We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
[HOWTO] Install CSF + Use it's GUI in VestaCP
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
Once CSF installed, have recvd lot of emails from CSF about exceeded resource usages. So i added below lines inside my /etc/csf/csf.pignore.
Is this ok, or anymore Trim/Extend more for better...?
Is this ok, or anymore Trim/Extend more for better...?
Code: Select all
exe:/usr/local/vesta/nginx/sbin/vesta-nginx
exe:/usr/local/vesta/php/sbin/vesta-php
exe:/usr/lib/dovecot/anvil
exe:/usr/lib/dovecot/auth
exe:/usr/bin/freshclam
exe:/usr/sbin/nginx
exe:/usr/sbin/atd
exe:/usr/sbin/rsyslogd
exe:/usr/sbin/uuidd
exe:/opt/digitalocean/bin/do-agent
exe:/usr/sbin/rsyslogd
cmd:nginx: cache manager process
cmd:/usr/bin/freshclam -d --foreground=true
cmd:/usr/sbin/atd -f
cmd:nginx: worker process
cmd:dovecot/anvil
cmd:/usr/sbin/uuidd --socket-activation
cmd:/usr/sbin/rsyslogd -n
cmd:php-fpm: pool www
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
Hi
Do you support the last release 21 of vestacp ?
Thanks
Do you support the last release 21 of vestacp ?
Thanks
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
Hi
Do you support the new release 22 ?
thanks
Do you support the new release 22 ?
thanks
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
Tried to install like this
But i don't see panel in web ui
Code: Select all
yum -y install perl-libwww-perl perl-LWP-Protocol-https
curl https://vestacp.ss88.uk/Install_CSF_on_VestaCP/Install.sh > ./InstallCSF.sh
chmod 777 ./InstallCSF.sh
sudo ./InstallCSF.sh
curl https://raw.githubusercontent.com/SS88UK/VestaCP-Server-Installer/master/CentOS7/csf.conf > /etc/csf/csf.conf
sed -i "s/vEmail/$vEmail/" /etc/csf/csf.conf
curl https://raw.githubusercontent.com/SS88UK/CSF-Custom-Regex-for-VestaCP/master/regex.custom.pm > /etc/csf/regex.custom.pm
Code: Select all
UI = "1"
UI_PORT = "9443"
UI_ALLOW = "0"
# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,8083,9443"
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
This line;usr999 wrote: ↑Sun Aug 26, 2018 1:26 pmTried to install like this
But i don't see panel in web uiCode: Select all
yum -y install perl-libwww-perl perl-LWP-Protocol-https curl https://vestacp.ss88.uk/Install_CSF_on_VestaCP/Install.sh > ./InstallCSF.sh chmod 777 ./InstallCSF.sh sudo ./InstallCSF.sh curl https://raw.githubusercontent.com/SS88UK/VestaCP-Server-Installer/master/CentOS7/csf.conf > /etc/csf/csf.conf sed -i "s/vEmail/$vEmail/" /etc/csf/csf.conf curl https://raw.githubusercontent.com/SS88UK/CSF-Custom-Regex-for-VestaCP/master/regex.custom.pm > /etc/csf/regex.custom.pm
sed -i "s/vEmail/$vEmail/" /etc/csf/csf.conf
You need to go into /etc/csf/csf.conf and search for vEmail and then change it to your email address or it won't work as expected.
Regarding the CSF link in the panel - I've just tried on V 22 and the link is there. Are you logged in as 'admin' only and not admin -> User?
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
I changed mail in vEmail, then i run csf -r, and i didn't see working UISS88 wrote: ↑Sun Aug 26, 2018 1:38 pmusr999 wrote: ↑Sun Aug 26, 2018 1:26 pmTried to install like this
But i don't see panel in web uiCode: Select all
yum -y install perl-libwww-perl perl-LWP-Protocol-https curl https://vestacp.ss88.uk/Install_CSF_on_VestaCP/Install.sh > ./InstallCSF.sh chmod 777 ./InstallCSF.sh sudo ./InstallCSF.sh curl https://raw.githubusercontent.com/SS88UK/VestaCP-Server-Installer/master/CentOS7/csf.conf > /etc/csf/csf.conf sed -i "s/vEmail/$vEmail/" /etc/csf/csf.conf curl https://raw.githubusercontent.com/SS88UK/CSF-Custom-Regex-for-VestaCP/master/regex.custom.pm > /etc/csf/regex.custom.pm
This line;
sed -i "s/vEmail/$vEmail/" /etc/csf/csf.conf
You need to go into /etc/csf/csf.conf and search for vEmail and then change it to your email address or it won't work as expected.
Regarding the CSF link in the panel - I've just tried on V 22 and the link is there. Are you logged in as 'admin' only and not admin -> User?
https://IP:9443 doesn't work
csf.conf
Code: Select all
TESTING = "0"
TESTING_INTERVAL = "5"
RESTRICT_SYSLOG = "3"
RESTRICT_SYSLOG_GROUP = "mysyslog"
RESTRICT_UI = "1"
AUTO_UPDATES = "0"
LF_SPI = "1"
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,8083,2812,12000:12100,40000:42000,19999,9443"
TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995,8083,3306,12000:12100,40000:42020,9443"
UDP_IN = "20,21,53"
UDP_OUT = "20,21,53,113,123"
ICMP_IN = "1"
ICMP_IN_RATE = "0"
ICMP_OUT = "1"
ICMP_OUT_RATE = "0"
IPV6 = "0"
IPV6_ICMP_STRICT = "1"
IPV6_SPI = "1"
TCP6_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,8083,2812,4949,12000:12100,2525,7777,40000:42000"
TCP6_OUT = "20,21,22,25,53,80,110,113,443,587,993,995,40000:42000"
UDP6_IN = "20,21,53"
UDP6_OUT = "20,21,53,113,123"
ETH_DEVICE = ""
ETH6_DEVICE = ""
ETH_DEVICE_SKIP = ""
USE_CONNTRACK = "1"
SYSLOG_CHECK = "3600"
IGNORE_ALLOW = "1"
DNS_STRICT = "0"
DNS_STRICT_NS = "0"
DENY_IP_LIMIT = "2000"
DENY_TEMP_IP_LIMIT = "1000"
LF_DAEMON = "1"
LF_CSF = "1"
FASTSTART = "1"
LF_IPSET = "0"
WAITLOCK = "0"
WAITLOCK_TIMEOUT = "300"
LF_IPSET_HASHSIZE = "1024"
LF_IPSET_MAXELEM = "65536"
LFDSTART = "0"
VERBOSE = "1"
PACKET_FILTER = "1"
LF_LOOKUPS = "0"
STYLE_CUSTOM = "1"
STYLE_MOBILE = "1"
SMTP_BLOCK = "0"
SMTP_ALLOWLOCAL = "1"
SMTP_REDIRECT = "0"
SMTP_PORTS = "25,465,587,2525"
SMTP_ALLOWUSER = "admin"
SMTP_ALLOWGROUP = "mail,mailman"
SMTPAUTH_RESTRICT = "0"
SYNFLOOD = "0"
SYNFLOOD_RATE = "100/s"
SYNFLOOD_BURST = "150"
CONNLIMIT = "22;5"
PORTFLOOD = ""
UDPFLOOD = "1"
UDPFLOOD_LIMIT = "150/s"
UDPFLOOD_BURST = "150"
UDPFLOOD_ALLOWUSER = "named,bind"
SYSLOG = "0"
DROP = "DROP"
DROP_LOGGING = "0"
DROP_IP_LOGGING = "0"
DROP_OUT_LOGGING = "1"
DROP_UID_LOGGING = "1"
DROP_ONLYRES = "0"
DROP_NOLOG = "67,68,111,113,135:139,445,500,513,520"
DROP_PF_LOGGING = "0"
CONNLIMIT_LOGGING = "0"
UDPFLOOD_LOGGING = "1"
LOGFLOOD_ALERT = "0"
WATCH_MODE = "0"
LF_ALERT_TO = "[email protected]"
LF_ALERT_FROM = ""
LF_ALERT_SMTP = ""
BLOCK_REPORT = ""
UNBLOCK_REPORT = ""
X_ARF = "0"
X_ARF_FROM = ""
X_ARF_TO = ""
X_ARF_ABUSE = "0"
LF_PERMBLOCK = "1"
LF_PERMBLOCK_INTERVAL = "86400"
LF_PERMBLOCK_COUNT = "10"
LF_PERMBLOCK_ALERT = "1"
LF_NETBLOCK = "1"
LF_NETBLOCK_INTERVAL = "86400"
LF_NETBLOCK_COUNT = "4"
LF_NETBLOCK_CLASS = "C"
LF_NETBLOCK_ALERT = "1"
LF_NETBLOCK_IPV6 = ""
SAFECHAINUPDATE = "0"
DYNDNS = "0"
DYNDNS_IGNORE = "0"
LF_GLOBAL = "0"
GLOBAL_ALLOW = ""
GLOBAL_DENY = ""
GLOBAL_IGNORE = ""
GLOBAL_DYNDNS = ""
GLOBAL_DYNDNS_INTERVAL = "600"
GLOBAL_DYNDNS_IGNORE = "0"
LF_BOGON_SKIP = ""
URLGET = "2"
CC_DENY = ""
CC_ALLOW = ""
CC_ALLOW_FILTER = ""
CC_ALLOW_PORTS = ""
CC_ALLOW_PORTS_TCP = ""
CC_ALLOW_PORTS_UDP = ""
CC_DENY_PORTS = ""
CC_DENY_PORTS_TCP = ""
CC_DENY_PORTS_UDP = ""
CC_IGNORE = ""
CC_ALLOW_SMTPAUTH = ""
CC_DROP_CIDR = ""
CC_LOOKUPS = "0"
CC6_LOOKUPS = "0"
CC_INTERVAL = "7"
LF_TRIGGER = "25"
LF_TRIGGER_PERM = "1"
LF_SELECT = "0"
LF_EMAIL_ALERT = "1"
LF_SSHD = "20"
LF_SSHD_PERM = "1"
LF_FTPD = "20"
LF_FTPD_PERM = "1"
LF_SMTPAUTH = "20"
LF_SMTPAUTH_PERM = "1"
LF_EXIMSYNTAX = "20"
LF_EXIMSYNTAX_PERM = "1"
LF_POP3D = "20"
LF_POP3D_PERM = "1"
LF_IMAPD = "20"
LF_IMAPD_PERM = "1"
LF_HTACCESS = "20"
LF_HTACCESS_PERM = "1"
LF_MODSEC = "20"
LF_MODSEC_PERM = "1"
LF_BIND = "0"
LF_BIND_PERM = "1"
LF_SUHOSIN = "0"
LF_SUHOSIN_PERM = "1"
LF_CXS = "0"
LF_CXS_PERM = "1"
LF_QOS = "0"
LF_QOS_PERM = "1"
LF_SYMLINK = "0"
LF_SYMLINK_PERM = "1"
LF_WEBMIN = "0"
LF_WEBMIN_PERM = "1"
LF_SSH_EMAIL_ALERT = "1"
LF_SU_EMAIL_ALERT = "1"
LF_WEBMIN_EMAIL_ALERT = "0"
LF_CONSOLE_EMAIL_ALERT = "0"
LF_APACHE_404 = "0"
LF_APACHE_404_PERM = "3600"
LF_APACHE_403 = "0"
LF_APACHE_403_PERM = "3600"
LF_EXPLOIT = "300"
LF_EXPLOIT_IGNORE = ""
LF_INTERVAL = "3600"
LF_PARSE = "5"
LF_FLUSH = "3600"
LF_REPEATBLOCK = "0"
LF_BLOCKINONLY = "0"
LF_DIRWATCH = "300"
LF_DIRWATCH_DISABLE = "0"
LF_DIRWATCH_FILE = "0"
LF_INTEGRITY = "3600"
LF_DISTATTACK = "1"
LF_DISTATTACK_UNIQ = "2"
LF_DISTFTP = "0"
LF_DISTFTP_UNIQ = "3"
LF_DISTFTP_PERM = "1"
LF_DISTFTP_ALERT = "1"
LF_DISTSMTP = "0"
LF_DISTSMTP_UNIQ = "3"
LF_DISTSMTP_PERM = "1"
LF_DISTSMTP_ALERT = "1"
LF_DIST_INTERVAL = "300"
LF_DIST_ACTION = ""
LT_POP3D = "60"
LT_IMAPD = "120"
LT_EMAIL_ALERT = "1"
LT_SKIPPERMBLOCK = "1"
CT_LIMIT = "80"
CT_INTERVAL = "30"
CT_EMAIL_ALERT = "1"
CT_PERMANENT = "0"
CT_BLOCK_TIME = "1800"
CT_SKIP_TIME_WAIT = "1"
CT_STATES = ""
CT_PORTS = "80,443"
PT_LIMIT = "0"
PT_INTERVAL = "60"
PT_SKIP_HTTP = "1"
PT_DELETED = "0"
PT_DELETED_ACTION = ""
PT_USERPROC = "10"
PT_USERMEM = "400"
PT_USERTIME = "1800"
PT_USERKILL = "0"
PT_USERKILL_ALERT = "1"
PT_USER_ACTION = ""
PT_LOAD = "30"
PT_LOAD_AVG = "5"
PT_LOAD_LEVEL = "6"
PT_LOAD_SKIP = "3600"
PT_APACHESTATUS = "http://127.0.0.1/server-status"
PT_LOAD_ACTION = ""
PT_FORKBOMB = "200"
PT_SSHDHUNG = "0"
PS_INTERVAL = "0"
PS_LIMIT = "15"
PS_PORTS = "0:65535,ICMP"
PS_DIVERSITY = "1"
PS_PERMANENT = "0"
PS_BLOCK_TIME = "3600"
PS_EMAIL_ALERT = "1"
UID_INTERVAL = "300"
UID_LIMIT = "11"
UID_PORTS = "0:65535,ICMP"
AT_ALERT = "2"
AT_INTERVAL = "60"
AT_NEW = "1"
AT_OLD = "1"
AT_PASSWD = "1"
AT_UID = "1"
AT_GID = "1"
AT_DIR = "1"
AT_SHELL = "1"
UI = "1"
UI_PORT = "6666"
UI_IP = ""
UI_USER = "username"
UI_PASS = "password"
UI_TIMEOUT = "300"
UI_CHILDREN = "5"
UI_RETRY = "5"
UI_BAN = "1"
UI_ALLOW = "0"
UI_BLOCK = "1"
UI_ALERT = "4"
UI_CIPHER = "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH"
UI_SSL_VERSION = "SSLv23:!SSLv3:!SSLv2"
UI_CXS = "0"
UI_CSE = "0"
MESSENGER = "1"
MESSENGER_TEMP = "1"
MESSENGER_PERM = "1"
MESSENGER_USER = "csf"
MESSENGER_CHILDREN = "4"
MESSENGER_HTML = "8888"
MESSENGER_HTML_IN = "80,2082,2095"
MESSENGER_TEXT = "8889"
MESSENGER_TEXT_IN = "21"
MESSENGER_RATE = "30/m"
MESSENGER_BURST = "5"
CLUSTER_SENDTO = ""
CLUSTER_RECVFROM = ""
CLUSTER_MASTER = ""
CLUSTER_NAT = ""
CLUSTER_LOCALADDR = ""
CLUSTER_PORT = ""
CLUSTER_KEY = ""
CLUSTER_BLOCK = "0"
CLUSTER_CONFIG = "0"
CLUSTER_CHILDREN = "0"
PORTKNOCKING = ""
PORTKNOCKING_LOG = "1"
PORTKNOCKING_ALERT = "0"
LOGSCANNER = "0"
LOGSCANNER_INTERVAL = "hourly"
LOGSCANNER_STYLE = "1"
LOGSCANNER_EMPTY = "1"
LOGSCANNER_LINES = "5000"
ST_ENABLE = "0"
ST_IPTABLES = "100"
ST_LOOKUP = "0"
ST_SYSTEM = "1"
ST_SYSTEM_MAXDAYS = "30"
ST_MYSQL = "0"
ST_MYSQL_USER = "root"
ST_MYSQL_PASS = ""
ST_MYSQL_HOST = "localhost"
ST_APACHE = "0"
ST_DISKW = "1"
ST_DISKW_FREQ = "5"
ST_DISKW_DD = "if=/dev/zero of=/var/lib/csf/dd_test bs=1MB count=64 conv=fdatasync"
IPTABLES = "/sbin/iptables"
IPTABLES_SAVE = "/sbin/iptables-save"
IPTABLES_RESTORE = "/sbin/iptables-restore"
IP6TABLES = "/sbin/ip6tables"
IP6TABLES_SAVE = "/sbin/ip6tables-save"
IP6TABLES_RESTORE = "/sbin/ip6tables-restore"
MODPROBE = "/sbin/modprobe"
IFCONFIG = "/sbin/ifconfig"
SENDMAIL = "/usr/sbin/sendmail"
PS = "/bin/ps"
VMSTAT = "/usr/bin/vmstat"
NETSTAT = "/bin/netstat"
LS = "/bin/ls"
MD5SUM = "/usr/bin/md5sum"
TAR = "/bin/tar"
CHATTR = "/usr/bin/chattr"
UNZIP = "/usr/bin/unzip"
GUNZIP = "/bin/gunzip"
DD = "/bin/dd"
TAIL = "/usr/bin/tail"
GREP = "/bin/grep"
IPSET = "/usr/sbin/ipset"
SYSTEMCTL = "/bin/systemctl"
HOST = "/usr/bin/host"
IP = "/sbin/ip"
HTACCESS_LOG = "/var/log/nginx/error.log"
MODSEC_LOG = "/var/log/httpd/error_log"
SSHD_LOG = "/var/log/secure"
SU_LOG = "/var/log/secure"
FTPD_LOG = "/var/log/vsftpd.log"
SMTPAUTH_LOG = "/var/log/dovecot.log"
POP3D_LOG = "/var/log/dovecot.log"
IMAPD_LOG = "/var/log/dovecot.log"
IPTABLES_LOG = "/var/log/messages"
SUHOSIN_LOG = "/var/log/messages"
BIND_LOG = "/var/log/messages"
SYSLOG_LOG = "/var/log/messages"
WEBMIN_LOG = "/var/log/auth.log"
CUSTOM1_LOG = "/var/log/customlog"
CUSTOM2_LOG = "/var/log/customlog"
CUSTOM3_LOG = "/var/log/customlog"
CUSTOM4_LOG = "/var/log/customlog"
CUSTOM5_LOG = "/var/log/customlog"
CUSTOM6_LOG = "/var/log/customlog"
CUSTOM7_LOG = "/var/log/customlog"
CUSTOM8_LOG = "/var/log/customlog"
CUSTOM9_LOG = "/var/log/customlog"
PORTS_pop3d = "110,995"
PORTS_imapd = "143,993"
PORTS_htpasswd = "80,443"
PORTS_mod_security = "80,443"
PORTS_mod_qos = "80,443"
PORTS_symlink = "80,443"
PORTS_suhosin = "80,443"
PORTS_cxs = "80,443"
PORTS_bind = "53;udp,53;tcp"
PORTS_ftpd = "20,21"
PORTS_webmin = "10000"
PORTS_smtpauth = "25,465,587,2525"
PORTS_eximsyntax = "25,465,587,2525"
PORTS_sshd = "22"
GENERIC = "1"
DEBUG = "0"
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
Having an issue. When in the main/first page of CSF when attempting to "View lfd statistics"
I get broken images and no graph.
https://ibb.co/cg2LTfY
I'm on CentOS 7/PHP7.2+NGINX and I have GDGraph and GDGraph3D installed.
Any help would be greatly appreciated.
Thanks.
I get broken images and no graph.
https://ibb.co/cg2LTfY
I'm on CentOS 7/PHP7.2+NGINX and I have GDGraph and GDGraph3D installed.
Any help would be greatly appreciated.
Thanks.