Page 6 of 12 FirstFirst ... 45678 ... LastLast
Results 101 to 120 of 235

Thread: [PLUGIN] ConfigServer Security & Firewall

  1. #101
    Join Date
    Aug 2009
    Posts
    11
    Just a few questions regarding this.

    I am thinking of installing this however we send an email newsletter to 14k every two weeks, Will this stop the emails with its advanced flood control or limit any email send?

    Also will this by default disable the CentOS firewall?

  2. #102
    Join Date
    Oct 2009
    Posts
    17
    Ya you disable the default CentOS firewall(s) and run csf. It's based on iptables.

  3. #103
    Join Date
    Oct 2009
    Posts
    5
    will these steps for securing /tmp work for a vps?

    my fstab is :
    none /dev/pts devpts rw 0 0

  4. #104
    Join Date
    Dec 2005
    Location
    The Netherlands
    Posts
    172
    Quote Originally Posted by metthyn View Post
    will these steps for securing /tmp work for a vps?

    my fstab is :
    none /dev/pts devpts rw 0 0
    A good VPS (with hardware virtualisation) should work the same way as a dedicated server when you are logged in. Ofcourse you need to compare it with something with similair RAM/CPU/harddisc capacity.
    Operating system: Debian
    DNSSEC plugin for DA: http://forum.directadmin.com/showthread.php?t=47487

  5. #105
    Join Date
    Dec 2007
    Posts
    22
    Code:
    Jan  5 14:01:39 ln02 lfd[4885]: *Suspicious Process* PID:3137 User:avahi Uptime:78887 secs EXE:/usr/sbin/avahi-daemon\00\00\00\00\00\00\00\00\a1\01\00\00\00\00\00\00h (deleted) CMD:avahi-daemon: running [ln02.local]
    Jan  5 14:01:40 ln02 lfd[4885]: *Suspicious Process* PID:3144 User:avahi Uptime:78887 secs EXE:/usr/sbin/avahi-daemon\00\00\00\00\00\00\00\00\a1\01\00\00\00\00\00\00h (deleted) CMD:avahi-daemon: chroot helper
    Jan  5 14:01:40 ln02 lfd[4885]: *User Processing* PID:3168 Kill:0 User:clamav Time:78880 EXE:/usr/local/bin/freshclam CMD:/usr/local/bin/freshclam -d -c 6
    Jan  5 14:04:40 ln02 lfd[4913]: *Suspicious Process* PID:2344 User:haldaemon Uptime:79090 secs EXE:/usr/sbin/hald\00]\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00 (deleted) CMD:hald
    Jan  5 14:04:40 ln02 lfd[4913]: *Suspicious Process* PID:2353 User:haldaemon Uptime:79089 secs EXE:/usr/libexec/hald-addon-acpi\00\00\00\00\00\04\00\00\00\00\00\00\00\90rL\0b (deleted) CMD:hald-addon-acpi: listening on acpid socket /var/run/acpid.socket
    Jan  5 14:04:40 ln02 lfd[4913]: *Suspicious Process* PID:2687 User:mysql Uptime:79081 secs EXE:/usr/sbin/mysqld\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00 (deleted) CMD:/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --log-error=/var/lib/mysql/ln02.bsg.vn.err --pid-file=/var/lib/mysql/ln02.bsg.vn.pid --socket=/var/lib/mysql/mysql.sock --port=3306
    Jan  5 14:04:40 ln02 lfd[4913]: *Suspicious Process* PID:3072 User:ftp Uptime:79068 secs EXE:/usr/sbin/proftpd\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00 (deleted) CMD:proftpd: (accepting connections)
    Jan  5 14:24:18 ln02 lfd[5188]: *SSH login* from 113.160.2.226 into the root account using password authentication
    Jan  5 15:01:50 ln02 lfd[5741]: *Suspicious Process* PID:3137 User:avahi Uptime:82498 secs EXE:/usr/sbin/avahi-daemon\00\00\00\00\00\00\00\00\a1\01\00\00\00\00\00\00h (deleted) CMD:avahi-daemon: running [ln02.local]
    Jan  5 15:01:51 ln02 lfd[5741]: *Suspicious Process* PID:3144 User:avahi Uptime:82497 secs EXE:/usr/sbin/avahi-daemon\00\00\00\00\00\00\00\00\a1\01\00\00\00\00\00\00h (deleted) CMD:avahi-daemon: chroot helper
    Jan  5 15:01:51 ln02 lfd[5741]: *User Processing* PID:3168 Kill:0 User:clamav Time:82490 EXE:/usr/local/bin/freshclam CMD:/usr/local/bin/freshclam -d -c 6
    Jan  5 15:04:51 ln02 lfd[5769]: *Suspicious Process* PID:2344 User:haldaemon Uptime:82701 secs EXE:/usr/sbin/hald\00]\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00 (deleted) CMD:hald
    Jan  5 15:04:51 ln02 lfd[5769]: *Suspicious Process* PID:2353 User:haldaemon Uptime:82700 secs EXE:/usr/libexec/hald-addon-acpi\00\00\00\00\00\04\00\00\00\00\00\00\00\90rL\0b (deleted) CMD:hald-addon-acpi: listening on acpid socket /var/run/acpid.socket
    Jan  5 15:04:51 ln02 lfd[5769]: *Suspicious Process* PID:2687 User:mysql Uptime:82692 secs EXE:/usr/sbin/mysqld\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00 (deleted) CMD:/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --log-error=/var/lib/mysql/ln02.bsg.vn.err --pid-file=/var/lib/mysql/ln02.bsg.vn.pid --socket=/var/lib/mysql/mysql.sock --port=3306
    Jan  5 15:04:51 ln02 lfd[5769]: *Suspicious Process* PID:3072 User:ftp Uptime:82679 secs EXE:/usr/sbin/proftpd\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00 (deleted) CMD:proftpd: (accepting connections)
    Jan  5 16:02:01 ln02 lfd[6661]: *Suspicious Process* PID:3137 User:avahi Uptime:86109 secs EXE:/usr/sbin/avahi-daemon\00\00\00\00\00\00\00\00\a1\01\00\00\00\00\00\00h (deleted) CMD:avahi-daemon: running [ln02.local]
    Jan  5 16:02:01 ln02 lfd[6661]: *Suspicious Process* PID:3144 User:avahi Uptime:86108 secs EXE:/usr/sbin/avahi-daemon\00\00\00\00\00\00\00\00\a1\01\00\00\00\00\00\00h (deleted) CMD:avahi-daemon: chroot helper
    Jan  5 16:02:01 ln02 lfd[6661]: *User Processing* PID:3168 Kill:0 User:clamav Time:86101 EXE:/usr/local/bin/freshclam CMD:/usr/local/bin/freshclam -d -c 6
    Jan  5 16:05:01 ln02 lfd[6695]: *Suspicious Process* PID:2344 User:haldaemon Uptime:86311 secs EXE:/usr/sbin/hald\00]\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00 (deleted) CMD:hald
    Jan  5 16:05:01 ln02 lfd[6695]: *Suspicious Process* PID:2353 User:haldaemon Uptime:86310 secs EXE:/usr/libexec/hald-addon-acpi\00\00\00\00\00\04\00\00\00\00\00\00\00\90rL\0b (deleted) CMD:hald-addon-acpi: listening on acpid socket /var/run/acpid.socket
    Jan  5 16:05:01 ln02 lfd[6695]: *Suspicious Process* PID:2687 User:mysql Uptime:86302 secs EXE:/usr/sbin/mysqld\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00 (deleted) CMD:/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --log-error=/var/lib/mysql/ln02.bsg.vn.err --pid-file=/var/lib/mysql/ln02.bsg.vn.pid --socket=/var/lib/mysql/mysql.sock --port=3306
    Jan  5 16:05:01 ln02 lfd[6695]: *Suspicious Process* PID:3072 User:ftp Uptime:86289 secs EXE:/usr/sbin/proftpd\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00 (deleted) CMD:proftpd: (accepting connections)
    Jan  5 16:35:34 ln02 lfd[7110]: 5 (sshd) login failures from 58.61.149.213 in the last 300 secs - *Blocked in csf*
    Jan  5 17:02:11 ln02 lfd[7546]: *Suspicious Process* PID:3137 User:avahi Uptime:89719 secs EXE:/usr/sbin/avahi-daemon\00\00\00\00\00\00\00\00\a1\01\00\00\00\00\00\00h (deleted) CMD:avahi-daemon: running [ln02.local]
    Jan  5 17:02:11 ln02 lfd[7546]: *Suspicious Process* PID:3144 User:avahi Uptime:89718 secs EXE:/usr/sbin/avahi-daemon\00\00\00\00\00\00\00\00\a1\01\00\00\00\00\00\00h (deleted) CMD:avahi-daemon: chroot helper
    Jan  5 17:02:11 ln02 lfd[7546]: *User Processing* PID:3168 Kill:0 User:clamav Time:89711 EXE:/usr/local/bin/freshclam CMD:/usr/local/bin/freshclam -d -c 6
    Jan  5 17:05:11 ln02 lfd[7581]: *Suspicious Process* PID:2344 User:haldaemon Uptime:89921 secs EXE:/usr/sbin/hald\00]\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00 (deleted) CMD:hald
    Jan  5 17:05:11 ln02 lfd[7581]: *Suspicious Process* PID:2353 User:haldaemon Uptime:89920 secs EXE:/usr/libexec/hald-addon-acpi\00\00\00\00\00\04\00\00\00\00\00\00\00\90rL\0b (deleted) CMD:hald-addon-acpi: listening on acpid socket /var/run/acpid.socket
    Jan  5 17:05:11 ln02 lfd[7581]: *Suspicious Process* PID:2687 User:mysql Uptime:89912 secs EXE:/usr/sbin/mysqld\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00 (deleted) CMD:/usr/sbin/mysqld --basedir=/ --datadir=/var/lib/mysql --user=mysql --log-error=/var/lib/mysql/ln02.bsg.vn.err --pid-file=/var/lib/mysql/ln02.bsg.vn.pid --socket=/var/lib/mysql/mysql.sock --port=3306
    Jan  5 17:05:11 ln02 lfd[7581]: *Suspicious Process* PID:3072 User:ftp Uptime:89899 secs EXE:/usr/sbin/proftpd\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00 (deleted) CMD:proftpd: (accepting connections)

    This is log of ldf on my server, so it sends many email to root.
    How do i disable it?
    Thanks.

  6. #106
    Join Date
    Jan 2008
    Location
    /dev/null
    Posts
    702
    In the file '/etc/csf.pignore' you can add ignores like

    exe:link-to-executable
    or
    user:username (like: user:haldaemon)

    After changing you need to restart csf/lfd to have effect.

  7. #107
    Join Date
    Dec 2007
    Posts
    22
    This is content of csf.pignore in my server
    Code:
    exe:/usr/sbin/sshd
    exe:/usr/sbin/proftpd
    exe:/usr/libexec/gam_server
    exe:/usr/sbin/named
    exe:/usr/sbin/exim
    exe:/usr/sbin/mysqld
    exe:/usr/sbin/mysqld_safe
    exe:/usr/libexec/hald-addon-acpi
    exe:/usr/sbin/hald
    exe:/bin/dbus-daemon
    exe:/usr/bin/dbus-daemon-1
    exe:/usr/libexec/hald-addon-keyboard
    exe:/usr/libexec/dovecot/pop3-login
    exe:/usr/libexec/dovecot/imap-login
    exe:/usr/local/directadmin/directadmin
    exe:/usr/local/directadmin/dataskq
    exe:/usr/sbin/httpd
    exe:/usr/sbin/avahi-daemon
    But every hours in Mail Queue Administration, there are many mails to root is queue.

  8. #108
    Join Date
    Jul 2009
    Location
    iran,hamedan
    Posts
    8
    i have the same problem here

  9. #109
    Join Date
    Aug 2008
    Posts
    246
    hello
    i have install csf on my openvz vps and after that solv passport and ... .
    now when i try enable it we cant access to directadmin ...httpd...and all of protocol down.untill disable csf

  10. #110
    Join Date
    Feb 2007
    Posts
    486
    unable to run.

    I install with below cmd:

    wget http://www.configserver.com/free/csf.tgz
    tar -xzf csf.tgz
    cd csf
    sh install.sh
    rm -fv etc/csf/csf.conf
    wget -q -O /etc/csf/csf.conf http://www.oakdns.net/downloads/csf.conf
    chmod 0600 /etc/csf/csf.conf
    error as below:

    http://img200.imageshack.us/img200/6835/lfdq.png

  11. #111
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    When I try your link all I see is an empty page.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  12. #112
    Join Date
    Aug 2008
    Posts
    246
    hello.
    when csf is enable.directadmin cant send backup via ftp to other server. i have this error:
    User alex has been backed up.
    Data connection timed out.
    Data connection timed out.
    Data connection timed out.
    Falling back to PORT instead of PASV mode.
    Could not read reply from control connection -- timed out.
    ncftpput /home/tmp/admin/user.admin.alex.tar.gz: timed out while waiting for server response.

    when i try to disable csf and run backup again.its ok and creat and send backup withut problem.

    note:
    i add 30000:35000 to TCP_IN and TCP_OUT

  13. #113
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    Personally if CSF doesn't allow passive (PASV) mode by default, I wouldn't use it; I hope someone more familiar than I with CSF can tell us how to set it up to add PASV connections.

    My understanding is that to enable PASV connections you have to add the

    ipv4/netfilter/ip_conntrack_ftp.ko

    module to the kernel (it should be in modern kernels by default), and then set it to be used in the firewall with:
    Code:
    /sbin/modprobe ip_conntrack_ftp
    (added as root).

    but I don't know enought about csv to see if it's already there and if your problem is simply that your kernel doesn't have the module, nor do I know if any other code needs to be applied on your system.

    As I've written previously, I use KISS precisely because it's so simple.
    note:
    i add 30000:35000 to TCP_IN and TCP_OUT
    This is a simple workaround, but you also need to make changes to the ProFTPd configuration file to allow the use of these ports; it's not in the fault configuration. You need to add to your proftpd.conf file:
    Code:
    PassivePorts 30000 35000
    and restart proftpd.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  14. #114
    Join Date
    Aug 2008
    Posts
    246
    i do it and then enable csf but it cant send backup again.

    i try iptable modul test and its my output:

    Testing iptables...

    Testing ip_tables/iptable_filter...OK
    Testing ipt_LOG...OK
    Testing ipt_multiport/xt_multiport...OK
    Testing ipt_REJECT...OK
    Testing ipt_state/xt_state...OK
    Testing ipt_limit/xt_limit...OK
    Testing ipt_recent...OK
    Testing ipt_owner...OK
    Testing iptable_nat/ipt_REDIRECT...OK

  15. #115
    Join Date
    Jan 2010
    Posts
    48
    I installed csf successfully and DA recgonized this plugin.

    Then I try to remove some of the default ports say ftp - 20,21

    and run csf -s

    However, suppose I cannot access to ftp but it is not. Should I missed something else ?

    update: It turns out that my ip will automatically add to the csf whitelist file.
    Last edited by adrianmak; 02-01-2010 at 09:31 PM.

  16. #116
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,641
    yes, on install the ip you using in that moment is automatic on whitelist for security, if everything is ok you should just remove it from whitelist if you want (and if you useing a dynamic ip)
    SeLLeRoNe - Andrea Iannucci
    DevOps Engineer - System Administrator
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  17. #117
    Join Date
    Dec 2005
    Location
    Singapore
    Posts
    146
    Is there a way we can export ALL the setting of CSF so i can have same setting for 3 servers.

    This can also work as a backup of the settings

  18. #118
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,641
    the conf files and messages files are in /etc/csf/ so, prolly you should just copy those files to the other server where csf is installed and restart csf (check the permission/owner of files beore restart csf)
    SeLLeRoNe - Andrea Iannucci
    DevOps Engineer - System Administrator
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  19. #119
    Join Date
    Feb 2007
    Posts
    486
    Hi,

    It show

    Undefined subroutine &Cpanel::Version::gettree called at /usr/sbin/csf line 168.
    When i run it.

  20. #120
    Join Date
    Aug 2007
    Posts
    49
    Hello, I've succesfully installed CSF+LFD and it's working very well!

    I've a question: have it sense to install mod_security and/or mod_evasive with CSF+LFD?

    Thanks.

Page 6 of 12 FirstFirst ... 45678 ... LastLast

Similar Threads

  1. Does configserver firewall block IP's for failed DA logins?
    By divinelighting in forum General Technical Discussion & Troubleshooting
    Replies: 6
    Last Post: 10-19-2012, 07:10 AM
  2. ConfigServer Security & Firewall - csf v5.15
    By asishlla in forum CentOS
    Replies: 2
    Last Post: 09-29-2011, 06:15 AM
  3. ConfigServer Scripts DA plugin
    By Husar in forum General Technical Discussion & Troubleshooting
    Replies: 4
    Last Post: 08-24-2011, 02:44 AM
  4. Panel not working after installing configserver firewall
    By hostingsolution in forum General Technical Discussion & Troubleshooting
    Replies: 13
    Last Post: 05-23-2011, 08:59 PM
  5. ConfigServer Plugin Question/Help
    By brendanb in forum General Technical Discussion & Troubleshooting
    Replies: 1
    Last Post: 08-05-2009, 11:32 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •