Cool Slider Effects

Blackdog can provide extraordinary effects to make your site stand out from the crowd

Today is someday

Want Something Like This?

Get in touch for a quote. You won't be disappointed.

Safe Harbor

Twenty years from now you will be more disappointed by the things you didn’t do than by the ones you did do.

Our Freedom

For to be free is not merely to cast off one's chains, but to live in a way that respects and enhances the freedom of others.

Stopping Time

Emancipate yourselves from mental slavery, none but ourselves can free our minds.

Walk the Walk

The trouble with being in the rat race is that even if you win, you're still a rat.

Caged Birds

They told me to grow roots, instead I grew wings. Birds born in a cage think flying is an illness.

Firewall and login failure daemon CSF + LFD

02 October 2014 Written by Security 516
Rate this item
(1 Vote)

So now you have got a beautifully configured web and email VPS set up, with a great graphical interface. What can go wrong?? The problem is that you have left all yours and windows open to possible intruders. A VPS typically has thousands of such ports to allow access you must close these.I like the the multiple features in ConfigServer Security and Firewal + Login Failure Daemon to accomplish this with the graphical interface it provides to Webmin.http://configserver.com/cp/csf.html

Installation is quite straightforward:

rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

Next, test whether you have the required iptables modules:

perl /usr/local/csf/bin/csftest.pl

On a standard BHost VM running Debian or Ubuntu you will typically get an error message for the iptables IP v.6 module. If your VPS is hosted in London this does not matter at the moment. If you are based in Amsterdam install this package from the relevant repository .

Csf installation for cPanel and DirectAdmin is preconfigured to work on those servers with all the standard ports open.

Csf auto-configures your SSH port on installation where it's running on a non-standard port. It auto-whitelists your connected IP address where possible on installation.

You should ensure that kernel logging daemon (klogd) is enabled. Typically, VPS servers running RedHat/CentOS v5 have this disabled and you should check /etc/init.d/syslog and make sure that any klogd lines are not commented out. If you change the file, remember to restart syslog. See the csf.conf and readme.txt files for more information.

Webmin Module Installation/Upgrade

To install or upgrade the csf webmin module: Install csf as above Install the csf webmin module in: Webmin > Webmin Configuration > Webmin Modules > From local file > /usr/local/csf/csfwebmin.tgz > Install Module.

Important : Csf will NOT protect your system until you configure it correctly. By default it runs in training mode which will generate logs of incidents but will NOT block them

Configuration using Webmin

The csf congiguration is accessed via System > ConfigServer Security & Firewall

csf1

As you can see there are a huge array of configuration options. The most important one is Firewall configuration. This opens an even larger array of choices but do not be worried. Every choice is clearly explained in the configuration window.

csf2

Most important is if you want to continue running in training mode for a while to tune your choices. My own preference is to switch this to zero i.e. operational immediately. If you are running services on unusual ports you may wish not to do this until you have opened the relevant ones.Some common ports that may cause problems at this stage are TCP 8080 for Tomcat and if you are running a VPN the TCP or UDP ports associated with that.

The top section of the configuration screen is for the firewall options, to open and close ports and logging options for incidents. You can block anything from a single IP address to whole countries. Do be aware that the tables used here each cause an extra lookup for your server and will slow it down. Country lookups are particularly slow.

The lower portion is to control the lfd (Login Failure Daemon). Personally this is the most important section to concentrate on. Your firewall will close ports that are not needed but you need to protect yourself on the ports you actually need open.

Brute force password attacks are easy to accomplish with a myriad of tools available, so even the most illiterate computer user can do this. Apart from using precious bandwidth and therefore slowing your site down for regular users, these pose a serious security threat. Any password attempts should be limited to three with a permanent IP block if that number is exceeded, for any service.

Using reputable spam blocking sites can also be enabled here. Be cautious using these as they also increase the table size your server uses for IP lookups and slow performance

I would not recommend process logging as it generates too many false positives.

Another tip, don't use the messaging services unless you really need them. Your mailbox will get flooded. It's surprising how many folks have nothing better to do than probe other systems looking for security flaws.

Reports

You should regularly check the repots that csf+lfd generate to ensure they are functioning as you wish i.e. not generating a lot of false positives and blocking regular visitors. Using Webmin a quick check of the tail of your logs can be viewed using System > ConfigServer Security & Firewall > Watch System Logs

csf5

The full log address is shown at the top of this image.

Troubleshooting

If any service blocked from your VPS it is always worth checking if CSF is causing this. Use the Bhost terminal and stop the CSF daemon from running, then check the configuration in Webmin to ensure

1) You have the correct ports open for the service you are trying to run

2) Your IP address has not been blocked for excessive login failures. Make sure your WAN IP address is not in this table /etc/csf/csf.deny.

Conclusion

Csf +lfd work really well with their default settings.

You can easily personalise these to your own satisfaction.

If you would like help with any particular configuration options please do not hesitate to contact me via my website.

Last modified on Wednesday, 08 February 2017 14:03

Related items

Login to post comments

Search

Calendar

« April 2021 »
Mon Tue Wed Thu Fri Sat Sun
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30    

Comments

Please publish modules in offcanvas position.