ConfigServer Firewall on KeyHelp - is this of interest?

Locked
User avatar
george
Posts: 87
Joined: Fri 3. Jan 2020, 05:53
Location: AUSTRALIA

ConfigServer Firewall on KeyHelp - is this of interest?

Post by george »

Hello all,
I was thinking of posting a guide for ConfigServer Firewall (CSF) on KeyHelp - it will be big. I noticed that Fail2ban is much loved in the KeyHelp community, but I could find very little on CSF in the forum. If there is interest here, I will post a guide, as I managed to get it working pretty good. My intention is to document, contribute, improve security awareness, and to present ideas for KeyHelp administrators.

CSF works on KeyHelp
Having previously used and loved CSF, I just had to give it a run on KeyHelp. After a bit of experimentation, all the good features of CSF were running on the server, in sweet harmony with KeyHelp.

CSF UI
Image

CSF Ports Listening
Image

Why?
I guess that most people here would ask: "Why use CSF, we have Fail2ban!?"

My first time experience with Fail2ban has been while using KeyHelp. ON by default, I did use it, then configure jails and regex in filters. Fail2ban does a good job.
BUT, CSF can do the same job, plus a whole lot more!
Check the features: https://configserver.com/cp/csf.html

CSF Blocks more offenders
There are far more blocking triggers available with CSF, so more spammers and exploits can be blocked by the firewall. The more of these that get blocked, the less load there is on the server, which in turn leads to better performance. It is far more efficient to just DROP the connection, than to go through all the processing. It is better in terms of security too, as offenders get less opportunities for exploits. As an added bonus, now my mail.log stays pretty clean, mostly consisting of legitimate emails and connections.

CSF Watch Logs
Image

Fail2ban with CSF
I initially ran Fail2ban WITH CSF, which was ok, but there were enough quirks to bother me. So I decided to shift all functionality to CSF. With appropriate configuration, and by using custom regex, I was able to do it. I could then disable Fail2ban, which was no longer needed.

CSF UI on Keyhelp
Some web control panels have their own integrated UI for CSF, but not KeyHelp (yet). On KeyHelp, CSF can be configured by command line - OR - there is a generic UI that can be activated - and it works pretty good, including a TLS1.3 secured connection using the host's ssl certificate!

CSF Functionality
In brief, this is some of the functionality achieved:

- CSF installed and configured for high security.
- CSF UI configured and working 99%.
- All required ports (and custom ports) for services working, including FTPS.
- Login Failure blocking and alerts for:
--- SSH, FTP, SMTP-AUTH, SASL, POP, IMAP
--- APACHE_HTPASSWD, APACHE_403, APACHE_404, APACHE_401
--- KEYHELP-HOST-AUTH, PHPMYADMIN-AUTH, and WEBMAIL-AUTH with Rainloop!
### Some of these were done with custom regex, and they all work. The KEYHELP-HOST-AUTH I have questions about, but it seems to work ok.

Details and much more to be covered in the guide. All questions are welcome.

What do you think, is this of interest?
User avatar
Enigma
Posts: 258
Joined: Thu 2. Aug 2018, 19:18

Re: ConfigServer Firewall on KeyHelp - is this of interest?

Post by Enigma »

george wrote: Fri 14. Feb 2020, 15:19 What do you think, is this of interest?

Sure! :D Thank you very much in advance!

Gruß
Jan
This message has been ROT-13 encrypted twice for higher security.
User avatar
george
Posts: 87
Joined: Fri 3. Jan 2020, 05:53
Location: AUSTRALIA

Re: ConfigServer Firewall on KeyHelp - is this of interest?

Post by george »

Hi Jan, thanks for your interest. I will pull my notes together, and post it here in the next day or so...
User avatar
Enigma
Posts: 258
Joined: Thu 2. Aug 2018, 19:18

Re: ConfigServer Firewall on KeyHelp - is this of interest?

Post by Enigma »

Just take your time - my to-do list is quite long, so it will take some weeks until I can focus on that subject...

Cheers,
Jan


P.S.: Sorry for writing "Gruß" in the last posting - I'm mostly active in German forums, and writing it happens almost automatically. ;)
This message has been ROT-13 encrypted twice for higher security.
User avatar
george
Posts: 87
Joined: Fri 3. Jan 2020, 05:53
Location: AUSTRALIA

Re: ConfigServer Firewall on KeyHelp - is this of interest?

Post by george »

Good idea, I won't rush it then, but will definitely post it soon as it remains fresh in my mind! ;)

I thought of posting in Bastelecke / Modification Corner too, for the native German speakers, but don't want to have 2 posts with different discussion. I am happy to post and reply German (using translator), so I am open to all.

I love Linux security, and it is a pleasure to share ideas on the topic.

PS: I like the "Gruß", I was thinking of using it myself! :D
User avatar
Enigma
Posts: 258
Joined: Thu 2. Aug 2018, 19:18

Re: ConfigServer Firewall on KeyHelp - is this of interest?

Post by Enigma »

george wrote: Sun 16. Feb 2020, 00:30 I thought of posting in Bastelecke / Modification Corner too, for the native German speakers, but don't want to have 2 posts with different discussion. I am happy to post and reply German (using translator), so I am open to all.

For me, the English version would be sufficient, but I hope that more interested people will show up here after the weekend, and they might have different preferences.

george wrote: Sun 16. Feb 2020, 00:30 PS: I like the "Gruß", I was thinking of using it myself! :D

:lol:

Cheers,
Jan
This message has been ROT-13 encrypted twice for higher security.
User avatar
Active8
Posts: 2
Joined: Thu 5. Mar 2020, 20:53

Re: ConfigServer Firewall on KeyHelp - is this of interest?

Post by Active8 »

What is the status of this CSF integration manual ?
I would like to install this with GUI in Keyhelp panel , i didn't really like Fail2Ban

Thanks
User avatar
george
Posts: 87
Joined: Fri 3. Jan 2020, 05:53
Location: AUSTRALIA

Re: ConfigServer Firewall on KeyHelp - is this of interest?

Post by george »

Hello, I was waiting to see if there is more interest. It is not written yet, but since you ask, I will try and post it in the next few days.

The time elapsed since I posted this, allowed me to polish up regex (and my logic) so it all worked better.

You may notice that I encountered an interesting situation here:
viewtopic.php?f=9&t=9171

This pushed me to create a CustomLog that contains reliable IP address entries (%a), instead of host (%h) which may be spoofed.

I must say, its been fun. In the process, I have blocked access for valid users, search engines, and even myself on many occasions. Needless to say I have learnt a lot more since then.

For now, it may be helpful for you to read the CSF readme.txt to get an idea of all the features, and precautions.

Guide coming soon...
User avatar
george
Posts: 87
Joined: Fri 3. Jan 2020, 05:53
Location: AUSTRALIA

Re: ConfigServer Firewall on KeyHelp - is this of interest?

Post by george »

I am posting it in 3 parts:

1. Overview
2. Install & Configure
3. Security Admin

Currently doing Part 3, so almost done...
User avatar
Enigma
Posts: 258
Joined: Thu 2. Aug 2018, 19:18

Re: ConfigServer Firewall on KeyHelp - is this of interest?

Post by Enigma »

Great, I'm looking forward to it! :)

Cheers,
Jan
This message has been ROT-13 encrypted twice for higher security.
User avatar
george
Posts: 87
Joined: Fri 3. Jan 2020, 05:53
Location: AUSTRALIA

Re: ConfigServer Firewall on KeyHelp - is this of interest?

Post by george »

Enjoy all!

I finally got it out...

PART 1: OVERVIEW
PART 2: INSTALL & CONFIGURE
PART 3: SECURITY ADMIN
PART 4: SECURITY EXTRAS
User avatar
stfn116
Posts: 306
Joined: Wed 9. Jan 2019, 11:43
Location: Bavaria

Re: ConfigServer Firewall on KeyHelp - is this of interest?

Post by stfn116 »

thanks for sharing george!
:D Wer meint, Kompetenz sei teuer, möge es einmal mit Inkompetenz versuchen. Zitat: Bernd W. Klöckner. :lol:
User avatar
george
Posts: 87
Joined: Fri 3. Jan 2020, 05:53
Location: AUSTRALIA

Re: ConfigServer Firewall on KeyHelp - is this of interest?

Post by george »

You're welcome.
Locked