[PLUGIN] ConfigServer Security & Firewall

I've installed this plugin succesfully, which means it's integrated in DA.

But, it says: Firewall Status: Enabled but Stopped.

Then, when i click the 'Start' button it gives me this error:

Code: 
Error: /sbin/iptables (iptables binary location) does not exist!, at line 26

Anyone knows how to solve this problem?
 
What OS distribution are you using?

When using a root shell login, what is the response to:
Code: 
# whereis iptables
Do not type the # character; it's there to tell you that you shold do this as root.

Jeff
 
iptables is not properly installed on your server.

You may want to try updating it or installing it using yum.

Note that iptables depends on certain kernel functionality. Messing with it could break your system and I take no responsibility. If you're not sure you should hire someone to do it for you. For example, we guarantee our work, but we don't guarantee answers on the forum.

Jeff
 
Thanks for this firewall. Shows some interesting things on the server, really great.

I have a question about adding to the firewall.

How do I stop someone from ip spoofing a dedicated websites IP.
I did a dns check on a url that is hiting my website and they have
one of my assigned dedicated ip's as there own A record on 7 urls of theirs.
I checked the url's and my site loads, but there url is in the browser.
I understand it's possible to block & stop IP spoofing through a firewall, though I cant
find instruction's on how to add this type of block to a firewall.
Would anyone know how I would add my dedicated IP's to the firewall to
only work from my server and not from anyone else's server.
Seems sort of strange that anyone can have an A record of dedicated ip address
and show someelses website without permission. Thats a bit illegal right.
Bit stuck, any help is appreciated.
 
It is not illegal (probably immoral, so you could bring them to justice and make them stop but not make them pay), it is not spoofing and it is relatively harmless.
The only thing they gain is publicity towards their domain, which they can point anywhere else at any time (and they could also do phishing, which is illegal).

You can easily block it by adding a virtualhost to the IP address of the targeted website pointing to /dev/null, either with a ServerAlias line for every "attacking" hostname or being the default virtualhost for the given IP address.
 
Or you could link it to something nasty:
Sorry, but site has been closed because the owner has been imprisoned for murdering his entire family.
Click to expand...
:D

More specifically, to Jonn:

You can't tell where a DNS hit comes from, so you can't block hits originating from someone else's DNS rather than yours.

One possibility is to contact the domain's registrar, and complain to them that it's not your site and it's wasting resources on your computer.

It probably is illegal in some jurisdictions (California, US comes to mind) because the perpetrator is using resources on your server without justification or permission.

Another thing you can do is put into your terms of service that if anyone points to your server without actually having a site there, and so using your resources, must pay you $100 (or whatever) for every hit. Then hire an aggressive attorney to go after them :).

Jeff
 
Question about CSF from another thread

I read this from another thread.

Warning: The Latest version of CSF does not work properly with DirectAdmin on CentOS 5 machines with Apache 2+

Does this still apply?

I went to the CSF web site and can see they show CSF supports
Supported and Tested Operating Systems

RedHat Enterprise v3, v4, v5 (32/64 bit)
CentOS v3, v4, v5 (32/64 bit)

My system is
Redhat CentOS 5.0
Server Version 1.33.1
Apache 2.2.6

CSF looks very good if I can use it

Thanks

Daniel
IO Wow
 
Everything seems to have gone very quiet

Question about CSF from another thread
I read this from another thread.

Warning: The Latest version of CSF does not work properly with DirectAdmin on CentOS 5 machines with Apache 2+

Does this still apply?

I went to the CSF web site and can see they show CSF supports
Supported and Tested Operating Systems

RedHat Enterprise v3, v4, v5 (32/64 bit)
CentOS v3, v4, v5 (32/64 bit)

My system is
Redhat CentOS 5.0
Server Version 1.33.1
Apache 2.2.6

CSF looks very good if I can use it

Thanks

Daniel
IO Wow
 
Many thanks for your reply about CSF

Many thanks for your reply.

CSF looks very good if I can use it to protect our server.

I will try to install over the next couple of days.

best wishes

Daniel
IO Wow
 
hi guyz ! i got an error ! GUI panel from Admin Level was disappeared , for about 2month i used APF , and now i want use CSF , so i uninstalled APF and now i installed CSF , but when i go to CSF GUI Panel ! everything was disappeard , there is nothing , what's wrong with me 1? it's for what ?!
 
LOG tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_IN Blocked* '
LOG tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *TCP_OUT Blocked* '
LOG udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_IN Blocked* '
LOG udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *UDP_OUT Blocked* '
LOG icmp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_IN Blocked* '
LOG icmp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix `Firewall: *ICMP_OUT Blocked* '
You — 2009-08-04 13:27

What is this about^? Everything seems to be working ok though.

If I flush your iptables (-F) I cannot access server as the default policy is set to: DENY, how do I change this?

iptables -L |grep policy
Chain INPUT (policy DROP)
Chain FORWARD (policy DROP)
Chain OUTPUT (policy DROP)
 
Can you guys help me please with configuration on LFD?
I'm keep getting emails every single hour with info that mySQL is exceeding virtual memory and time.

Here is message:
Code: 
Account:      mysql
Resource:     Process Time
Exceeded:     153768 > 1800 (seconds)
Executable:   /usr/local/mysql-5.1.34-linux-i686/bin/mysqld
Command Line: /usr/local/mysql/bin/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data --user=mysql --log-error=/usr/local/mysql/data/serv.p-xl.com.err --pid-file=/usr/local/mysql/data/serv.pid
PID:          21570
Killed:       No

I know about that and want to LFD to ignore it. I've added 3 extra lines in csf.pignore

Code: 
exe:/usr/local/mysql-5.1.34-linux-i686/bin/mysqld
user:mysql
cmd:/usr/local/mysql/bin/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data --user=mysql --log-error=/usr/local/mysql/data/serv.p-xl.com.err --pid-file=/usr/local/mysql/data/serv.pid

But it keeps sending me emails... any ideas?
I'm runing DA 1.33.7 on Debian 5. Its a VPS server.
I know I can turn off email messages in cron totally, but would like to avoid it...

Many thanks for any help.
Mac
 
Hey folks i'm getting an big error on this plugin.

Starting lfd:Can't locate LWP/UserAgent.pm in @INC (@INC contains: /etc/csf /usr/lib/perl5/site_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.7/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.6/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl/5.8.7 /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.7/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.6/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl/5.8.7 /usr/lib/perl5/vendor_perl/5.8.6 /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.8/i386-linux-thread-multi /usr/lib/perl5/5.8.8 .) at /usr/sbin/lfd line 4756, <DATA> line 290.
BEGIN failed--compilation aborted at /usr/sbin/lfd line 4756, <DATA> line 290.
Click to expand...

Can you tell me what is causing this?
 
Solved it by

yum install -y perl-libwww-perl

I'm still getting the error on mount option. says no permission to look at ...

BTW i'm using a VPS.
 
You must log in or register to reply here.
Back
Top