[PLUGIN] ConfigServer Security & Firewall

chirpy

Verified User
Joined
Feb 14, 2009
Messages
10
I've just released v4.50 of csf which now installs a UI plugin for DiractAdmin admin users.

It is included, free of charge, and is automatically installed when you install/upgrade to v4.50 of csf on a DirectAdmin server.

If you come across any difficulties with the plugin then please feel free to post on our support forums.

For more information, please visit http://www.configserver.com/cp/csf.html
 

chirpy

Verified User
Joined
Feb 14, 2009
Messages
10
If anyone tries it out and does find out any problems or has suggestions regarding the DA environment, please do post them in our csf suggestions forum.

I'm new to DirectAdmin (thank you to DA for their help) and I hope the plugin does work as expected, but am happy to hear from people about their experiences with it.
 

PRB

Verified User
Joined
Oct 18, 2008
Messages
162

Henrik

Verified User
Joined
Mar 14, 2008
Messages
121
I issued csf -u and then also restarted direct admin, but I still don't see anything inside the direct admin web ui.
 

PRB

Verified User
Joined
Oct 18, 2008
Messages
162
I also ran csf -u on one of my servers, restarted DA en no changes at all.
 

TonyTran

Verified User
Joined
Feb 16, 2009
Messages
12
Thanks, that's great.

I have some problem and need to fix. When i use "Server security check", i get some warning:

Code:
[B]Check /tmp is mounted as a filesystem[/B]
/tmp should be mounted as a separate filesystem. Consider using /scripts/securetmp
Code:
[B]Check /var/tmp is mounted as a filesystem[/B]
/var/tmp should either be symlinked to /tmp or mounted as a filesystem

What do I need to do to fix these?
Thanks
 
Last edited:

TonyTran

Verified User
Joined
Feb 16, 2009
Messages
12
Thanks, I have fix it by Google ^^
I think it may helpful with you:

Step 1: Securing /tmp
Step 1.1: Backup your fstab file

cp /etc/fstab /etc/fstab.bak

Step 1.2: Creating tmpmnt partition file (Around 1Gb in size)

cd /var
dd if=/dev/zero of=tmpMnt bs=1024 count=1048576

Step 1.3: Format the new partition

mkfs.ext3 -j /var/tmpMnt

Press Y when asked
Step 1.4: Making backup of old /tmp

cp -Rp /tmp /tmp_backup

Step 1.5: Mount the tmp filesystem

mount -o loop,noexec,nosuid,rw /var/tmpMnt /tmp

Step 1.6: Set the right permissions

chmod 0777 /tmp

Step 1.7: Copy the files back to new tmp folder

cp -Rp /tmp_backup/* /tmp/

Step 1.8: Adding new /tmp filesystem to fstab

echo "/var/tmpMnt /tmp ext3 loop,rw,noexec,nosuid,nodev 0 0" >> /etc/fstab

Step 2: No need for 2 tmp filesystems, so we symlink /var/tmp to /tmp

rm -rf /var/tmp/
ln -s /tmp/ /var/tmp
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,340
Location
LT, EU
It would be great to have 35000:35999 added by default (Passive FTP) and outgoing 2222 for DA Multi-Server.
 
Last edited:

chirpy

Verified User
Joined
Feb 14, 2009
Messages
10
It would be great to have 35000:35999 added by default (Passive FTP) and outgoing 2222 for DA Multi-Server.
A passive port hole is only needed for kernels with broken connection tracking (e.g. Virtuosso VPS, or some custom built kernels). Kernels from the OS vendor should not need any holes created for PASV.

I'll add 2222 to TCP_OUT to the DA installation.
 
Top