[HOWTO] Install CSF + Use it's GUI in VestaCP
[HOWTO] Install CSF + Use it's GUI in VestaCP
Hi guys,
I managed to install the CSF GUI (online web interface) on my VestaCP. I'm going to put up a tutorial soon on how to add this, it was quite simple after a bottle of wine!
Here goes!
Tested on Debian, Ubuntu, and CentOS...
THIS SCRIPT IS FOR Vesta 0.9.8-15 - 0.9.8-21
CSF updated their design in version 9.20 - you need to re-download this in order to see it. Mobile view is always enabled despite what the CSF config shows (resize your browser to see the functions).
IT IS ALWAYS A GOOD IDEA TO BACKUP EVERYTHING. BACKUP CSF + VESTA
Install custom rules for proftpd and vsftpd
Head over to GitHub (I'm slowly migrating everything there) where you will need to edit one file with a few lines to help CSF block incorrect FTP logins.
I managed to install the CSF GUI (online web interface) on my VestaCP. I'm going to put up a tutorial soon on how to add this, it was quite simple after a bottle of wine!
Here goes!
Tested on Debian, Ubuntu, and CentOS...
THIS SCRIPT IS FOR Vesta 0.9.8-15 - 0.9.8-21
CSF updated their design in version 9.20 - you need to re-download this in order to see it. Mobile view is always enabled despite what the CSF config shows (resize your browser to see the functions).
IT IS ALWAYS A GOOD IDEA TO BACKUP EVERYTHING. BACKUP CSF + VESTA
- This will install the most recent version of CSF. If you have CSF installed it will attempt to install/update to the most recent version. If you already have the latest version it will attempt to install it but you will not lose any CSF configuration changes.
- This will also overwrite the file /usr/local/vesta/web/templates/admin/panel.html (a VestaCP template file)
- This script does not install any CSF configuration settings. I would not disable testing mode until you have added VestaCP's port into the configuration of CSF.
- This script does not remove or disable fail2ban or iptables used by Vesta
Code: Select all
wget https://vestacp.ss88.uk/Install_CSF_on_VestaCP/Install.sh -O ./Install.sh
chmod 777 ./Install.sh
sudo ./Install.sh
Head over to GitHub (I'm slowly migrating everything there) where you will need to edit one file with a few lines to help CSF block incorrect FTP logins.
Last edited by SS88 on Thu May 17, 2018 7:45 pm, edited 13 times in total.
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
Nice one.while there is no update from Vesta, it will be nice if you share this HOW TO with people.
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
All done! :)
Let me know any problems / the outcome.
Let me know any problems / the outcome.
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
thank you for update.SS88 wrote:All done! :)
Let me know any problems / the outcome.
this cfs work fine, add one option in vesta nav bar called cfs and look like fine to me.
i started cfs and then followup configuration
i have this question:
1- why cfs can't block fail attempt on ssh port or ftp ?
2- why user must set recommended settings like TESTING mode check,RESTRICT_SYSLOG ,LF_POP3D option check... etc ?and why this option not set to enabled by default?
3-i have to put my office ip on allowed ip to access vesta panel,cfs must to allow port 8083 for users and admin but check failure login attempt.
i run this for first time and not familiar with cfs settings.
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
1) You probably need to update the settings so it's scanning the correct logs, like so:DBBJAF wrote:thank you for update.SS88 wrote:All done! :)
Let me know any problems / the outcome.
this cfs work fine, add one option in vesta nav bar called cfs and look like fine to me.
i started cfs and then followup configuration
i have this question:
1- why cfs can't block fail attempt on ssh port or ftp ?
2- why user must set recommended settings like TESTING mode check,RESTRICT_SYSLOG ,LF_POP3D option check... etc ?and why this option not set to enabled by default?
3-i have to put my office ip on allowed ip to access vesta panel,cfs must to allow port 8083 for users and admin but check failure login attempt.
i run this for first time and not familiar with cfs settings.
2) this script installs the default CSF configuration. The user must enable/disable it himself because every server set-up can be different.erldcrtz wrote: (this is for CentOS 6.5)
HTACCESS_LOG = "/var/log/httpd/error_log"
MODSEC_LOG = "/var/log/httpd/error_log"
SSHD_LOG = "/var/log/secure"
SU_LOG = "/var/log/messages"
FTPD_LOG = "/var/log/secure"
SMTPAUTH_LOG = "/var/log/secure"
POP3D_LOG = "/var/log/maillog"
IMAPD_LOG = "/var/log/maillog"
IPTABLES_LOG = "/var/log/messages"
SUHOSIN_LOG = "/var/log/messages"
BIND_LOG = "/var/log/messages"
SYSLOG_LOG = "/var/log/messages"
3) i do not understand what you are asking
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
thank you.i think whole thing depend on correct logs,but for clearing
thanks btw.
PS:
log file path must set in /etc/csf/csf.logfiles ?
for fist time i cant access vesta panel on port 8083 .thats all i asked.but let me check configuration again.SS88 wrote:3) i do not understand what you are asking
thanks btw.
PS:
log file path must set in /etc/csf/csf.logfiles ?
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
The log file paths must be set in /etc/csf/csf.confDBBJAF wrote:thank you.i think whole thing depend on correct logs,but for clearingfor fist time i cant access vesta panel on port 8083 .thats all i asked.but let me check configuration again.SS88 wrote:3) i do not understand what you are asking
thanks btw.
PS:
log file path must set in /etc/csf/csf.logfiles ?
You must add port 8083 to TCP_IN in /etc/csf/csf.conf
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
ok,still no luck on blocking ip that have more than X failure try again ssh or ftp.
what i done for now :
moving ssh port to non-default port like 3344
allowing 3344 and 8083 (vesta) on TCP_IN
put port 3344 in PORTS_sshd = 3344 (restircted UI items)
restart csf + lfd .so what's the problem ?
what i done for now :
moving ssh port to non-default port like 3344
allowing 3344 and 8083 (vesta) on TCP_IN
put port 3344 in PORTS_sshd = 3344 (restircted UI items)
restart csf + lfd .so what's the problem ?
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
Take a look at "Connection Tracking" and "Login Failure Blocking Alerts" this is what you want.DBBJAF wrote:ok,still no luck on blocking ip that have more than X failure try again ssh or ftp.
what i done for now :
moving ssh port to non-default port like 3344
allowing 3344 and 8083 (vesta) on TCP_IN
put port 3344 in PORTS_sshd = 3344 (restircted UI items)
restart csf + lfd .so what's the problem ?
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
configuration file is default config and i don't change anything,except recommended setting (like disabling start up services , enable syslog and so on).
ssh login failure works fine ,my problem whit vsftpd still remain ,the correct log that i checked is /var/log/vsftpd.log :
i add this path in /etc/csf/csf.conf ,as ftpd log file or even custom log but not working for fail login attemp :
any idea?
ssh login failure works fine ,my problem whit vsftpd still remain ,the correct log that i checked is /var/log/vsftpd.log :
Code: Select all
Mon Jan 4 21:12:42 2016 [pid 4302] CONNECT: Client "192.169.169.142"
Mon Jan 4 21:12:44 2016 [pid 4301] [admin] FAIL LOGIN: Client "192.169.169.142"
Mon Jan 4 22:25:32 2016 [pid 8471] CONNECT: Client "192.169.169.142"
Mon Jan 4 22:25:34 2016 [pid 8470] [administrator] FAIL LOGIN: Client "192.169.169.142"
Mon Jan 4 23:08:37 2016 [pid 10873] CONNECT: Client "192.169.169.142"
Mon Jan 4 23:08:40 2016 [pid 10872] [test] FAIL LOGIN: Client "192.169.169.142"
Tue Jan 5 18:27:29 2016 [pid 13276] CONNECT: Client "61.216.2.13"
Code: Select all
#FTPD_LOG = "/var/log/secure"
#FTPD_LOG = "/var/log/vsftpd.log"
CUSTOM2_LOG = "/var/log/vsftpd.log"