Hi all,
I am hoping someone can provide a bit of clarification / guidance here. I have a server that was just hacked (before i got security setup) and i am about to re-install everything as it is now hosed. Here are the questions i have.. I really appreciate any help!
The system: My install will be CentOS 5.7 x86_64 running the latest Virtualmin 3.89 GPL (with Webmin) CP. csf v5.43 There will be two domains on the server.
I opened a port in csf (to move ssh from 22) to but it scans as closed still. It is listed in the TCP_IN and OUT section. I also closed port 22 the same way, but didnt work either as i can still connect via ssh on port 22???
So, I am wondering if i missed some steps or config (or anything) when i set it up. Is virtualmin considered a vps to csf? I am lost and would really appreciate any help here...
Thank you. Scott
I run CSF on several cPanel boxes and it is a jewel. I loaded it onto a virtualmin/webmin box yesterday (all latest versions on centOs 6.2) and it locked the box down when it came out of testing mode. Couldn't even ping out of the box (had to use KVM to manage it) and no packets passed in/out of the network. The server was inaccessible all but terminal/KVM.
It stored up hundreds of email alerts though!
We had a hard time finding the binary, but finally removed CSF and flushed iptables etc
Not sure if I am willing to try again....
Love to hear how it goes for you.
// Kaitlyn Considine - SITEWORKS Hosting Network LLC
I had the same issue the first time i tried on 6.2. It appeared that csf did not add my ip to the csf.allow automatically as it was supposed to. (dont know why though but there was a recent csf install bug that was fixed) So my next attempt it worked fine, but i also added my ip to csf.ignore to be safe. All went smooth from there. With the Webmin Module it is pretty much identical to how it works on cpanel.. :)
I now have csf installed as well as OSSEC with the csf front-end support! It has been up for 3 days now and runs like a charm. Here is what i followed for reference: make sure you get csf v5.43
http://configserver.com/cp/csf.html
Installation is quite straightforward:
rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
Next, test whether you have the required iptables modules:
perl /etc/csf/csftest.pl
Don't worry if you cannot run all the features, so long as the script doesn't
report any FATAL errors
You should not run any other iptables firewall configuration script. For
example, if you previously used APF+BFD you can remove the combination (which
you will need to do if you have them installed otherwise they will conflict
horribly):
sh /etc/csf/remove_apf_bfd.sh
That's it. You can then configure csf and lfd by edit the files
directly in /etc/csf/*,
Webmin Module Installation/Upgrade
==================================
To install or upgrade the csf webmin module:
Install csf as above
Install the csf webmin module in:
Webmin > Webmin Configuration > Webmin Modules >
From local file > /etc/csf/csfwebmin.tgz > Install Module
After csf is configured I did the OSSEC install per below..
Install OSSEC
http://www.securecentos.com/extra-security/install-ossec/
A quick howto configure your OSSEC installation for CSF Iptables firewall frontend
http://www.securecentos.com/howto-configure-ossec-for-csf/
Scott Kappler
Thank you for the thorough response and details. I will give it another go!
// Kaitlyn Considine - SITEWORKS Hosting Network LLC
I heard that OSSEC will conflict with CSF. What is the point of using OSSEC? Is CSF not enough? Or it will provide better security if configured properly?
Could anyone tell more what OSSEC could do what CSF can't. Is CSF could be considered as high-level server security solution for Centos+Webmin/Virtualmin?
P.S. I installed CSF few days ago and it was all fine and even added my installation IP to allow list to prevent inaccessibility after installation. Works just like it did on CPanel.
Ilia
"When i installed cfs on this box, i had all settings as default. All csf tests responded with OK. But when it was taken out of testing mode it apparently locked everything out."
Please excuse me for reanimating this old thread. But I have the same issues with Virtualmin and Debian 7. In test mode of CSF anything is ok, but after setting test mode to off everything is locked out.
Is there an incompatibility of Virtualmin/Debian and CSF?