[HOWTO] Install CSF + Use it's GUI in VestaCP Topic is solved

Section with modification and patches for Vesta
SS88
Posts: 298
Joined: Thu Nov 19, 2015 12:40 pm

[HOWTO] Install CSF + Use it's GUI in VestaCP  Topic is solved

Postby SS88 » Tue Jan 05, 2016 1:03 am

Hi guys,

I managed to install the CSF GUI (online web interface) on my VestaCP. I'm going to put up a tutorial soon on how to add this, it was quite simple after a bottle of wine!

Image

Here goes!

Tested on Debian, Ubuntu, and CentOS...
THIS SCRIPT IS FOR Vesta 0.9.8-15, 0.9.8-16, and 0.9.8-17

CSF updated their design in version 9.20 - you need to re-download this in order to see it. Mobile view is always enabled despite what the CSF config shows (resize your browser to see the functions).

IT IS ALWAYS A GOOD IDEA TO BACKUP EVERYTHING. BACKUP CSF + VESTA

  • This will install the most recent version of CSF. If you have CSF installed it will attempt to install/update to the most recent version. If you already have the latest version it will attempt to install it but you will not lose any CSF configuration changes.
  • This will also overwrite the file /usr/local/vesta/web/templates/admin/panel.html (a VestaCP template file)
  • This script does not install any CSF configuration settings. I would not disable testing mode until you have added VestaCP's port into the configuration of CSF.
  • This script does not remove or disable fail2ban or iptables used by Vesta

Simply re-running the script again after a VestaCP update will update CSF and add the link back.

Code: Select all

wget https://vestacp.ss88.uk/Install_CSF_on_VestaCP/Install.sh -O ./Install.sh
chmod 777 ./Install.sh
sudo ./Install.sh


Install custom rules for proftpd and vsftpd

Head over to GitHub (I'm slowly migrating everything there) where you will need to edit one file with a few lines to help CSF block incorrect FTP logins.
Last edited by SS88 on Sat May 13, 2017 11:18 am, edited 10 times in total.

DBBJAF
Posts: 16
Joined: Fri Dec 25, 2015 6:10 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby DBBJAF » Wed Jan 06, 2016 6:11 pm

Nice one.while there is no update from Vesta, it will be nice if you share this HOW TO with people.

SS88
Posts: 298
Joined: Thu Nov 19, 2015 12:40 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby SS88 » Wed Jan 06, 2016 9:08 pm

All done! :)

Let me know any problems / the outcome.

DBBJAF
Posts: 16
Joined: Fri Dec 25, 2015 6:10 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby DBBJAF » Thu Jan 07, 2016 8:40 am

SS88 wrote:All done! :)

Let me know any problems / the outcome.

thank you for update.
this cfs work fine, add one option in vesta nav bar called cfs and look like fine to me.
i started cfs and then followup configuration
i have this question:
1- why cfs can't block fail attempt on ssh port or ftp ?
2- why user must set recommended settings like TESTING mode check,RESTRICT_SYSLOG ,LF_POP3D option check... etc ?and why this option not set to enabled by default?
3-i have to put my office ip on allowed ip to access vesta panel,cfs must to allow port 8083 for users and admin but check failure login attempt.

i run this for first time and not familiar with cfs settings.

SS88
Posts: 298
Joined: Thu Nov 19, 2015 12:40 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby SS88 » Thu Jan 07, 2016 1:13 pm

DBBJAF wrote:
SS88 wrote:All done! :)

Let me know any problems / the outcome.

thank you for update.
this cfs work fine, add one option in vesta nav bar called cfs and look like fine to me.
i started cfs and then followup configuration
i have this question:
1- why cfs can't block fail attempt on ssh port or ftp ?
2- why user must set recommended settings like TESTING mode check,RESTRICT_SYSLOG ,LF_POP3D option check... etc ?and why this option not set to enabled by default?
3-i have to put my office ip on allowed ip to access vesta panel,cfs must to allow port 8083 for users and admin but check failure login attempt.

i run this for first time and not familiar with cfs settings.


1) You probably need to update the settings so it's scanning the correct logs, like so:

erldcrtz wrote:(this is for CentOS 6.5)
HTACCESS_LOG = "/var/log/httpd/error_log"
MODSEC_LOG = "/var/log/httpd/error_log"
SSHD_LOG = "/var/log/secure"
SU_LOG = "/var/log/messages"
FTPD_LOG = "/var/log/secure"
SMTPAUTH_LOG = "/var/log/secure"
POP3D_LOG = "/var/log/maillog"
IMAPD_LOG = "/var/log/maillog"
IPTABLES_LOG = "/var/log/messages"
SUHOSIN_LOG = "/var/log/messages"
BIND_LOG = "/var/log/messages"
SYSLOG_LOG = "/var/log/messages"


2) this script installs the default CSF configuration. The user must enable/disable it himself because every server set-up can be different.

3) i do not understand what you are asking

DBBJAF
Posts: 16
Joined: Fri Dec 25, 2015 6:10 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby DBBJAF » Thu Jan 07, 2016 2:16 pm

thank you.i think whole thing depend on correct logs,but for clearing
SS88 wrote:3) i do not understand what you are asking
for fist time i cant access vesta panel on port 8083 .thats all i asked.but let me check configuration again.
thanks btw.
PS:
log file path must set in /etc/csf/csf.logfiles ?

SS88
Posts: 298
Joined: Thu Nov 19, 2015 12:40 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby SS88 » Thu Jan 07, 2016 2:37 pm

DBBJAF wrote:thank you.i think whole thing depend on correct logs,but for clearing
SS88 wrote:3) i do not understand what you are asking
for fist time i cant access vesta panel on port 8083 .thats all i asked.but let me check configuration again.
thanks btw.
PS:
log file path must set in /etc/csf/csf.logfiles ?


The log file paths must be set in /etc/csf/csf.conf

You must add port 8083 to TCP_IN in /etc/csf/csf.conf

DBBJAF
Posts: 16
Joined: Fri Dec 25, 2015 6:10 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby DBBJAF » Thu Jan 07, 2016 10:16 pm

ok,still no luck on blocking ip that have more than X failure try again ssh or ftp.
what i done for now :
moving ssh port to non-default port like 3344
allowing 3344 and 8083 (vesta) on TCP_IN
put port 3344 in PORTS_sshd = 3344 (restircted UI items)
restart csf + lfd .so what's the problem ?

SS88
Posts: 298
Joined: Thu Nov 19, 2015 12:40 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby SS88 » Fri Jan 08, 2016 1:19 am

DBBJAF wrote:ok,still no luck on blocking ip that have more than X failure try again ssh or ftp.
what i done for now :
moving ssh port to non-default port like 3344
allowing 3344 and 8083 (vesta) on TCP_IN
put port 3344 in PORTS_sshd = 3344 (restircted UI items)
restart csf + lfd .so what's the problem ?


Take a look at "Connection Tracking" and "Login Failure Blocking Alerts" this is what you want.

DBBJAF
Posts: 16
Joined: Fri Dec 25, 2015 6:10 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby DBBJAF » Fri Jan 08, 2016 11:44 am

configuration file is default config and i don't change anything,except recommended setting (like disabling start up services , enable syslog and so on).
ssh login failure works fine ,my problem whit vsftpd still remain ,the correct log that i checked is /var/log/vsftpd.log :

Code: Select all

Mon Jan  4 21:12:42 2016 [pid 4302] CONNECT: Client "192.169.169.142"
Mon Jan  4 21:12:44 2016 [pid 4301] [admin] FAIL LOGIN: Client "192.169.169.142"
Mon Jan  4 22:25:32 2016 [pid 8471] CONNECT: Client "192.169.169.142"
Mon Jan  4 22:25:34 2016 [pid 8470] [administrator] FAIL LOGIN: Client "192.169.169.142"
Mon Jan  4 23:08:37 2016 [pid 10873] CONNECT: Client "192.169.169.142"
Mon Jan  4 23:08:40 2016 [pid 10872] [test] FAIL LOGIN: Client "192.169.169.142"
Tue Jan  5 18:27:29 2016 [pid 13276] CONNECT: Client "61.216.2.13"

i add this path in /etc/csf/csf.conf ,as ftpd log file or even custom log but not working for fail login attemp :

Code: Select all

#FTPD_LOG = "/var/log/secure"
#FTPD_LOG = "/var/log/vsftpd.log"
CUSTOM2_LOG = "/var/log/vsftpd.log"

any idea?


Return to “Modification & Patches”



Who is online

Users browsing this forum: No registered users and 4 guests

cron