(Dec 29) New version 0.9.8-18 has been released

[HOWTO] Install CSF + Use it's GUI in VestaCP Topic is solved

Section with modification and patches for Vesta
Forum rules
Before creating a new topic or reply on the forum you should fill out additional fields "Os" and "Web" in your profile section.
In case of violation, the topic can be closed or response from the support will not be received.
ArisC
Posts: 29
Joined: Tue Apr 18, 2017 1:37 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby ArisC » Mon May 08, 2017 4:41 pm

Code: Select all

*Error* The path to iptables is either not set or incorrect for IPTABLES [/sbin/           ip6tables] in /etc/csf/csf.conf at /usr/local/csf/lib/ConfigServer/LookUpIP.pm l           ine 26.
Compilation failed in require at /usr/sbin/csf line 20.
BEGIN failed--compilation aborted at /usr/sbin/csf line 20.


https://i.imgur.com/ZyKHm9W.png

SS88
Posts: 306
Joined: Thu Nov 19, 2015 12:40 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby SS88 » Mon May 08, 2017 5:03 pm

ArisC wrote:

Code: Select all

*Error* The path to iptables is either not set or incorrect for IPTABLES [/sbin/           ip6tables] in /etc/csf/csf.conf at /usr/local/csf/lib/ConfigServer/LookUpIP.pm l           ine 26.
Compilation failed in require at /usr/sbin/csf line 20.
BEGIN failed--compilation aborted at /usr/sbin/csf line 20.


https://i.imgur.com/ZyKHm9W.png


CSF needs iptables to run. Please reinstall iptables then it should work. You might have to re-run the installer (but you shouldn't have to).

ArisC
Posts: 29
Joined: Tue Apr 18, 2017 1:37 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby ArisC » Mon May 08, 2017 5:32 pm

SS88 wrote:
ArisC wrote:

Code: Select all

*Error* The path to iptables is either not set or incorrect for IPTABLES [/sbin/           ip6tables] in /etc/csf/csf.conf at /usr/local/csf/lib/ConfigServer/LookUpIP.pm l           ine 26.
Compilation failed in require at /usr/sbin/csf line 20.
BEGIN failed--compilation aborted at /usr/sbin/csf line 20.


https://i.imgur.com/ZyKHm9W.png


CSF needs iptables to run. Please reinstall iptables then it should work. You might have to re-run the installer (but you shouldn't have to).


Now It's Working. Thank's

ServerHost
Posts: 15
Joined: Fri May 05, 2017 12:18 am

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby ServerHost » Mon May 08, 2017 5:44 pm

SS88 wrote:
ServerHost wrote:Hello,

I installed on my vps, but it does not work with Proftpd. Do not block!

How do I block Proftpd?


Change the file /etc/csf/csf.conf and find

Code: Select all

FTPD_LOG = "/var/log/vsftpd.log"

and change to where proftpd log is

Code: Select all

FTPD_LOG = "/path/to/proftpd.log"


Thank you.
Worked perfectly on my Centos 6.9 server. However on my Centos 7 server it did not work, it is not blocking proftpd.

Centos 6.9 OK!
Centos 7 Does not work

What could be happening?

SS88
Posts: 306
Joined: Thu Nov 19, 2015 12:40 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby SS88 » Tue May 09, 2017 4:16 pm

ServerHost wrote:
SS88 wrote:
ServerHost wrote:Hello,

I installed on my vps, but it does not work with Proftpd. Do not block!

How do I block Proftpd?


Change the file /etc/csf/csf.conf and find

Code: Select all

FTPD_LOG = "/var/log/vsftpd.log"

and change to where proftpd log is

Code: Select all

FTPD_LOG = "/path/to/proftpd.log"


Thank you.
Worked perfectly on my Centos 6.9 server. However on my Centos 7 server it did not work, it is not blocking proftpd.

Centos 6.9 OK!
Centos 7 Does not work

What could be happening?


I'm not 100% sure. This is a CSF issue.

This post should help you: viewtopic.php?f=20&t=10209&start=80#p57236
but you would need to modify it for proftpd to match the login fails.

ServerHost
Posts: 15
Joined: Fri May 05, 2017 12:18 am

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby ServerHost » Tue May 09, 2017 6:49 pm

SS88 wrote:
ServerHost wrote:
SS88 wrote:
Change the file /etc/csf/csf.conf and find

Code: Select all

FTPD_LOG = "/var/log/vsftpd.log"

and change to where proftpd log is

Code: Select all

FTPD_LOG = "/path/to/proftpd.log"


Thank you.
Worked perfectly on my Centos 6.9 server. However on my Centos 7 server it did not work, it is not blocking proftpd.

Centos 6.9 OK!
Centos 7 Does not work

What could be happening?


I'm not 100% sure. This is a CSF issue.

This post should help you: viewtopic.php?f=20&t=10209&start=80#p57236
but you would need to modify it for proftpd to match the login fails.



Thak you again.

I found these posts but it did not work. :(
https://goo.gl/B6wirA
https://goo.gl/ojpykK

Would you have any ideas or suggestions?

SS88
Posts: 306
Joined: Thu Nov 19, 2015 12:40 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby SS88 » Tue May 09, 2017 10:31 pm

ServerHost wrote:
SS88 wrote:
ServerHost wrote:
Thank you.
Worked perfectly on my Centos 6.9 server. However on my Centos 7 server it did not work, it is not blocking proftpd.

Centos 6.9 OK!
Centos 7 Does not work

What could be happening?


I'm not 100% sure. This is a CSF issue.

This post should help you: viewtopic.php?f=20&t=10209&start=80#p57236
but you would need to modify it for proftpd to match the login fails.



Thak you again.

I found these posts but it did not work. :(
https://goo.gl/B6wirA
https://goo.gl/ojpykK

Would you have any ideas or suggestions?


Try this instead:

Edit file /etc/csf/regex.custom.pm

Add the following BEFORE return 0;

Code: Select all

if (($lgfile eq $config{FTPD_LOG}) and ($line =~ /FAIL LOGIN: Client \"(\S+)\"/)) { return ("Failed FTP login from",$1,"vsftpd_ss88","5","20,21","1"); }



So your file will look something like this:

Code: Select all

#!/usr/bin/perl
###############################################################################
# Copyright 2006-2016, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
###############################################################################

sub custom_line {
   my $line = shift;
   my $lgfile = shift;

# Do not edit before this point
###############################################################################
#
# Custom regex matching can be added to this file without it being overwritten
# by csf upgrades. The format is slightly different to regex.pm to cater for
# additional parameters. You need to specify the log file that needs to be
# scanned for log line matches in csf.conf under CUSTOMx_LOG. You can scan up
# to 9 custom logs (CUSTOM1_LOG .. CUSTOM9_LOG)
#
# The regex matches in this file will supercede the matches in regex.pm
#
# Example:
#   if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ pure-ftpd: \(\?\@(\d+\.\d+\.\d+\.\d+)\) \[WARNING\] Authentication failed for user/)) {
#      return ("Failed myftpmatch login from",$1,"myftpmatch","5","20,21","1");
#   }
#
# The return values from this example are as follows:
#
# "Failed myftpmatch login from" = text for custom failure message
# $1 = the offending IP address
# "myftpmatch" = a unique identifier for this custom rule, must be alphanumeric and have no spaces
# "5" = the trigger level for blocking
# "20,21" = the ports to block the IP from in a comma separated list, only used if LF_SELECT enabled. To specify the protocol use 53;udp,53;tcp
# "1" = n/temporary (n = number of seconds to temporarily block) or 1/permanant IP block, only used if LF_TRIGGER is disabled

if (($lgfile eq $config{FTPD_LOG}) and ($line =~ /FAIL LOGIN: Client \"(\S+)\"/)) { return ("Failed FTP login from",$1,"vsftpd_ss88","5","20,21","1"); }

# If the matches in this file are not syntactically correct for perl then lfd
# will fail with an error. You are responsible for the security of any regex
# expressions you use. Remember that log file spoofing can exploit poorly
# constructed regex's
###############################################################################
# Do not edit beyond this point

   return 0;
}

1;

ServerHost
Posts: 15
Joined: Fri May 05, 2017 12:18 am

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby ServerHost » Wed May 10, 2017 3:36 pm

SS88 wrote:
ServerHost wrote:
SS88 wrote:
I'm not 100% sure. This is a CSF issue.

This post should help you: viewtopic.php?f=20&t=10209&start=80#p57236
but you would need to modify it for proftpd to match the login fails.



Thak you again.

I found these posts but it did not work. :(
https://goo.gl/B6wirA
https://goo.gl/ojpykK

Would you have any ideas or suggestions?


Try this instead:

Edit file /etc/csf/regex.custom.pm

Add the following BEFORE return 0;

Code: Select all

if (($lgfile eq $config{FTPD_LOG}) and ($line =~ /FAIL LOGIN: Client \"(\S+)\"/)) { return ("Failed FTP login from",$1,"vsftpd_ss88","5","20,21","1"); }



So your file will look something like this:

Code: Select all

#!/usr/bin/perl
###############################################################################
# Copyright 2006-2016, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
###############################################################################

sub custom_line {
   my $line = shift;
   my $lgfile = shift;

# Do not edit before this point
###############################################################################
#
# Custom regex matching can be added to this file without it being overwritten
# by csf upgrades. The format is slightly different to regex.pm to cater for
# additional parameters. You need to specify the log file that needs to be
# scanned for log line matches in csf.conf under CUSTOMx_LOG. You can scan up
# to 9 custom logs (CUSTOM1_LOG .. CUSTOM9_LOG)
#
# The regex matches in this file will supercede the matches in regex.pm
#
# Example:
#   if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ pure-ftpd: \(\?\@(\d+\.\d+\.\d+\.\d+)\) \[WARNING\] Authentication failed for user/)) {
#      return ("Failed myftpmatch login from",$1,"myftpmatch","5","20,21","1");
#   }
#
# The return values from this example are as follows:
#
# "Failed myftpmatch login from" = text for custom failure message
# $1 = the offending IP address
# "myftpmatch" = a unique identifier for this custom rule, must be alphanumeric and have no spaces
# "5" = the trigger level for blocking
# "20,21" = the ports to block the IP from in a comma separated list, only used if LF_SELECT enabled. To specify the protocol use 53;udp,53;tcp
# "1" = n/temporary (n = number of seconds to temporarily block) or 1/permanant IP block, only used if LF_TRIGGER is disabled

if (($lgfile eq $config{FTPD_LOG}) and ($line =~ /FAIL LOGIN: Client \"(\S+)\"/)) { return ("Failed FTP login from",$1,"vsftpd_ss88","5","20,21","1"); }

# If the matches in this file are not syntactically correct for perl then lfd
# will fail with an error. You are responsible for the security of any regex
# expressions you use. Remember that log file spoofing can exploit poorly
# constructed regex's
###############################################################################
# Do not edit beyond this point

   return 0;
}

1;


Did not work.

SS88
Posts: 306
Joined: Thu Nov 19, 2015 12:40 pm

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby SS88 » Wed May 10, 2017 3:39 pm

ServerHost wrote:
SS88 wrote:
ServerHost wrote:

Thak you again.

I found these posts but it did not work. :(
https://goo.gl/B6wirA
https://goo.gl/ojpykK

Would you have any ideas or suggestions?


Try this instead:

Edit file /etc/csf/regex.custom.pm

Add the following BEFORE return 0;

Code: Select all

if (($lgfile eq $config{FTPD_LOG}) and ($line =~ /FAIL LOGIN: Client \"(\S+)\"/)) { return ("Failed FTP login from",$1,"vsftpd_ss88","5","20,21","1"); }



So your file will look something like this:

Code: Select all

#!/usr/bin/perl
###############################################################################
# Copyright 2006-2016, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
###############################################################################

sub custom_line {
   my $line = shift;
   my $lgfile = shift;

# Do not edit before this point
###############################################################################
#
# Custom regex matching can be added to this file without it being overwritten
# by csf upgrades. The format is slightly different to regex.pm to cater for
# additional parameters. You need to specify the log file that needs to be
# scanned for log line matches in csf.conf under CUSTOMx_LOG. You can scan up
# to 9 custom logs (CUSTOM1_LOG .. CUSTOM9_LOG)
#
# The regex matches in this file will supercede the matches in regex.pm
#
# Example:
#   if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ pure-ftpd: \(\?\@(\d+\.\d+\.\d+\.\d+)\) \[WARNING\] Authentication failed for user/)) {
#      return ("Failed myftpmatch login from",$1,"myftpmatch","5","20,21","1");
#   }
#
# The return values from this example are as follows:
#
# "Failed myftpmatch login from" = text for custom failure message
# $1 = the offending IP address
# "myftpmatch" = a unique identifier for this custom rule, must be alphanumeric and have no spaces
# "5" = the trigger level for blocking
# "20,21" = the ports to block the IP from in a comma separated list, only used if LF_SELECT enabled. To specify the protocol use 53;udp,53;tcp
# "1" = n/temporary (n = number of seconds to temporarily block) or 1/permanant IP block, only used if LF_TRIGGER is disabled

if (($lgfile eq $config{FTPD_LOG}) and ($line =~ /FAIL LOGIN: Client \"(\S+)\"/)) { return ("Failed FTP login from",$1,"vsftpd_ss88","5","20,21","1"); }

# If the matches in this file are not syntactically correct for perl then lfd
# will fail with an error. You are responsible for the security of any regex
# expressions you use. Remember that log file spoofing can exploit poorly
# constructed regex's
###############################################################################
# Do not edit beyond this point

   return 0;
}

1;


Did not work.


Of sorry, that was for vsftpd. Can you show me the logs of Proftpd which show the login errors and I can make a regular expression to match the ip address.

ServerHost
Posts: 15
Joined: Fri May 05, 2017 12:18 am

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Postby ServerHost » Wed May 10, 2017 7:25 pm

SS88 wrote:
ServerHost wrote:
SS88 wrote:
Try this instead:

Edit file /etc/csf/regex.custom.pm

Add the following BEFORE return 0;

Code: Select all

if (($lgfile eq $config{FTPD_LOG}) and ($line =~ /FAIL LOGIN: Client \"(\S+)\"/)) { return ("Failed FTP login from",$1,"vsftpd_ss88","5","20,21","1"); }



So your file will look something like this:

Code: Select all

#!/usr/bin/perl
###############################################################################
# Copyright 2006-2016, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
###############################################################################

sub custom_line {
   my $line = shift;
   my $lgfile = shift;

# Do not edit before this point
###############################################################################
#
# Custom regex matching can be added to this file without it being overwritten
# by csf upgrades. The format is slightly different to regex.pm to cater for
# additional parameters. You need to specify the log file that needs to be
# scanned for log line matches in csf.conf under CUSTOMx_LOG. You can scan up
# to 9 custom logs (CUSTOM1_LOG .. CUSTOM9_LOG)
#
# The regex matches in this file will supercede the matches in regex.pm
#
# Example:
#   if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /^\S+\s+\d+\s+\S+ \S+ pure-ftpd: \(\?\@(\d+\.\d+\.\d+\.\d+)\) \[WARNING\] Authentication failed for user/)) {
#      return ("Failed myftpmatch login from",$1,"myftpmatch","5","20,21","1");
#   }
#
# The return values from this example are as follows:
#
# "Failed myftpmatch login from" = text for custom failure message
# $1 = the offending IP address
# "myftpmatch" = a unique identifier for this custom rule, must be alphanumeric and have no spaces
# "5" = the trigger level for blocking
# "20,21" = the ports to block the IP from in a comma separated list, only used if LF_SELECT enabled. To specify the protocol use 53;udp,53;tcp
# "1" = n/temporary (n = number of seconds to temporarily block) or 1/permanant IP block, only used if LF_TRIGGER is disabled

if (($lgfile eq $config{FTPD_LOG}) and ($line =~ /FAIL LOGIN: Client \"(\S+)\"/)) { return ("Failed FTP login from",$1,"vsftpd_ss88","5","20,21","1"); }

# If the matches in this file are not syntactically correct for perl then lfd
# will fail with an error. You are responsible for the security of any regex
# expressions you use. Remember that log file spoofing can exploit poorly
# constructed regex's
###############################################################################
# Do not edit beyond this point

   return 0;
}

1;


Did not work.


Of sorry, that was for vsftpd. Can you show me the logs of Proftpd which show the login errors and I can make a regular expression to match the ip address.


See my /var/log/proftpd/proftpd.log

2017-05-10 16:16:36,926 server.domain.com proftpd[30716] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session opened.
2017-05-10 16:16:37,351 server.domain.com proftpd[30716] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): USER user: no such user found from 200.105.xxx.xxx [200.105.xxx.xxx] to ::ffff:192.98.xxx.xxx:21
2017-05-10 16:16:39,719 server.domain.com proftpd[30716] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session closed.
2017-05-10 16:16:45,316 server.domain.com proftpd[30717] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session opened.
2017-05-10 16:16:45,770 server.domain.com proftpd[30717] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): USER user: no such user found from 200.105.xxx.xxx [200.105.xxx.xxx] to ::ffff:192.98.xxx.xxx:21
2017-05-10 16:16:48,695 server.domain.com proftpd[30717] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session closed.
2017-05-10 16:16:53,935 server.domain.com proftpd[30719] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session opened.
2017-05-10 16:16:54,347 server.domain.com proftpd[30719] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): USER user: no such user found from 200.105.xxx.xxx [200.105.xxx.xxx] to ::ffff:192.98.xxx.xxx:21
2017-05-10 16:16:57,455 server.domain.com proftpd[30719] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session closed.
2017-05-10 16:17:51,363 server.domain.com proftpd[30727] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session opened.
2017-05-10 16:17:51,805 server.domain.com proftpd[30727] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): USER user: no such user found from 200.105.xxx.xxx [200.105.xxx.xxx] to ::ffff:192.98.xxx.xxx:21
2017-05-10 16:17:55,304 server.domain.com proftpd[30727] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session closed.
2017-05-10 16:18:05,902 server.domain.com proftpd[30728] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session opened.
2017-05-10 16:18:08,694 server.domain.com proftpd[30728] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): USER admin (Login failed): Incorrect password
2017-05-10 16:18:09,591 server.domain.com proftpd[30728] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session closed.
2017-05-10 16:18:14,167 server.domain.com proftpd[30729] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session opened.
2017-05-10 16:18:16,702 server.domain.com proftpd[30729] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): USER admin (Login failed): Incorrect password
2017-05-10 16:18:17,136 server.domain.com proftpd[30729] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session closed.
2017-05-10 16:18:22,371 server.domain.com proftpd[30734] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session opened.
2017-05-10 16:18:24,977 server.domain.com proftpd[30734] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): USER admin (Login failed): Incorrect password
2017-05-10 16:18:25,183 server.domain.com proftpd[30734] 192.98.xxx.xxx (200.105.xxx.xxx[200.105.xxx.xxx]): FTP session closed.


Return to “Modification & Patches”



Who is online

Users browsing this forum: No registered users and 1 guest

cron