[HOWTO] Install CSF + Use it's GUI in VestaCP Topic is solved

Section with modification and patches for Vesta
ArisC
Posts: 29
Joined: Tue Apr 18, 2017 1:37 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby ArisC » Mon May 08, 2017 4:41 pm

Code: Select all

*Error* The path to iptables is either not set or incorrect for IPTABLES [/sbin/           ip6tables] in /etc/csf/csf.conf at /usr/local/csf/lib/ConfigServer/LookUpIP.pm l           ine 26.
Compilation failed in require at /usr/sbin/csf line 20.
BEGIN failed--compilation aborted at /usr/sbin/csf line 20.


https://i.imgur.com/ZyKHm9W.png

SS88
Posts: 298
Joined: Thu Nov 19, 2015 12:40 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby SS88 » Mon May 08, 2017 5:03 pm

ArisC wrote:

Code: Select all

*Error* The path to iptables is either not set or incorrect for IPTABLES [/sbin/           ip6tables] in /etc/csf/csf.conf at /usr/local/csf/lib/ConfigServer/LookUpIP.pm l           ine 26.
Compilation failed in require at /usr/sbin/csf line 20.
BEGIN failed--compilation aborted at /usr/sbin/csf line 20.


https://i.imgur.com/ZyKHm9W.png


CSF needs iptables to run. Please reinstall iptables then it should work. You might have to re-run the installer (but you shouldn't have to).

ArisC
Posts: 29
Joined: Tue Apr 18, 2017 1:37 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby ArisC » Mon May 08, 2017 5:32 pm

SS88 wrote:
ArisC wrote:

Code: Select all

*Error* The path to iptables is either not set or incorrect for IPTABLES [/sbin/           ip6tables] in /etc/csf/csf.conf at /usr/local/csf/lib/ConfigServer/LookUpIP.pm l           ine 26.
Compilation failed in require at /usr/sbin/csf line 20.
BEGIN failed--compilation aborted at /usr/sbin/csf line 20.


https://i.imgur.com/ZyKHm9W.png


CSF needs iptables to run. Please reinstall iptables then it should work. You might have to re-run the installer (but you shouldn't have to).


Now It's Working. Thank's

ServerHost
Posts: 15
Joined: Fri May 05, 2017 12:18 am

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby ServerHost » Mon May 08, 2017 5:44 pm

SS88 wrote:
ServerHost wrote:Hello,

I installed on my vps, but it does not work with Proftpd. Do not block!

How do I block Proftpd?


Change the file /etc/csf/csf.conf and find

Code: Select all

FTPD_LOG = "/var/log/vsftpd.log"

and change to where proftpd log is

Code: Select all

FTPD_LOG = "/path/to/proftpd.log"


Thank you.
Worked perfectly on my Centos 6.9 server. However on my Centos 7 server it did not work, it is not blocking proftpd.

Centos 6.9 OK!
Centos 7 Does not work

What could be happening?

SS88
Posts: 298
Joined: Thu Nov 19, 2015 12:40 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby SS88 » Tue May 09, 2017 4:16 pm

ServerHost wrote:
SS88 wrote:
ServerHost wrote:Hello,

I installed on my vps, but it does not work with Proftpd. Do not block!

How do I block Proftpd?


Change the file /etc/csf/csf.conf and find

Code: Select all

FTPD_LOG = "/var/log/vsftpd.log"

and change to where proftpd log is

Code: Select all

FTPD_LOG = "/path/to/proftpd.log"


Thank you.
Worked perfectly on my Centos 6.9 server. However on my Centos 7 server it did not work, it is not blocking proftpd.

Centos 6.9 OK!
Centos 7 Does not work

What could be happening?


I'm not 100% sure. This is a CSF issue.

This post should help you: viewtopic.php?f=20&t=10209&start=80#p57236
but you would need to modify it for proftpd to match the login fails.

ServerHost
Posts: 15
Joined: Fri May 05, 2017 12:18 am

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby ServerHost » Tue May 09, 2017 6:49 pm

SS88 wrote:
ServerHost wrote:
SS88 wrote:
Change the file /etc/csf/csf.conf and find

Code: Select all

FTPD_LOG = "/var/log/vsftpd.log"

and change to where proftpd log is

Code: Select all

FTPD_LOG = "/path/to/proftpd.log"


Thank you.
Worked perfectly on my Centos 6.9 server. However on my Centos 7 server it did not work, it is not blocking proftpd.

Centos 6.9 OK!
Centos 7 Does not work

What could be happening?


I'm not 100% sure. This is a CSF issue.

This post should help you: viewtopic.php?f=20&t=10209&start=80#p57236
but you would need to modify it for proftpd to match the login fails.



Thak you again.

I found these posts but it did not work. :(
https://goo.gl/B6wirA
https://goo.gl/ojpykK

Would you have any ideas or suggestions?

SS88
Posts: 298
Joined: Thu Nov 19, 2015 12:40 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby SS88 » Tue May 09, 2017 10:31 pm

ServerHost wrote:
SS88 wrote:
ServerHost wrote:
Thank you.
Worked perfectly on my Centos 6.9 server. However on my Centos 7 server it did not work, it is not blocking proftpd.

Centos 6.9 OK!
Centos 7 Does not work

What could be happening?


I'm not 100% sure. This is a CSF issue.

This post should help you: viewtopic.php?f=20&t=10209&start=80#p57236
but you would need to modify it for proftpd to match the login fails.



Thak you again.

I found these posts but it did not work. :(
https://goo.gl/B6wirA
https://goo.gl/ojpykK

Would you have any ideas or suggestions?


Try this instead:

Edit file /etc/csf/regex.custom.pm

Add the following BEFORE return 0;

Code: Select all

if (($lgfile eq $config{FTPD_LOG}) and ($line =~ /FAIL LOGIN: Client \"(\S+)\"/)) { return ("Failed FTP login from",$1,"vsftpd_ss88","5","20,21","1"); }



So your file will look something like this:

Code: Select all

#!/usr/bin/perl
###############################################################################
# Copyright 2006-2016, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
###############################################################################

sub custom_line {
   my $line = shift;
   my $lgfile = shift;

# Do not edit before this point
###############################################################################
#
# Custom regex matching can be added to this file without it being overwritten
# by csf upgrades. The format is slightly different to regex.pm to cater for
# additional parameters. You need to specify the log file that needs to be
# scanned for log line matches in csf.conf under CUSTOMx_LOG. You can scan up
# to 9 custom logs (CUSTOM1_LOG .. CUSTOM9_LOG)
#
# The regex matches in this file will supercede the matches in regex.pm
#
# Example:
#   if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ pure-ftpd: \(\?\@(\d+\.\d+\.\d+\.\d+)\) \[WARNING\] Authentication failed for user/)) {
#      return ("Failed myftpmatch login from",$1,"myftpmatch","5","20,21","1");
#   }
#
# The return values from this example are as follows:
#
# "Failed myftpmatch login from" = text for custom failure message
# $1 = the offending IP address
# "myftpmatch" = a unique identifier for this custom rule, must be alphanumeric and have no spaces
# "5" = the trigger level for blocking
# "20,21" = the ports to block the IP from in a comma separated list, only used if LF_SELECT enabled. To specify the protocol use 53;udp,53;tcp
# "1" = n/temporary (n = number of seconds to temporarily block) or 1/permanant IP block, only used if LF_TRIGGER is disabled

if (($lgfile eq $config{FTPD_LOG}) and ($line =~ /FAIL LOGIN: Client \"(\S+)\"/)) { return ("Failed FTP login from",$1,"vsftpd_ss88","5","20,21","1"); }

# If the matches in this file are not syntactically correct for perl then lfd
# will fail with an error. You are responsible for the security of any regex
# expressions you use. Remember that log file spoofing can exploit poorly
# constructed regex's
###############################################################################
# Do not edit beyond this point

   return 0;
}

1;

ServerHost
Posts: 15
Joined: Fri May 05, 2017 12:18 am

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby ServerHost » Wed May 10, 2017 3:36 pm

SS88 wrote:
ServerHost wrote:
SS88 wrote:
I'm not 100% sure. This is a CSF issue.

This post should help you: viewtopic.php?f=20&t=10209&start=80#p57236
but you would need to modify it for proftpd to match the login fails.



Thak you again.

I found these posts but it did not work. :(
https://goo.gl/B6wirA
https://goo.gl/ojpykK

Would you have any ideas or suggestions?


Try this instead:

Edit file /etc/csf/regex.custom.pm

Add the following BEFORE return 0;

Code: Select all

if (($lgfile eq $config{FTPD_LOG}) and ($line =~ /FAIL LOGIN: Client \"(\S+)\"/)) { return ("Failed FTP login from",$1,"vsftpd_ss88","5","20,21","1"); }



So your file will look something like this:

Code: Select all

#!/usr/bin/perl
###############################################################################
# Copyright 2006-2016, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
###############################################################################

sub custom_line {
   my $line = shift;
   my $lgfile = shift;

# Do not edit before this point
###############################################################################
#
# Custom regex matching can be added to this file without it being overwritten
# by csf upgrades. The format is slightly different to regex.pm to cater for
# additional parameters. You need to specify the log file that needs to be
# scanned for log line matches in csf.conf under CUSTOMx_LOG. You can scan up
# to 9 custom logs (CUSTOM1_LOG .. CUSTOM9_LOG)
#
# The regex matches in this file will supercede the matches in regex.pm
#
# Example:
#   if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ pure-ftpd: \(\?\@(\d+\.\d+\.\d+\.\d+)\) \[WARNING\] Authentication failed for user/)) {
#      return ("Failed myftpmatch login from",$1,"myftpmatch","5","20,21","1");
#   }
#
# The return values from this example are as follows:
#
# "Failed myftpmatch login from" = text for custom failure message
# $1 = the offending IP address
# "myftpmatch" = a unique identifier for this custom rule, must be alphanumeric and have no spaces
# "5" = the trigger level for blocking
# "20,21" = the ports to block the IP from in a comma separated list, only used if LF_SELECT enabled. To specify the protocol use 53;udp,53;tcp
# "1" = n/temporary (n = number of seconds to temporarily block) or 1/permanant IP block, only used if LF_TRIGGER is disabled

if (($lgfile eq $config{FTPD_LOG}) and ($line =~ /FAIL LOGIN: Client \"(\S+)\"/)) { return ("Failed FTP login from",$1,"vsftpd_ss88","5","20,21","1"); }

# If the matches in this file are not syntactically correct for perl then lfd
# will fail with an error. You are responsible for the security of any regex
# expressions you use. Remember that log file spoofing can exploit poorly
# constructed regex's
###############################################################################
# Do not edit beyond this point

   return 0;
}

1;


Did not work.

SS88
Posts: 298
Joined: Thu Nov 19, 2015 12:40 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby SS88 » Wed May 10, 2017 3:39 pm

ServerHost wrote:
SS88 wrote:
ServerHost wrote:

Thak you again.

I found these posts but it did not work. :(
https://goo.gl/B6wirA
https://goo.gl/ojpykK

Would you have any ideas or suggestions?


Try this instead:

Edit file /etc/csf/regex.custom.pm

Add the following BEFORE return 0;

Code: Select all

if (($lgfile eq $config{FTPD_LOG}) and ($line =~ /FAIL LOGIN: Client \"(\S+)\"/)) { return ("Failed FTP login from",$1,"vsftpd_ss88","5","20,21","1"); }



So your file will look something like this:

Code: Select all

#!/usr/bin/perl
###############################################################################
# Copyright 2006-2016, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
###############################################################################

sub custom_line {
   my $line = shift;
   my $lgfile = shift;

# Do not edit before this point
###############################################################################
#
# Custom regex matching can be added to this file without it being overwritten
# by csf upgrades. The format is slightly different to regex.pm to cater for
# additional parameters. You need to specify the log file that needs to be
# scanned for log line matches in csf.conf under CUSTOMx_LOG. You can scan up
# to 9 custom logs (CUSTOM1_LOG .. CUSTOM9_LOG)
#
# The regex matches in this file will supercede the matches in regex.pm
#
# Example:
#   if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ pure-ftpd: \(\?\@(\d+\.\d+\.\d+\.\d+)\) \[WARNING\] Authentication failed for user/)) {
#      return ("Failed myftpmatch login from",$1,"myftpmatch","5","20,21","1");
#   }
#
# The return values from this example are as follows:
#
# "Failed myftpmatch login from" = text for custom failure message
# $1 = the offending IP address
# "myftpmatch" = a unique identifier for this custom rule, must be alphanumeric and have no spaces
# "5" = the trigger level for blocking
# "20,21" = the ports to block the IP from in a comma separated list, only used if LF_SELECT enabled. To specify the protocol use 53;udp,53;tcp
# "1" = n/temporary (n = number of seconds to temporarily block) or 1/permanant IP block, only used if LF_TRIGGER is disabled

if (($lgfile eq $config{FTPD_LOG}) and ($line =~ /FAIL LOGIN: Client \"(\S+)\"/)) { return ("Failed FTP login from",$1,"vsftpd_ss88","5","20,21","1"); }

# If the matches in this file are not syntactically correct for perl then lfd
# will fail with an error. You are responsible for the security of any regex
# expressions you use. Remember that log file spoofing can exploit poorly
# constructed regex's
###############################################################################
# Do not edit beyond this point

   return 0;
}

1;


Did not work.


Of sorry, that was for vsftpd. Can you show me the logs of Proftpd which show the login errors and I can make a regular expression to match the ip address.

ServerHost
Posts: 15
Joined: Fri May 05, 2017 12:18 am

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby ServerHost » Wed May 10, 2017 7:25 pm

SS88 wrote:
ServerHost wrote:
SS88 wrote:
Try this instead:

Edit file /etc/csf/regex.custom.pm

Add the following BEFORE return 0;

Code: Select all

if (($lgfile eq $config{FTPD_LOG}) and ($line =~ /FAIL LOGIN: Client \"(\S+)\"/)) { return ("Failed FTP login from",$1,"vsftpd_ss88","5","20,21","1"); }



So your file will look something like this:

Code: Select all

#!/usr/bin/perl
###############################################################################
# Copyright 2006-2016, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
###############################################################################

sub custom_line {
   my $line = shift;
   my $lgfile = shift;

# Do not edit before this point
###############################################################################
#
# Custom regex matching can be added to this file without it being overwritten
# by csf upgrades. The format is slightly different to regex.pm to cater for
# additional parameters. You need to specify the log file that needs to be
# scanned for log line matches in csf.conf under CUSTOMx_LOG. You can scan up
# to 9 custom logs (CUSTOM1_LOG .. CUSTOM9_LOG)
#
# The regex matches in this file will supercede the matches in regex.pm
#
# Example:
#   if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ pure-ftpd: \(\?\@(\d+\.\d+\.\d+\.\d+)\) \[WARNING\] Authentication failed for user/)) {
#      return ("Failed myftpmatch login from",$1,"myftpmatch","5","20,21","1");
#   }
#
# The return values from this example are as follows:
#
# "Failed myftpmatch login from" = text for custom failure message
# $1 = the offending IP address
# "myftpmatch" = a unique identifier for this custom rule, must be alphanumeric and have no spaces
# "5" = the trigger level for blocking
# "20,21" = the ports to block the IP from in a comma separated list, only used if LF_SELECT enabled. To specify the protocol use 53;udp,53;tcp
# "1" = n/temporary (n = number of seconds to temporarily block) or 1/permanant IP block, only used if LF_TRIGGER is disabled

if (($lgfile eq $config{FTPD_LOG}) and ($line =~ /FAIL LOGIN: Client \"(\S+)\"/)) { return ("Failed FTP login from",$1,"vsftpd_ss88","5","20,21","1"); }

# If the matches in this file are not syntactically correct for perl then lfd
# will fail with an error. You are responsible for the security of any regex
# expressions you use. Remember that log file spoofing can exploit poorly
# constructed regex's
###############################################################################
# Do not edit beyond this point

   return 0;
}

1;


Did not work.


Of sorry, that was for vsftpd. Can you show me the logs of Proftpd which show the login errors and I can make a regular expression to match the ip address.


See my /var/log/proftpd/proftpd.log

2017-05-10 16:16:36,926 server.domain.com proftpd[30716] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session opened.
2017-05-10 16:16:37,351 server.domain.com proftpd[30716] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): USER user: no such user found from 200.105.xxx.xxx [200.105.xxx.xxx] to ::ffff:192.98.xxx.xxx:21
2017-05-10 16:16:39,719 server.domain.com proftpd[30716] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session closed.
2017-05-10 16:16:45,316 server.domain.com proftpd[30717] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session opened.
2017-05-10 16:16:45,770 server.domain.com proftpd[30717] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): USER user: no such user found from 200.105.xxx.xxx [200.105.xxx.xxx] to ::ffff:192.98.xxx.xxx:21
2017-05-10 16:16:48,695 server.domain.com proftpd[30717] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session closed.
2017-05-10 16:16:53,935 server.domain.com proftpd[30719] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session opened.
2017-05-10 16:16:54,347 server.domain.com proftpd[30719] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): USER user: no such user found from 200.105.xxx.xxx [200.105.xxx.xxx] to ::ffff:192.98.xxx.xxx:21
2017-05-10 16:16:57,455 server.domain.com proftpd[30719] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session closed.
2017-05-10 16:17:51,363 server.domain.com proftpd[30727] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session opened.
2017-05-10 16:17:51,805 server.domain.com proftpd[30727] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): USER user: no such user found from 200.105.xxx.xxx [200.105.xxx.xxx] to ::ffff:192.98.xxx.xxx:21
2017-05-10 16:17:55,304 server.domain.com proftpd[30727] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session closed.
2017-05-10 16:18:05,902 server.domain.com proftpd[30728] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session opened.
2017-05-10 16:18:08,694 server.domain.com proftpd[30728] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): USER admin (Login failed): Incorrect password
2017-05-10 16:18:09,591 server.domain.com proftpd[30728] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session closed.
2017-05-10 16:18:14,167 server.domain.com proftpd[30729] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session opened.
2017-05-10 16:18:16,702 server.domain.com proftpd[30729] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): USER admin (Login failed): Incorrect password
2017-05-10 16:18:17,136 server.domain.com proftpd[30729] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session closed.
2017-05-10 16:18:22,371 server.domain.com proftpd[30734] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session opened.
2017-05-10 16:18:24,977 server.domain.com proftpd[30734] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): USER admin (Login failed): Incorrect password
2017-05-10 16:18:25,183 server.domain.com proftpd[30734] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session closed.


Return to “Modification & Patches”



Who is online

Users browsing this forum: No registered users and 4 guests