Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2017-11-07, 20:36:40

Author Topic: Kloxo-mr + CSF (II)  (Read 3197 times)

0 Members and 1 Guest are viewing this topic.

Offline ibuxxi

  • Senior Member
  • *
  • Posts: 320
  • Karma: +0/-0
    • View Profile
Kloxo-mr + CSF (II)
« on: 2013-03-09, 20:27:57 »
Hello

      
I have installed now csf

anybody have  some tips for the csf.conf on kloxo-mr

open ports / Global Lists/DYNDNS/Blacklists


thanks
« Last Edit: 1970-01-01, 01:00:00 by Guest »
KVM VPS | Centos 6.8 (32) 2GB | Kloxo-MR 7.0.0.b-2016* | hiawatha | php56 | php-fpm-event | mariadb

Offline ibuxxi

  • Senior Member
  • *
  • Posts: 320
  • Karma: +0/-0
    • View Profile
Re: Kloxo-mr + CSF (II)
« Reply #1 on: 2013-03-10, 16:22:34 »
i have mane emails from csf

how can i fix

Code: [Select]
Time:         Sun Mar 10 03:19:16 2013 -0800
Account:      qmaill
Resource:     Process Time
Exceeded:     1802 > 1800 (seconds)
Executable:   /usr/bin/multilog
Command Line: /usr/bin/multilog t s1000000 n100 /var/log/qmail/smtp
PID:          1450 (Parent PID:1436)
Killed:       No

#########


Code: [Select]
Executable:

/usr/sbin/php-fpm


Command Line (often faked in exploits):

php-fpm: pool xxxxx


Network connections by the process (if any):

tcp: 127.0.0.1:57798 -> 0.0.0.0:0


Files open by the process (if any):

/tmp/.xcache.0.1799.1.lock (deleted)
/tmp/.xcache.0.1799.2.lock (deleted)
/tmp/.xcache.0.1799.3.lock (deleted)
« Last Edit: 1970-01-01, 01:00:00 by Guest »
KVM VPS | Centos 6.8 (32) 2GB | Kloxo-MR 7.0.0.b-2016* | hiawatha | php56 | php-fpm-event | mariadb

Offline WISTFUL

  • Senior Member
  • *
  • Posts: 246
  • Karma: +0/-0
    • View Profile
Re: Kloxo-mr + CSF (II)
« Reply #2 on: 2013-03-13, 22:31:37 »
edit /etc/csf/csf.pignore and add below lines on it:
Code: [Select]
	user:lxlabs
user:clamav
user:mysql
user:nginx
user:apache
user:qmaill
user:qmailr
user:qmailq
user:qmails
user:vpopmail
user:haldaemon
user:admin
- (Also add all Clients Name as "user:[Client Name]")
Then try below:
Code: [Select]
# service csf restart
# service lfd restart
« Last Edit: 1970-01-01, 01:00:00 by Guest »
.

Offline ibuxxi

  • Senior Member
  • *
  • Posts: 320
  • Karma: +0/-0
    • View Profile
Re: Kloxo-mr + CSF (II)
« Reply #3 on: 2013-03-14, 13:05:35 »
i have set
exe:

or is better
user:
« Last Edit: 1970-01-01, 01:00:00 by Guest »
KVM VPS | Centos 6.8 (32) 2GB | Kloxo-MR 7.0.0.b-2016* | hiawatha | php56 | php-fpm-event | mariadb

Offline ibuxxi

  • Senior Member
  • *
  • Posts: 320
  • Karma: +0/-0
    • View Profile
Re: Kloxo-mr + CSF (II)
« Reply #4 on: 2013-03-14, 22:55:14 »
hi i have many ldf messages from csf

is this normal?
Code: [Select]
Time:    Thu Mar 14 07:05:22 2013 -0700
PID:     14966 (Parent PID:2798)
Account: vpopmail
Uptime:  75 seconds


Executable:

/var/qmail/bin/qmail-smtpd


Command Line (often faked in exploits):

/var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true


Network connections by the process (if any):

tcp: x.x.x.x:25 -> 173.12.152.114:2065
tcp: x.x.x.x:25 -> 173.12.152.114:2065


Files open by the process (if any):

/var/qmail/control/morercpthosts.cdb
/var/qmail/control/badmimetypes.cdb
/var/qmail/control/badloadertypes.cdb
« Last Edit: 1970-01-01, 01:00:00 by Guest »
KVM VPS | Centos 6.8 (32) 2GB | Kloxo-MR 7.0.0.b-2016* | hiawatha | php56 | php-fpm-event | mariadb

Offline WISTFUL

  • Senior Member
  • *
  • Posts: 246
  • Karma: +0/-0
    • View Profile
Re: Kloxo-mr + CSF (II)
« Reply #5 on: 2013-03-15, 08:51:29 »
Hello,
Do you add above lines on your csf.pignore?
If you add user:vpopmail and restart lfd will not get above alert...
« Last Edit: 1970-01-01, 01:00:00 by Guest »
.

Offline vinceent

  • Valuable Member
  • *
  • Posts: 117
  • Karma: +0/-0
    • View Profile
Re: Kloxo-mr + CSF (II)
« Reply #6 on: 2013-03-24, 03:43:42 »
Hello
I have installed kloxo-mr + webmin+csf and worked perfectly

I have installed csf module in webmin and settings csf.
« Last Edit: 1970-01-01, 01:00:00 by Guest »

Offline chrisf

  • Senior Master
  • **
  • Posts: 883
  • Karma: +11/-1
  • Gender: Male
  • Be the change that you wish to see in the world.
    • View Profile
    • Conviction's Hosting
Re: Kloxo-mr + CSF (II)
« Reply #7 on: 2013-07-09, 21:25:24 »
@WISTFUL - NEVER NEVER do what you suggested by ignoring users - that command is very dangerous and stops csf from watching those users for any exploits.

exe and pexe should be used.  secondly cmd and pcmd.

Example:  to stop getting php-fpm alerts for the pool, add this to csf.pignore
pcmd:php-fpm: pool.*

For most qmail alerts:
pexe:/var/qmail/bin/qmail-.*

Also I would raise the memory limit for alerts to 300, even 350 on heavy systems.  If you are running a media server or something just add an exclusion to the alert in csf.pignore through the exe: directive.

csf is VERY good firewall, but you have to take time to work through the false positives.

I have other exclusions on kloxo-mr install, but can't remember them all.  I know mysql was one and the kloxo.httpd was another - but as you get alerts add them to csf.pignore :)

Always issue this after changes:
csf -r;service lfd restart

All good :)  Regards
« Last Edit: 1970-01-01, 01:00:00 by Guest »
Christopher

Knowledge in: PHP, Perl, MySQL, Javascript, Actionscript, FLASH, HTML, CSS
Server Administrator / Developer: https://convictionshosting.com

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,381
  • Karma: +112/-9
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Kloxo-mr + CSF (II)
« Reply #8 on: 2013-07-10, 02:52:36 »
What's a problem when not using firewall (CSF or iptables)?.
« Last Edit: 1970-01-01, 01:00:00 by Guest »
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline chrisf

  • Senior Master
  • **
  • Posts: 883
  • Karma: +11/-1
  • Gender: Male
  • Be the change that you wish to see in the world.
    • View Profile
    • Conviction's Hosting
Re: Kloxo-mr + CSF (II)
« Reply #9 on: 2013-07-10, 03:45:57 »
My post is concerning CSF.

User WISTFUL advised to use user: pignore config option to ignore all processes from all users on the server.  

Although this will stop the alerts, it will also stop your process protection.

There is no problem if you are not using CSF or if you use something else - I like CSF - it is very robust and very protective of your server.

If you use nginx as your webserver CSF will do what mod_evasive did for apache.  Plus so much more.

I use directory protection and other CSF options that make me sleep easy :)
« Last Edit: 1970-01-01, 01:00:00 by Guest »
Christopher

Knowledge in: PHP, Perl, MySQL, Javascript, Actionscript, FLASH, HTML, CSS
Server Administrator / Developer: https://convictionshosting.com

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,381
  • Karma: +112/-9
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Kloxo-mr + CSF (II)
« Reply #10 on: 2013-07-10, 20:35:10 »
VPS for this forum without IPTables/CSF. My reason is nginx/nginx-proxy have protection mechanism. If someone try access more than 20 connections together, nginx will be 'protect'.

Also, Kloxo-MR will be 'band' an IP if login fail in certain times (say it 20x).

I think no reason to use IPTables/CSF for this VPS.
« Last Edit: 1970-01-01, 01:00:00 by Guest »
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline chrisf

  • Senior Master
  • **
  • Posts: 883
  • Karma: +11/-1
  • Gender: Male
  • Be the change that you wish to see in the world.
    • View Profile
    • Conviction's Hosting
Re: Kloxo-mr + CSF (II)
« Reply #11 on: 2013-07-11, 21:00:17 »
csf does much more than iptable blocking.  It watches resource use, process integrity, memory usage, load protection (alert if at load 30% longer than 5 sec - or whatever you set) port scan temporary ip blocking, syn flood protection, smtp pop3 protection, change file by md5 hash protection - configure to watch a dirctory for changes....

That is just part of it.  CSF is very robust... so much more than simple iptable firewall. :)

Plus, on any event it will send an email if you wish.  I have these sent to my sms gateway for my mobile phone.  This way if something is wrong with my server I know instantly. :)
« Last Edit: 1970-01-01, 01:00:00 by Guest »
Christopher

Knowledge in: PHP, Perl, MySQL, Javascript, Actionscript, FLASH, HTML, CSS
Server Administrator / Developer: https://convictionshosting.com

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,381
  • Karma: +112/-9
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: Kloxo-mr + CSF (II)
« Reply #12 on: 2013-07-11, 23:14:00 »
Kloxo-MR using rkhunter and you can see 'log manager' for what's 'crucial' files change with rkhunter log.

I still thinking no reason to use IPTables/CSF for this VPS, especially because this VPS not 'share-hosting' (say it 'private-hosting).
« Last Edit: 1970-01-01, 01:00:00 by Guest »
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline frogster

  • Junior Member
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: Kloxo-mr + CSF (II)
« Reply #13 on: 2013-07-12, 10:43:52 »
I would like to also say that CSF firewall on Admin level only would be a great asset. I use csf firewall with webmin minimal so if it can be instaled on kloxo then there maybe no need for me to install webmin minimal.

CSF has great advantages as it can protect a vps from outside attacks and spamers. So if you have a blog or a forum then it can be very useful also it can stop ddos attacks and others from snooping around your vps or dedi servers.

There are a multitude of other advantages of using a firewall like csf like saving on bandwidth that could be used by scrapers and other nasties.

Also if you are using kloxo as a 'shared' enviroment with friends and family then it is best to keep them safe.

Csf and a good well configured modsecurity (which would also be a uselful module in kloxo) sholud give for a good secure healthy server of vps.

Thats just my few pennys worth ;)
« Last Edit: 1970-01-01, 01:00:00 by Guest »
Be Seen to Be GREEN

 


Top 10 Social Networking:    Facebook    Twitter    LinkedIn    Pinterest    Google Plus    Tumblr    Instagram    VK    Flickr    Vine

Page created in 0.044 seconds with 17 queries.

web stats analysis
 
Mirror created by MasterkinG32.CoM