We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on Vesta 2.0 and expect to release it by the end of 2024. Read more about it: https://vestacp.com/docs/vesta-2-development
[HOWTO] Install CSF + Use it's GUI in VestaCP
[HOWTO] Install CSF + Use it's GUI in VestaCP
Hi guys,
I managed to install the CSF GUI (online web interface) on my VestaCP. I'm going to put up a tutorial soon on how to add this, it was quite simple after a bottle of wine!
Here goes!
Tested on Debian, Ubuntu, and CentOS...
THIS SCRIPT IS FOR Vesta 0.9.8-15 - 0.9.8-21
CSF updated their design in version 9.20 - you need to re-download this in order to see it. Mobile view is always enabled despite what the CSF config shows (resize your browser to see the functions).
IT IS ALWAYS A GOOD IDEA TO BACKUP EVERYTHING. BACKUP CSF + VESTA
Install custom rules for proftpd and vsftpd
Head over to GitHub (I'm slowly migrating everything there) where you will need to edit one file with a few lines to help CSF block incorrect FTP logins.
I managed to install the CSF GUI (online web interface) on my VestaCP. I'm going to put up a tutorial soon on how to add this, it was quite simple after a bottle of wine!
Here goes!
Tested on Debian, Ubuntu, and CentOS...
THIS SCRIPT IS FOR Vesta 0.9.8-15 - 0.9.8-21
CSF updated their design in version 9.20 - you need to re-download this in order to see it. Mobile view is always enabled despite what the CSF config shows (resize your browser to see the functions).
IT IS ALWAYS A GOOD IDEA TO BACKUP EVERYTHING. BACKUP CSF + VESTA
- This will install the most recent version of CSF. If you have CSF installed it will attempt to install/update to the most recent version. If you already have the latest version it will attempt to install it but you will not lose any CSF configuration changes.
- This will also overwrite the file /usr/local/vesta/web/templates/admin/panel.html (a VestaCP template file)
- This script does not install any CSF configuration settings. I would not disable testing mode until you have added VestaCP's port into the configuration of CSF.
- This script does not remove or disable fail2ban or iptables used by Vesta
Code: Select all
wget https://vestacp.ss88.uk/Install_CSF_on_VestaCP/Install.sh -O ./Install.sh
chmod 777 ./Install.sh
sudo ./Install.sh
Head over to GitHub (I'm slowly migrating everything there) where you will need to edit one file with a few lines to help CSF block incorrect FTP logins.
Last edited by SS88 on Thu May 17, 2018 7:45 pm, edited 13 times in total.
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
Nice one.while there is no update from Vesta, it will be nice if you share this HOW TO with people.
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
All done! :)
Let me know any problems / the outcome.
Let me know any problems / the outcome.
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
thank you for update.SS88 wrote:All done! :)
Let me know any problems / the outcome.
this cfs work fine, add one option in vesta nav bar called cfs and look like fine to me.
i started cfs and then followup configuration
i have this question:
1- why cfs can't block fail attempt on ssh port or ftp ?
2- why user must set recommended settings like TESTING mode check,RESTRICT_SYSLOG ,LF_POP3D option check... etc ?and why this option not set to enabled by default?
3-i have to put my office ip on allowed ip to access vesta panel,cfs must to allow port 8083 for users and admin but check failure login attempt.
i run this for first time and not familiar with cfs settings.
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
1) You probably need to update the settings so it's scanning the correct logs, like so:DBBJAF wrote:thank you for update.SS88 wrote:All done! :)
Let me know any problems / the outcome.
this cfs work fine, add one option in vesta nav bar called cfs and look like fine to me.
i started cfs and then followup configuration
i have this question:
1- why cfs can't block fail attempt on ssh port or ftp ?
2- why user must set recommended settings like TESTING mode check,RESTRICT_SYSLOG ,LF_POP3D option check... etc ?and why this option not set to enabled by default?
3-i have to put my office ip on allowed ip to access vesta panel,cfs must to allow port 8083 for users and admin but check failure login attempt.
i run this for first time and not familiar with cfs settings.
2) this script installs the default CSF configuration. The user must enable/disable it himself because every server set-up can be different.erldcrtz wrote: (this is for CentOS 6.5)
HTACCESS_LOG = "/var/log/httpd/error_log"
MODSEC_LOG = "/var/log/httpd/error_log"
SSHD_LOG = "/var/log/secure"
SU_LOG = "/var/log/messages"
FTPD_LOG = "/var/log/secure"
SMTPAUTH_LOG = "/var/log/secure"
POP3D_LOG = "/var/log/maillog"
IMAPD_LOG = "/var/log/maillog"
IPTABLES_LOG = "/var/log/messages"
SUHOSIN_LOG = "/var/log/messages"
BIND_LOG = "/var/log/messages"
SYSLOG_LOG = "/var/log/messages"
3) i do not understand what you are asking
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
thank you.i think whole thing depend on correct logs,but for clearing
thanks btw.
PS:
log file path must set in /etc/csf/csf.logfiles ?
for fist time i cant access vesta panel on port 8083 .thats all i asked.but let me check configuration again.SS88 wrote:3) i do not understand what you are asking
thanks btw.
PS:
log file path must set in /etc/csf/csf.logfiles ?
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
The log file paths must be set in /etc/csf/csf.confDBBJAF wrote:thank you.i think whole thing depend on correct logs,but for clearingfor fist time i cant access vesta panel on port 8083 .thats all i asked.but let me check configuration again.SS88 wrote:3) i do not understand what you are asking
thanks btw.
PS:
log file path must set in /etc/csf/csf.logfiles ?
You must add port 8083 to TCP_IN in /etc/csf/csf.conf
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
ok,still no luck on blocking ip that have more than X failure try again ssh or ftp.
what i done for now :
moving ssh port to non-default port like 3344
allowing 3344 and 8083 (vesta) on TCP_IN
put port 3344 in PORTS_sshd = 3344 (restircted UI items)
restart csf + lfd .so what's the problem ?
what i done for now :
moving ssh port to non-default port like 3344
allowing 3344 and 8083 (vesta) on TCP_IN
put port 3344 in PORTS_sshd = 3344 (restircted UI items)
restart csf + lfd .so what's the problem ?
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
Take a look at "Connection Tracking" and "Login Failure Blocking Alerts" this is what you want.DBBJAF wrote:ok,still no luck on blocking ip that have more than X failure try again ssh or ftp.
what i done for now :
moving ssh port to non-default port like 3344
allowing 3344 and 8083 (vesta) on TCP_IN
put port 3344 in PORTS_sshd = 3344 (restircted UI items)
restart csf + lfd .so what's the problem ?
Re: [HOWTO] Install CSF + Use it's GUI in VestaCP
configuration file is default config and i don't change anything,except recommended setting (like disabling start up services , enable syslog and so on).
ssh login failure works fine ,my problem whit vsftpd still remain ,the correct log that i checked is /var/log/vsftpd.log :
i add this path in /etc/csf/csf.conf ,as ftpd log file or even custom log but not working for fail login attemp :
any idea?
ssh login failure works fine ,my problem whit vsftpd still remain ,the correct log that i checked is /var/log/vsftpd.log :
Code: Select all
Mon Jan 4 21:12:42 2016 [pid 4302] CONNECT: Client "192.169.169.142"
Mon Jan 4 21:12:44 2016 [pid 4301] [admin] FAIL LOGIN: Client "192.169.169.142"
Mon Jan 4 22:25:32 2016 [pid 8471] CONNECT: Client "192.169.169.142"
Mon Jan 4 22:25:34 2016 [pid 8470] [administrator] FAIL LOGIN: Client "192.169.169.142"
Mon Jan 4 23:08:37 2016 [pid 10873] CONNECT: Client "192.169.169.142"
Mon Jan 4 23:08:40 2016 [pid 10872] [test] FAIL LOGIN: Client "192.169.169.142"
Tue Jan 5 18:27:29 2016 [pid 13276] CONNECT: Client "61.216.2.13"
Code: Select all
#FTPD_LOG = "/var/log/secure"
#FTPD_LOG = "/var/log/vsftpd.log"
CUSTOM2_LOG = "/var/log/vsftpd.log"