Einen Überblick über das Administrationstool KeyHelp der Keyweb AG und dessen Download gibt es auf https://www.keyhelp.de

Dieses Forum soll es interessierten Benutzern ermöglichen, sich über KeyHelp auszutauschen und Hilfe bei Problemen zu finden.

ConfigServer Firewall on KeyHelp - is this of interest?

Gerneral discussion and questions about KeyHelp
Antworten
Benutzeravatar
george
Beiträge: 15
Registriert: Fr 3. Jan 2020, 05:53
Wohnort: Byron Bay, AUSTRALIA

ConfigServer Firewall on KeyHelp - is this of interest?

Beitrag von george » Fr 14. Feb 2020, 15:19

Hello all,
I was thinking of posting a guide for ConfigServer Firewall (CSF) on KeyHelp - it will be big. I noticed that Fail2ban is much loved in the KeyHelp community, but I could find very little on CSF in the forum. If there is interest here, I will post a guide, as I managed to get it working pretty good. My intention is to document, contribute, improve security awareness, and to present ideas for KeyHelp administrators.

CSF works on KeyHelp
Having previously used and loved CSF, I just had to give it a run on KeyHelp. After a bit of experimentation, all the good features of CSF were running on the server, in sweet harmony with KeyHelp.

CSF UI
Bild

CSF Ports Listening
Bild

Why?
I guess that most people here would ask: "Why use CSF, we have Fail2ban!?"

My first time experience with Fail2ban has been while using KeyHelp. ON by default, I did use it, then configure jails and regex in filters. Fail2ban does a good job.
BUT, CSF can do the same job, plus a whole lot more!
Check the features: https://configserver.com/cp/csf.html

CSF Blocks more offenders
There are far more blocking triggers available with CSF, so more spammers and exploits can be blocked by the firewall. The more of these that get blocked, the less load there is on the server, which in turn leads to better performance. It is far more efficient to just DROP the connection, than to go through all the processing. It is better in terms of security too, as offenders get less opportunities for exploits. As an added bonus, now my mail.log stays pretty clean, mostly consisting of legitimate emails and connections.

CSF Watch Logs
Bild

Fail2ban with CSF
I initially ran Fail2ban WITH CSF, which was ok, but there were enough quirks to bother me. So I decided to shift all functionality to CSF. With appropriate configuration, and by using custom regex, I was able to do it. I could then disable Fail2ban, which was no longer needed.

CSF UI on Keyhelp
Some web control panels have their own integrated UI for CSF, but not KeyHelp (yet). On KeyHelp, CSF can be configured by command line - OR - there is a generic UI that can be activated - and it works pretty good, including a TLS1.3 secured connection using the host's ssl certificate!

CSF Functionality
In brief, this is some of the functionality achieved:

- CSF installed and configured for high security.
- CSF UI configured and working 99%.
- All required ports (and custom ports) for services working, including FTPS.
- Login Failure blocking and alerts for:
--- SSH, FTP, SMTP-AUTH, SASL, POP, IMAP
--- APACHE_HTPASSWD, APACHE_403, APACHE_404, APACHE_401
--- KEYHELP-HOST-AUTH, PHPMYADMIN-AUTH, and WEBMAIL-AUTH with Rainloop!
### Some of these were done with custom regex, and they all work. The KEYHELP-HOST-AUTH I have questions about, but it seems to work ok.

Details and much more to be covered in the guide. All questions are welcome.

What do you think, is this of interest?
Benutzeravatar
Enigma
Beiträge: 204
Registriert: Do 2. Aug 2018, 19:18

Re: ConfigServer Firewall on KeyHelp - is this of interest?

Beitrag von Enigma » Sa 15. Feb 2020, 15:52

george hat geschrieben:
Fr 14. Feb 2020, 15:19
What do you think, is this of interest?

Sure! :D Thank you very much in advance!

Gruß
Jan
This message has been ROT-13 encrypted twice for higher security.
Benutzeravatar
george
Beiträge: 15
Registriert: Fr 3. Jan 2020, 05:53
Wohnort: Byron Bay, AUSTRALIA

Re: ConfigServer Firewall on KeyHelp - is this of interest?

Beitrag von george » Sa 15. Feb 2020, 22:46

Hi Jan, thanks for your interest. I will pull my notes together, and post it here in the next day or so...
Benutzeravatar
Enigma
Beiträge: 204
Registriert: Do 2. Aug 2018, 19:18

Re: ConfigServer Firewall on KeyHelp - is this of interest?

Beitrag von Enigma » Sa 15. Feb 2020, 23:17

Just take your time - my to-do list is quite long, so it will take some weeks until I can focus on that subject...

Cheers,
Jan


P.S.: Sorry for writing "Gruß" in the last posting - I'm mostly active in German forums, and writing it happens almost automatically. ;)
This message has been ROT-13 encrypted twice for higher security.
Benutzeravatar
george
Beiträge: 15
Registriert: Fr 3. Jan 2020, 05:53
Wohnort: Byron Bay, AUSTRALIA

Re: ConfigServer Firewall on KeyHelp - is this of interest?

Beitrag von george » So 16. Feb 2020, 00:30

Good idea, I won't rush it then, but will definitely post it soon as it remains fresh in my mind! ;)

I thought of posting in Bastelecke / Modification Corner too, for the native German speakers, but don't want to have 2 posts with different discussion. I am happy to post and reply German (using translator), so I am open to all.

I love Linux security, and it is a pleasure to share ideas on the topic.

PS: I like the "Gruß", I was thinking of using it myself! :D
Benutzeravatar
Enigma
Beiträge: 204
Registriert: Do 2. Aug 2018, 19:18

Re: ConfigServer Firewall on KeyHelp - is this of interest?

Beitrag von Enigma » So 16. Feb 2020, 01:06

george hat geschrieben:
So 16. Feb 2020, 00:30
I thought of posting in Bastelecke / Modification Corner too, for the native German speakers, but don't want to have 2 posts with different discussion. I am happy to post and reply German (using translator), so I am open to all.

For me, the English version would be sufficient, but I hope that more interested people will show up here after the weekend, and they might have different preferences.

george hat geschrieben:
So 16. Feb 2020, 00:30
PS: I like the "Gruß", I was thinking of using it myself! :D

:lol:

Cheers,
Jan
This message has been ROT-13 encrypted twice for higher security.
Antworten

Wer ist online?

Mitglieder in diesem Forum: 0 Mitglieder und 1 Gast