[HOWTO] Install CSF + Use it's GUI in VestaCP Topic is solved

Section with modification and patches for Vesta
Forum rules
Before creating a new topic or reply on the forum you should fill out additional fields "Os" and "Web" in your profile section.
In case of violation, the topic can be closed or response from the support will not be received.
SS88
Posts: 306
Joined: Thu Nov 19, 2015 12:40 pm

[HOWTO] Install CSF + Use it's GUI in VestaCP  Topic is solved

Postby SS88 » Tue Jan 05, 2016 1:03 am

Hi guys,

I managed to install the CSF GUI (online web interface) on my VestaCP. I'm going to put up a tutorial soon on how to add this, it was quite simple after a bottle of wine!

Image

Here goes!

Tested on Debian, Ubuntu, and CentOS...
THIS SCRIPT IS FOR Vesta 0.9.8-15, 0.9.8-16, 0.9.8-17, and 0.9.8-18

CSF updated their design in version 9.20 - you need to re-download this in order to see it. Mobile view is always enabled despite what the CSF config shows (resize your browser to see the functions).

IT IS ALWAYS A GOOD IDEA TO BACKUP EVERYTHING. BACKUP CSF + VESTA

  • This will install the most recent version of CSF. If you have CSF installed it will attempt to install/update to the most recent version. If you already have the latest version it will attempt to install it but you will not lose any CSF configuration changes.
  • This will also overwrite the file /usr/local/vesta/web/templates/admin/panel.html (a VestaCP template file)
  • This script does not install any CSF configuration settings. I would not disable testing mode until you have added VestaCP's port into the configuration of CSF.
  • This script does not remove or disable fail2ban or iptables used by Vesta

Simply re-running the script again after a VestaCP update will update CSF and add the link back.

Code: Select all

wget https://vestacp.ss88.uk/Install_CSF_on_VestaCP/Install.sh -O ./Install.sh
chmod 777 ./Install.sh
sudo ./Install.sh


Install custom rules for proftpd and vsftpd

Head over to GitHub (I'm slowly migrating everything there) where you will need to edit one file with a few lines to help CSF block incorrect FTP logins.
Last edited by SS88 on Fri Jan 05, 2018 1:01 pm, edited 11 times in total.

DBBJAF
Posts: 16
Joined: Fri Dec 25, 2015 6:10 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby DBBJAF » Wed Jan 06, 2016 6:11 pm

Nice one.while there is no update from Vesta, it will be nice if you share this HOW TO with people.

SS88
Posts: 306
Joined: Thu Nov 19, 2015 12:40 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby SS88 » Wed Jan 06, 2016 9:08 pm

All done! :)

Let me know any problems / the outcome.

DBBJAF
Posts: 16
Joined: Fri Dec 25, 2015 6:10 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby DBBJAF » Thu Jan 07, 2016 8:40 am

SS88 wrote:All done! :)

Let me know any problems / the outcome.

thank you for update.
this cfs work fine, add one option in vesta nav bar called cfs and look like fine to me.
i started cfs and then followup configuration
i have this question:
1- why cfs can't block fail attempt on ssh port or ftp ?
2- why user must set recommended settings like TESTING mode check,RESTRICT_SYSLOG ,LF_POP3D option check... etc ?and why this option not set to enabled by default?
3-i have to put my office ip on allowed ip to access vesta panel,cfs must to allow port 8083 for users and admin but check failure login attempt.

i run this for first time and not familiar with cfs settings.

SS88
Posts: 306
Joined: Thu Nov 19, 2015 12:40 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby SS88 » Thu Jan 07, 2016 1:13 pm

DBBJAF wrote:
SS88 wrote:All done! :)

Let me know any problems / the outcome.

thank you for update.
this cfs work fine, add one option in vesta nav bar called cfs and look like fine to me.
i started cfs and then followup configuration
i have this question:
1- why cfs can't block fail attempt on ssh port or ftp ?
2- why user must set recommended settings like TESTING mode check,RESTRICT_SYSLOG ,LF_POP3D option check... etc ?and why this option not set to enabled by default?
3-i have to put my office ip on allowed ip to access vesta panel,cfs must to allow port 8083 for users and admin but check failure login attempt.

i run this for first time and not familiar with cfs settings.


1) You probably need to update the settings so it's scanning the correct logs, like so:

erldcrtz wrote:(this is for CentOS 6.5)
HTACCESS_LOG = "/var/log/httpd/error_log"
MODSEC_LOG = "/var/log/httpd/error_log"
SSHD_LOG = "/var/log/secure"
SU_LOG = "/var/log/messages"
FTPD_LOG = "/var/log/secure"
SMTPAUTH_LOG = "/var/log/secure"
POP3D_LOG = "/var/log/maillog"
IMAPD_LOG = "/var/log/maillog"
IPTABLES_LOG = "/var/log/messages"
SUHOSIN_LOG = "/var/log/messages"
BIND_LOG = "/var/log/messages"
SYSLOG_LOG = "/var/log/messages"


2) this script installs the default CSF configuration. The user must enable/disable it himself because every server set-up can be different.

3) i do not understand what you are asking

DBBJAF
Posts: 16
Joined: Fri Dec 25, 2015 6:10 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby DBBJAF » Thu Jan 07, 2016 2:16 pm

thank you.i think whole thing depend on correct logs,but for clearing
SS88 wrote:3) i do not understand what you are asking
for fist time i cant access vesta panel on port 8083 .thats all i asked.but let me check configuration again.
thanks btw.
PS:
log file path must set in /etc/csf/csf.logfiles ?

SS88
Posts: 306
Joined: Thu Nov 19, 2015 12:40 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby SS88 » Thu Jan 07, 2016 2:37 pm

DBBJAF wrote:thank you.i think whole thing depend on correct logs,but for clearing
SS88 wrote:3) i do not understand what you are asking
for fist time i cant access vesta panel on port 8083 .thats all i asked.but let me check configuration again.
thanks btw.
PS:
log file path must set in /etc/csf/csf.logfiles ?


The log file paths must be set in /etc/csf/csf.conf

You must add port 8083 to TCP_IN in /etc/csf/csf.conf

DBBJAF
Posts: 16
Joined: Fri Dec 25, 2015 6:10 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby DBBJAF » Thu Jan 07, 2016 10:16 pm

ok,still no luck on blocking ip that have more than X failure try again ssh or ftp.
what i done for now :
moving ssh port to non-default port like 3344
allowing 3344 and 8083 (vesta) on TCP_IN
put port 3344 in PORTS_sshd = 3344 (restircted UI items)
restart csf + lfd .so what's the problem ?

SS88
Posts: 306
Joined: Thu Nov 19, 2015 12:40 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby SS88 » Fri Jan 08, 2016 1:19 am

DBBJAF wrote:ok,still no luck on blocking ip that have more than X failure try again ssh or ftp.
what i done for now :
moving ssh port to non-default port like 3344
allowing 3344 and 8083 (vesta) on TCP_IN
put port 3344 in PORTS_sshd = 3344 (restircted UI items)
restart csf + lfd .so what's the problem ?


Take a look at "Connection Tracking" and "Login Failure Blocking Alerts" this is what you want.

DBBJAF
Posts: 16
Joined: Fri Dec 25, 2015 6:10 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby DBBJAF » Fri Jan 08, 2016 11:44 am

configuration file is default config and i don't change anything,except recommended setting (like disabling start up services , enable syslog and so on).
ssh login failure works fine ,my problem whit vsftpd still remain ,the correct log that i checked is /var/log/vsftpd.log :

Code: Select all

Mon Jan  4 21:12:42 2016 [pid 4302] CONNECT: Client "192.169.169.142"
Mon Jan  4 21:12:44 2016 [pid 4301] [admin] FAIL LOGIN: Client "192.169.169.142"
Mon Jan  4 22:25:32 2016 [pid 8471] CONNECT: Client "192.169.169.142"
Mon Jan  4 22:25:34 2016 [pid 8470] [administrator] FAIL LOGIN: Client "192.169.169.142"
Mon Jan  4 23:08:37 2016 [pid 10873] CONNECT: Client "192.169.169.142"
Mon Jan  4 23:08:40 2016 [pid 10872] [test] FAIL LOGIN: Client "192.169.169.142"
Tue Jan  5 18:27:29 2016 [pid 13276] CONNECT: Client "61.216.2.13"

i add this path in /etc/csf/csf.conf ,as ftpd log file or even custom log but not working for fail login attemp :

Code: Select all

#FTPD_LOG = "/var/log/secure"
#FTPD_LOG = "/var/log/vsftpd.log"
CUSTOM2_LOG = "/var/log/vsftpd.log"

any idea?


Return to “Modification & Patches”



Who is online

Users browsing this forum: No registered users and 1 guest