Page 1 of 16

[HOWTO] Install CSF + Use it's GUI in VestaCP

Posted: Tue Jan 05, 2016 1:03 am
by SS88
Hi guys,

I managed to install the CSF GUI (online web interface) on my VestaCP. I'm going to put up a tutorial soon on how to add this, it was quite simple after a bottle of wine!

Image

Here goes!

Tested on Debian, Ubuntu, and CentOS...
THIS SCRIPT IS FOR Vesta 0.9.8-15 - 0.9.8-21

CSF updated their design in version 9.20 - you need to re-download this in order to see it. Mobile view is always enabled despite what the CSF config shows (resize your browser to see the functions).

IT IS ALWAYS A GOOD IDEA TO BACKUP EVERYTHING. BACKUP CSF + VESTA
  • This will install the most recent version of CSF. If you have CSF installed it will attempt to install/update to the most recent version. If you already have the latest version it will attempt to install it but you will not lose any CSF configuration changes.
  • This will also overwrite the file /usr/local/vesta/web/templates/admin/panel.html (a VestaCP template file)
  • This script does not install any CSF configuration settings. I would not disable testing mode until you have added VestaCP's port into the configuration of CSF.
  • This script does not remove or disable fail2ban or iptables used by Vesta
Simply re-running the script again after a VestaCP update will update CSF and add the link back.

Code: Select all

wget https://vestacp.ss88.uk/Install_CSF_on_VestaCP/Install.sh -O ./Install.sh
chmod 777 ./Install.sh
sudo ./Install.sh
Install custom rules for proftpd and vsftpd

Head over to GitHub (I'm slowly migrating everything there) where you will need to edit one file with a few lines to help CSF block incorrect FTP logins.

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Posted: Wed Jan 06, 2016 6:11 pm
by DBBJAF
Nice one.while there is no update from Vesta, it will be nice if you share this HOW TO with people.

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Posted: Wed Jan 06, 2016 9:08 pm
by SS88
All done! :)

Let me know any problems / the outcome.

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Posted: Thu Jan 07, 2016 8:40 am
by DBBJAF
SS88 wrote:All done! :)

Let me know any problems / the outcome.
thank you for update.
this cfs work fine, add one option in vesta nav bar called cfs and look like fine to me.
i started cfs and then followup configuration
i have this question:
1- why cfs can't block fail attempt on ssh port or ftp ?
2- why user must set recommended settings like TESTING mode check,RESTRICT_SYSLOG ,LF_POP3D option check... etc ?and why this option not set to enabled by default?
3-i have to put my office ip on allowed ip to access vesta panel,cfs must to allow port 8083 for users and admin but check failure login attempt.

i run this for first time and not familiar with cfs settings.

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Posted: Thu Jan 07, 2016 1:13 pm
by SS88
DBBJAF wrote:
SS88 wrote:All done! :)

Let me know any problems / the outcome.
thank you for update.
this cfs work fine, add one option in vesta nav bar called cfs and look like fine to me.
i started cfs and then followup configuration
i have this question:
1- why cfs can't block fail attempt on ssh port or ftp ?
2- why user must set recommended settings like TESTING mode check,RESTRICT_SYSLOG ,LF_POP3D option check... etc ?and why this option not set to enabled by default?
3-i have to put my office ip on allowed ip to access vesta panel,cfs must to allow port 8083 for users and admin but check failure login attempt.

i run this for first time and not familiar with cfs settings.
1) You probably need to update the settings so it's scanning the correct logs, like so:
erldcrtz wrote: (this is for CentOS 6.5)
HTACCESS_LOG = "/var/log/httpd/error_log"
MODSEC_LOG = "/var/log/httpd/error_log"
SSHD_LOG = "/var/log/secure"
SU_LOG = "/var/log/messages"
FTPD_LOG = "/var/log/secure"
SMTPAUTH_LOG = "/var/log/secure"
POP3D_LOG = "/var/log/maillog"
IMAPD_LOG = "/var/log/maillog"
IPTABLES_LOG = "/var/log/messages"
SUHOSIN_LOG = "/var/log/messages"
BIND_LOG = "/var/log/messages"
SYSLOG_LOG = "/var/log/messages"
2) this script installs the default CSF configuration. The user must enable/disable it himself because every server set-up can be different.

3) i do not understand what you are asking

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Posted: Thu Jan 07, 2016 2:16 pm
by DBBJAF
thank you.i think whole thing depend on correct logs,but for clearing
SS88 wrote:3) i do not understand what you are asking
for fist time i cant access vesta panel on port 8083 .thats all i asked.but let me check configuration again.
thanks btw.
PS:
log file path must set in /etc/csf/csf.logfiles ?

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Posted: Thu Jan 07, 2016 2:37 pm
by SS88
DBBJAF wrote:thank you.i think whole thing depend on correct logs,but for clearing
SS88 wrote:3) i do not understand what you are asking
for fist time i cant access vesta panel on port 8083 .thats all i asked.but let me check configuration again.
thanks btw.
PS:
log file path must set in /etc/csf/csf.logfiles ?
The log file paths must be set in /etc/csf/csf.conf

You must add port 8083 to TCP_IN in /etc/csf/csf.conf

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Posted: Thu Jan 07, 2016 10:16 pm
by DBBJAF
ok,still no luck on blocking ip that have more than X failure try again ssh or ftp.
what i done for now :
moving ssh port to non-default port like 3344
allowing 3344 and 8083 (vesta) on TCP_IN
put port 3344 in PORTS_sshd = 3344 (restircted UI items)
restart csf + lfd .so what's the problem ?

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Posted: Fri Jan 08, 2016 1:19 am
by SS88
DBBJAF wrote:ok,still no luck on blocking ip that have more than X failure try again ssh or ftp.
what i done for now :
moving ssh port to non-default port like 3344
allowing 3344 and 8083 (vesta) on TCP_IN
put port 3344 in PORTS_sshd = 3344 (restircted UI items)
restart csf + lfd .so what's the problem ?
Take a look at "Connection Tracking" and "Login Failure Blocking Alerts" this is what you want.

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Posted: Fri Jan 08, 2016 11:44 am
by DBBJAF
configuration file is default config and i don't change anything,except recommended setting (like disabling start up services , enable syslog and so on).
ssh login failure works fine ,my problem whit vsftpd still remain ,the correct log that i checked is /var/log/vsftpd.log :

Code: Select all

Mon Jan  4 21:12:42 2016 [pid 4302] CONNECT: Client "192.169.169.142"
Mon Jan  4 21:12:44 2016 [pid 4301] [admin] FAIL LOGIN: Client "192.169.169.142"
Mon Jan  4 22:25:32 2016 [pid 8471] CONNECT: Client "192.169.169.142"
Mon Jan  4 22:25:34 2016 [pid 8470] [administrator] FAIL LOGIN: Client "192.169.169.142"
Mon Jan  4 23:08:37 2016 [pid 10873] CONNECT: Client "192.169.169.142"
Mon Jan  4 23:08:40 2016 [pid 10872] [test] FAIL LOGIN: Client "192.169.169.142"
Tue Jan  5 18:27:29 2016 [pid 13276] CONNECT: Client "61.216.2.13"
i add this path in /etc/csf/csf.conf ,as ftpd log file or even custom log but not working for fail login attemp :

Code: Select all

#FTPD_LOG = "/var/log/secure"
#FTPD_LOG = "/var/log/vsftpd.log"
CUSTOM2_LOG = "/var/log/vsftpd.log"
any idea?