Page 14 of 14

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Posted: Thu Apr 12, 2018 3:42 am
by MAN5
Once CSF installed, have recvd lot of emails from CSF about exceeded resource usages. So i added below lines inside my /etc/csf/csf.pignore.
Is this ok, or anymore Trim/Extend more for better...?

Code: Select all

exe:/usr/local/vesta/nginx/sbin/vesta-nginx
exe:/usr/local/vesta/php/sbin/vesta-php
exe:/usr/lib/dovecot/anvil
exe:/usr/lib/dovecot/auth
exe:/usr/bin/freshclam
exe:/usr/sbin/nginx
exe:/usr/sbin/atd
exe:/usr/sbin/rsyslogd
exe:/usr/sbin/uuidd
exe:/opt/digitalocean/bin/do-agent
exe:/usr/sbin/rsyslogd

cmd:nginx: cache manager process
cmd:/usr/bin/freshclam -d --foreground=true
cmd:/usr/sbin/atd -f
cmd:nginx: worker process
cmd:dovecot/anvil
cmd:/usr/sbin/uuidd --socket-activation
cmd:/usr/sbin/rsyslogd -n
cmd:php-fpm: pool www

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Posted: Mon Apr 16, 2018 11:48 am
by LDPS
SS88 wrote:
Wed Apr 11, 2018 12:09 pm
LDPS wrote:
Tue Apr 10, 2018 8:20 am
Yes, I did everything also. but the lock does not happen ...
Show me your new code. moucho code works for me.
yes please
https://yadi.sk/d/qzCYN2zK3UTKGX
https://yadi.sk/d/qYD54uSK3UTKLE

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Posted: Thu May 17, 2018 6:39 pm
by mephivio
Hi
Do you support the last release 21 of vestacp ?
Thanks

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Posted: Thu May 17, 2018 7:44 pm
by SS88
mephivio wrote:
Thu May 17, 2018 6:39 pm
Hi
Do you support the last release 21 of vestacp ?
Thanks
Yes! :)

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Posted: Mon Jun 25, 2018 6:57 pm
by mephivio
Hi
Do you support the new release 22 ?
thanks

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Posted: Sun Aug 26, 2018 1:26 pm
by usr999
Tried to install like this

Code: Select all

yum -y install perl-libwww-perl perl-LWP-Protocol-https
		curl https://vestacp.ss88.uk/Install_CSF_on_VestaCP/Install.sh > ./InstallCSF.sh
		chmod 777 ./InstallCSF.sh
		sudo ./InstallCSF.sh
		curl https://raw.githubusercontent.com/SS88UK/VestaCP-Server-Installer/master/CentOS7/csf.conf > /etc/csf/csf.conf
		sed -i "s/vEmail/$vEmail/" /etc/csf/csf.conf
		curl https://raw.githubusercontent.com/SS88UK/CSF-Custom-Regex-for-VestaCP/master/regex.custom.pm > /etc/csf/regex.custom.pm
But i don't see panel in web ui

Code: Select all

UI = "1"
UI_PORT = "9443"
UI_ALLOW = "0"



# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,8083,9443"

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Posted: Sun Aug 26, 2018 1:38 pm
by SS88
usr999 wrote:
Sun Aug 26, 2018 1:26 pm
Tried to install like this

Code: Select all

yum -y install perl-libwww-perl perl-LWP-Protocol-https
		curl https://vestacp.ss88.uk/Install_CSF_on_VestaCP/Install.sh > ./InstallCSF.sh
		chmod 777 ./InstallCSF.sh
		sudo ./InstallCSF.sh
		curl https://raw.githubusercontent.com/SS88UK/VestaCP-Server-Installer/master/CentOS7/csf.conf > /etc/csf/csf.conf
		sed -i "s/vEmail/$vEmail/" /etc/csf/csf.conf
		curl https://raw.githubusercontent.com/SS88UK/CSF-Custom-Regex-for-VestaCP/master/regex.custom.pm > /etc/csf/regex.custom.pm
But i don't see panel in web ui
This line;

sed -i "s/vEmail/$vEmail/" /etc/csf/csf.conf

You need to go into /etc/csf/csf.conf and search for vEmail and then change it to your email address or it won't work as expected.

Regarding the CSF link in the panel - I've just tried on V 22 and the link is there. Are you logged in as 'admin' only and not admin -> User?

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Posted: Sun Aug 26, 2018 1:38 pm
by SS88
mephivio wrote:
Mon Jun 25, 2018 6:57 pm
Hi
Do you support the new release 22 ?
thanks
Yup - works with 22 :)

Re: [HOWTO] Install CSF + Use it's GUI in VestaCP

Posted: Sun Aug 26, 2018 3:14 pm
by usr999
SS88 wrote:
Sun Aug 26, 2018 1:38 pm
usr999 wrote:
Sun Aug 26, 2018 1:26 pm
Tried to install like this

Code: Select all

yum -y install perl-libwww-perl perl-LWP-Protocol-https
		curl https://vestacp.ss88.uk/Install_CSF_on_VestaCP/Install.sh > ./InstallCSF.sh
		chmod 777 ./InstallCSF.sh
		sudo ./InstallCSF.sh
		curl https://raw.githubusercontent.com/SS88UK/VestaCP-Server-Installer/master/CentOS7/csf.conf > /etc/csf/csf.conf
		sed -i "s/vEmail/$vEmail/" /etc/csf/csf.conf
		curl https://raw.githubusercontent.com/SS88UK/CSF-Custom-Regex-for-VestaCP/master/regex.custom.pm > /etc/csf/regex.custom.pm
But i don't see panel in web ui



This line;

sed -i "s/vEmail/$vEmail/" /etc/csf/csf.conf

You need to go into /etc/csf/csf.conf and search for vEmail and then change it to your email address or it won't work as expected.

Regarding the CSF link in the panel - I've just tried on V 22 and the link is there. Are you logged in as 'admin' only and not admin -> User?
I changed mail in vEmail, then i run csf -r, and i didn't see working UI

https://IP:9443 doesn't work

csf.conf

Code: Select all

TESTING = "0"

TESTING_INTERVAL = "5"

RESTRICT_SYSLOG = "3"

RESTRICT_SYSLOG_GROUP = "mysyslog"

RESTRICT_UI = "1"

AUTO_UPDATES = "0"


LF_SPI = "1"

TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,8083,2812,12000:12100,40000:42000,19999,9443"

TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995,8083,3306,12000:12100,40000:42020,9443"

UDP_IN = "20,21,53"

UDP_OUT = "20,21,53,113,123"

ICMP_IN = "1"

ICMP_IN_RATE = "0"

ICMP_OUT = "1"

ICMP_OUT_RATE = "0"

IPV6 = "0"

IPV6_ICMP_STRICT = "1"

IPV6_SPI = "1"

TCP6_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,8083,2812,4949,12000:12100,2525,7777,40000:42000"

TCP6_OUT = "20,21,22,25,53,80,110,113,443,587,993,995,40000:42000"

UDP6_IN = "20,21,53"

UDP6_OUT = "20,21,53,113,123"

ETH_DEVICE = ""

ETH6_DEVICE = ""

ETH_DEVICE_SKIP = ""

USE_CONNTRACK = "1"

SYSLOG_CHECK = "3600"

IGNORE_ALLOW = "1"

DNS_STRICT = "0"

DNS_STRICT_NS = "0"

DENY_IP_LIMIT = "2000"

DENY_TEMP_IP_LIMIT = "1000"

LF_DAEMON = "1"

LF_CSF = "1"

FASTSTART = "1"

LF_IPSET = "0"

WAITLOCK = "0"
WAITLOCK_TIMEOUT = "300"

LF_IPSET_HASHSIZE = "1024"

LF_IPSET_MAXELEM = "65536"

LFDSTART = "0"

VERBOSE = "1"

PACKET_FILTER = "1"

LF_LOOKUPS = "0"

STYLE_CUSTOM = "1"

STYLE_MOBILE = "1"

SMTP_BLOCK = "0"

SMTP_ALLOWLOCAL = "1"

SMTP_REDIRECT = "0"

SMTP_PORTS = "25,465,587,2525"

SMTP_ALLOWUSER = "admin"
SMTP_ALLOWGROUP = "mail,mailman"

SMTPAUTH_RESTRICT = "0"

SYNFLOOD = "0"
SYNFLOOD_RATE = "100/s"
SYNFLOOD_BURST = "150"

CONNLIMIT = "22;5"

PORTFLOOD = ""

UDPFLOOD = "1"
UDPFLOOD_LIMIT = "150/s"
UDPFLOOD_BURST = "150"

UDPFLOOD_ALLOWUSER = "named,bind"

SYSLOG = "0"

DROP = "DROP"

DROP_LOGGING = "0"

DROP_IP_LOGGING = "0"

DROP_OUT_LOGGING = "1"

DROP_UID_LOGGING = "1"

DROP_ONLYRES = "0"

DROP_NOLOG = "67,68,111,113,135:139,445,500,513,520"

DROP_PF_LOGGING = "0"

CONNLIMIT_LOGGING = "0"

UDPFLOOD_LOGGING = "1"

LOGFLOOD_ALERT = "0"

WATCH_MODE = "0"

LF_ALERT_TO = "mymail@gmail.com"

LF_ALERT_FROM = ""

LF_ALERT_SMTP = ""

BLOCK_REPORT = ""

UNBLOCK_REPORT = ""

X_ARF = "0"

X_ARF_FROM = ""

X_ARF_TO = ""

X_ARF_ABUSE = "0"

LF_PERMBLOCK = "1"
LF_PERMBLOCK_INTERVAL = "86400"
LF_PERMBLOCK_COUNT = "10"
LF_PERMBLOCK_ALERT = "1"

LF_NETBLOCK = "1"
LF_NETBLOCK_INTERVAL = "86400"
LF_NETBLOCK_COUNT = "4"
LF_NETBLOCK_CLASS = "C"
LF_NETBLOCK_ALERT = "1"

LF_NETBLOCK_IPV6 = ""

SAFECHAINUPDATE = "0"

DYNDNS = "0"

DYNDNS_IGNORE = "0"

LF_GLOBAL = "0"

GLOBAL_ALLOW = ""
GLOBAL_DENY = ""
GLOBAL_IGNORE = ""

GLOBAL_DYNDNS = ""

GLOBAL_DYNDNS_INTERVAL = "600"

GLOBAL_DYNDNS_IGNORE = "0"

LF_BOGON_SKIP = ""

URLGET = "2"

CC_DENY = ""
CC_ALLOW = ""

CC_ALLOW_FILTER = ""

CC_ALLOW_PORTS = ""

CC_ALLOW_PORTS_TCP = ""
CC_ALLOW_PORTS_UDP = ""

CC_DENY_PORTS = ""

CC_DENY_PORTS_TCP = ""
CC_DENY_PORTS_UDP = ""

CC_IGNORE = ""

CC_ALLOW_SMTPAUTH = ""

CC_DROP_CIDR = ""

CC_LOOKUPS = "0"

CC6_LOOKUPS = "0"

CC_INTERVAL = "7"

LF_TRIGGER = "25"

LF_TRIGGER_PERM = "1"

LF_SELECT = "0"

LF_EMAIL_ALERT = "1"

LF_SSHD = "20"
LF_SSHD_PERM = "1"

LF_FTPD = "20"
LF_FTPD_PERM = "1"

LF_SMTPAUTH = "20"
LF_SMTPAUTH_PERM = "1"

LF_EXIMSYNTAX = "20"
LF_EXIMSYNTAX_PERM = "1"

LF_POP3D = "20"
LF_POP3D_PERM = "1"

LF_IMAPD = "20"
LF_IMAPD_PERM = "1"

LF_HTACCESS = "20"
LF_HTACCESS_PERM = "1"

LF_MODSEC = "20"
LF_MODSEC_PERM = "1"

LF_BIND = "0"
LF_BIND_PERM = "1"

LF_SUHOSIN = "0"
LF_SUHOSIN_PERM = "1"

LF_CXS = "0"
LF_CXS_PERM = "1"

LF_QOS = "0"
LF_QOS_PERM = "1"

LF_SYMLINK = "0"
LF_SYMLINK_PERM = "1"

LF_WEBMIN = "0"
LF_WEBMIN_PERM = "1"

LF_SSH_EMAIL_ALERT = "1"

LF_SU_EMAIL_ALERT = "1"

LF_WEBMIN_EMAIL_ALERT = "0"

LF_CONSOLE_EMAIL_ALERT = "0"

LF_APACHE_404 = "0"

LF_APACHE_404_PERM = "3600"

LF_APACHE_403 = "0"

LF_APACHE_403_PERM = "3600"

LF_EXPLOIT = "300"

LF_EXPLOIT_IGNORE = ""

LF_INTERVAL = "3600"

LF_PARSE = "5"

LF_FLUSH = "3600"

LF_REPEATBLOCK = "0"

LF_BLOCKINONLY = "0"

LF_DIRWATCH = "300"

LF_DIRWATCH_DISABLE = "0"

LF_DIRWATCH_FILE = "0"

LF_INTEGRITY = "3600"

LF_DISTATTACK = "1"

LF_DISTATTACK_UNIQ = "2"

LF_DISTFTP = "0"

LF_DISTFTP_UNIQ = "3"

LF_DISTFTP_PERM = "1"

LF_DISTFTP_ALERT = "1"

LF_DISTSMTP = "0"

LF_DISTSMTP_UNIQ = "3"

LF_DISTSMTP_PERM = "1"

LF_DISTSMTP_ALERT = "1"

LF_DIST_INTERVAL = "300"

LF_DIST_ACTION = ""

LT_POP3D = "60"

LT_IMAPD = "120"

LT_EMAIL_ALERT = "1"

LT_SKIPPERMBLOCK = "1"

CT_LIMIT = "80"

CT_INTERVAL = "30"

CT_EMAIL_ALERT = "1"

CT_PERMANENT = "0"

CT_BLOCK_TIME = "1800"

CT_SKIP_TIME_WAIT = "1"

CT_STATES = ""

CT_PORTS = "80,443"

PT_LIMIT = "0"

PT_INTERVAL = "60"

PT_SKIP_HTTP = "1"

PT_DELETED = "0"

PT_DELETED_ACTION = ""

PT_USERPROC = "10"

PT_USERMEM = "400"

PT_USERTIME = "1800"

PT_USERKILL = "0"

PT_USERKILL_ALERT = "1"

PT_USER_ACTION = ""

PT_LOAD = "30"
PT_LOAD_AVG = "5"
PT_LOAD_LEVEL = "6"
PT_LOAD_SKIP = "3600"

PT_APACHESTATUS = "http://127.0.0.1/server-status"

PT_LOAD_ACTION = ""

PT_FORKBOMB = "200"

PT_SSHDHUNG = "0"

PS_INTERVAL = "0"
PS_LIMIT = "15"

PS_PORTS = "0:65535,ICMP"

PS_DIVERSITY = "1"

PS_PERMANENT = "0"
PS_BLOCK_TIME = "3600"

PS_EMAIL_ALERT = "1"

UID_INTERVAL = "300"
UID_LIMIT = "11"

UID_PORTS = "0:65535,ICMP"

AT_ALERT = "2"

AT_INTERVAL = "60"

AT_NEW = "1"

AT_OLD = "1"

AT_PASSWD = "1"

AT_UID = "1"

AT_GID = "1"

AT_DIR = "1"

AT_SHELL = "1"

UI = "1"

UI_PORT = "6666"

UI_IP = ""

UI_USER = "username"

UI_PASS = "password"

UI_TIMEOUT = "300"

UI_CHILDREN = "5"

UI_RETRY = "5"

UI_BAN = "1"

UI_ALLOW = "0"

UI_BLOCK = "1"

UI_ALERT = "4"

UI_CIPHER = "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH"

UI_SSL_VERSION = "SSLv23:!SSLv3:!SSLv2"

UI_CXS = "0"

UI_CSE = "0"

MESSENGER = "1"

MESSENGER_TEMP = "1"

MESSENGER_PERM = "1"

MESSENGER_USER = "csf"

MESSENGER_CHILDREN = "4"

MESSENGER_HTML = "8888"

MESSENGER_HTML_IN = "80,2082,2095"

MESSENGER_TEXT = "8889"

MESSENGER_TEXT_IN = "21"

MESSENGER_RATE = "30/m"
MESSENGER_BURST = "5"

CLUSTER_SENDTO = ""

CLUSTER_RECVFROM = ""

CLUSTER_MASTER = ""

CLUSTER_NAT = ""

CLUSTER_LOCALADDR = ""

CLUSTER_PORT = ""

CLUSTER_KEY = ""

CLUSTER_BLOCK = "0"

CLUSTER_CONFIG = "0"

CLUSTER_CHILDREN = "0"

PORTKNOCKING = ""

PORTKNOCKING_LOG = "1"

PORTKNOCKING_ALERT = "0"

LOGSCANNER = "0"

LOGSCANNER_INTERVAL = "hourly"

LOGSCANNER_STYLE = "1"

LOGSCANNER_EMPTY = "1"

LOGSCANNER_LINES = "5000"

ST_ENABLE = "0"

ST_IPTABLES = "100"

ST_LOOKUP = "0"

ST_SYSTEM = "1"

ST_SYSTEM_MAXDAYS = "30"

ST_MYSQL = "0"

ST_MYSQL_USER = "root"
ST_MYSQL_PASS = ""
ST_MYSQL_HOST = "localhost"

ST_APACHE = "0"

ST_DISKW = "1"

ST_DISKW_FREQ = "5"

ST_DISKW_DD = "if=/dev/zero of=/var/lib/csf/dd_test bs=1MB count=64 conv=fdatasync"

IPTABLES = "/sbin/iptables"
IPTABLES_SAVE = "/sbin/iptables-save"
IPTABLES_RESTORE = "/sbin/iptables-restore"
IP6TABLES = "/sbin/ip6tables"
IP6TABLES_SAVE = "/sbin/ip6tables-save"
IP6TABLES_RESTORE = "/sbin/ip6tables-restore"
MODPROBE = "/sbin/modprobe"
IFCONFIG = "/sbin/ifconfig"
SENDMAIL = "/usr/sbin/sendmail"
PS = "/bin/ps"
VMSTAT = "/usr/bin/vmstat"
NETSTAT = "/bin/netstat"
LS = "/bin/ls"
MD5SUM = "/usr/bin/md5sum"
TAR = "/bin/tar"
CHATTR = "/usr/bin/chattr"
UNZIP = "/usr/bin/unzip"
GUNZIP = "/bin/gunzip"
DD = "/bin/dd"
TAIL = "/usr/bin/tail"
GREP = "/bin/grep"
IPSET = "/usr/sbin/ipset"
SYSTEMCTL = "/bin/systemctl"
HOST = "/usr/bin/host"
IP = "/sbin/ip"

HTACCESS_LOG = "/var/log/nginx/error.log"
MODSEC_LOG = "/var/log/httpd/error_log"
SSHD_LOG = "/var/log/secure"
SU_LOG = "/var/log/secure"
FTPD_LOG = "/var/log/vsftpd.log"
SMTPAUTH_LOG = "/var/log/dovecot.log"
POP3D_LOG = "/var/log/dovecot.log"
IMAPD_LOG = "/var/log/dovecot.log"
IPTABLES_LOG = "/var/log/messages"
SUHOSIN_LOG = "/var/log/messages"
BIND_LOG = "/var/log/messages"
SYSLOG_LOG = "/var/log/messages"
WEBMIN_LOG = "/var/log/auth.log"

CUSTOM1_LOG = "/var/log/customlog"
CUSTOM2_LOG = "/var/log/customlog"
CUSTOM3_LOG = "/var/log/customlog"
CUSTOM4_LOG = "/var/log/customlog"
CUSTOM5_LOG = "/var/log/customlog"
CUSTOM6_LOG = "/var/log/customlog"
CUSTOM7_LOG = "/var/log/customlog"
CUSTOM8_LOG = "/var/log/customlog"
CUSTOM9_LOG = "/var/log/customlog"

PORTS_pop3d = "110,995"
PORTS_imapd = "143,993"
PORTS_htpasswd = "80,443"
PORTS_mod_security = "80,443"
PORTS_mod_qos = "80,443"
PORTS_symlink = "80,443"
PORTS_suhosin = "80,443"
PORTS_cxs = "80,443"
PORTS_bind = "53;udp,53;tcp"
PORTS_ftpd = "20,21"
PORTS_webmin = "10000"
PORTS_smtpauth = "25,465,587,2525"
PORTS_eximsyntax = "25,465,587,2525"
PORTS_sshd = "22"

GENERIC = "1"

DEBUG = "0"