:18:17,136 server.domain.com proftpd[30729] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session closed.
2017-05-10 16:18:22,371 server.domain.com proftpd[30734] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session opened.
2017-05-10 16:18:24,977 server.domain.com proftpd[30734] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): USER admin (Login failed): Incorrect password
2017-05-10 16:18:25,183 server.domain.com proftpd[30734] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session closed.