ConfigServer Firewall on KeyHelp - is this of interest?
ConfigServer Firewall on KeyHelp - is this of interest?
Hello all,
I was thinking of posting a guide for ConfigServer Firewall (CSF) on KeyHelp - it will be big. I noticed that Fail2ban is much loved in the KeyHelp community, but I could find very little on CSF in the forum. If there is interest here, I will post a guide, as I managed to get it working pretty good. My intention is to document, contribute, improve security awareness, and to present ideas for KeyHelp administrators.
CSF works on KeyHelp
Having previously used and loved CSF, I just had to give it a run on KeyHelp. After a bit of experimentation, all the good features of CSF were running on the server, in sweet harmony with KeyHelp.
CSF UI
CSF Ports Listening
Why?
I guess that most people here would ask: "Why use CSF, we have Fail2ban!?"
My first time experience with Fail2ban has been while using KeyHelp. ON by default, I did use it, then configure jails and regex in filters. Fail2ban does a good job.
BUT, CSF can do the same job, plus a whole lot more!
Check the features: https://configserver.com/cp/csf.html
CSF Blocks more offenders
There are far more blocking triggers available with CSF, so more spammers and exploits can be blocked by the firewall. The more of these that get blocked, the less load there is on the server, which in turn leads to better performance. It is far more efficient to just DROP the connection, than to go through all the processing. It is better in terms of security too, as offenders get less opportunities for exploits. As an added bonus, now my mail.log stays pretty clean, mostly consisting of legitimate emails and connections.
CSF Watch Logs
Fail2ban with CSF
I initially ran Fail2ban WITH CSF, which was ok, but there were enough quirks to bother me. So I decided to shift all functionality to CSF. With appropriate configuration, and by using custom regex, I was able to do it. I could then disable Fail2ban, which was no longer needed.
CSF UI on Keyhelp
Some web control panels have their own integrated UI for CSF, but not KeyHelp (yet). On KeyHelp, CSF can be configured by command line - OR - there is a generic UI that can be activated - and it works pretty good, including a TLS1.3 secured connection using the host's ssl certificate!
CSF Functionality
In brief, this is some of the functionality achieved:
- CSF installed and configured for high security.
- CSF UI configured and working 99%.
- All required ports (and custom ports) for services working, including FTPS.
- Login Failure blocking and alerts for:
--- SSH, FTP, SMTP-AUTH, SASL, POP, IMAP
--- APACHE_HTPASSWD, APACHE_403, APACHE_404, APACHE_401
--- KEYHELP-HOST-AUTH, PHPMYADMIN-AUTH, and WEBMAIL-AUTH with Rainloop!
### Some of these were done with custom regex, and they all work. The KEYHELP-HOST-AUTH I have questions about, but it seems to work ok.
Details and much more to be covered in the guide. All questions are welcome.
What do you think, is this of interest?
I was thinking of posting a guide for ConfigServer Firewall (CSF) on KeyHelp - it will be big. I noticed that Fail2ban is much loved in the KeyHelp community, but I could find very little on CSF in the forum. If there is interest here, I will post a guide, as I managed to get it working pretty good. My intention is to document, contribute, improve security awareness, and to present ideas for KeyHelp administrators.
CSF works on KeyHelp
Having previously used and loved CSF, I just had to give it a run on KeyHelp. After a bit of experimentation, all the good features of CSF were running on the server, in sweet harmony with KeyHelp.
CSF UI
CSF Ports Listening
Why?
I guess that most people here would ask: "Why use CSF, we have Fail2ban!?"
My first time experience with Fail2ban has been while using KeyHelp. ON by default, I did use it, then configure jails and regex in filters. Fail2ban does a good job.
BUT, CSF can do the same job, plus a whole lot more!
Check the features: https://configserver.com/cp/csf.html
CSF Blocks more offenders
There are far more blocking triggers available with CSF, so more spammers and exploits can be blocked by the firewall. The more of these that get blocked, the less load there is on the server, which in turn leads to better performance. It is far more efficient to just DROP the connection, than to go through all the processing. It is better in terms of security too, as offenders get less opportunities for exploits. As an added bonus, now my mail.log stays pretty clean, mostly consisting of legitimate emails and connections.
CSF Watch Logs
Fail2ban with CSF
I initially ran Fail2ban WITH CSF, which was ok, but there were enough quirks to bother me. So I decided to shift all functionality to CSF. With appropriate configuration, and by using custom regex, I was able to do it. I could then disable Fail2ban, which was no longer needed.
CSF UI on Keyhelp
Some web control panels have their own integrated UI for CSF, but not KeyHelp (yet). On KeyHelp, CSF can be configured by command line - OR - there is a generic UI that can be activated - and it works pretty good, including a TLS1.3 secured connection using the host's ssl certificate!
CSF Functionality
In brief, this is some of the functionality achieved:
- CSF installed and configured for high security.
- CSF UI configured and working 99%.
- All required ports (and custom ports) for services working, including FTPS.
- Login Failure blocking and alerts for:
--- SSH, FTP, SMTP-AUTH, SASL, POP, IMAP
--- APACHE_HTPASSWD, APACHE_403, APACHE_404, APACHE_401
--- KEYHELP-HOST-AUTH, PHPMYADMIN-AUTH, and WEBMAIL-AUTH with Rainloop!
### Some of these were done with custom regex, and they all work. The KEYHELP-HOST-AUTH I have questions about, but it seems to work ok.
Details and much more to be covered in the guide. All questions are welcome.
What do you think, is this of interest?
Re: ConfigServer Firewall on KeyHelp - is this of interest?
Sure! Thank you very much in advance!
Gruß
Jan
This message has been ROT-13 encrypted twice for higher security.
Re: ConfigServer Firewall on KeyHelp - is this of interest?
Hi Jan, thanks for your interest. I will pull my notes together, and post it here in the next day or so...
Re: ConfigServer Firewall on KeyHelp - is this of interest?
Just take your time - my to-do list is quite long, so it will take some weeks until I can focus on that subject...
Cheers,
Jan
P.S.: Sorry for writing "Gruß" in the last posting - I'm mostly active in German forums, and writing it happens almost automatically.
Cheers,
Jan
P.S.: Sorry for writing "Gruß" in the last posting - I'm mostly active in German forums, and writing it happens almost automatically.
This message has been ROT-13 encrypted twice for higher security.
Re: ConfigServer Firewall on KeyHelp - is this of interest?
Good idea, I won't rush it then, but will definitely post it soon as it remains fresh in my mind!
I thought of posting in Bastelecke / Modification Corner too, for the native German speakers, but don't want to have 2 posts with different discussion. I am happy to post and reply German (using translator), so I am open to all.
I love Linux security, and it is a pleasure to share ideas on the topic.
PS: I like the "Gruß", I was thinking of using it myself!
I thought of posting in Bastelecke / Modification Corner too, for the native German speakers, but don't want to have 2 posts with different discussion. I am happy to post and reply German (using translator), so I am open to all.
I love Linux security, and it is a pleasure to share ideas on the topic.
PS: I like the "Gruß", I was thinking of using it myself!
Re: ConfigServer Firewall on KeyHelp - is this of interest?
For me, the English version would be sufficient, but I hope that more interested people will show up here after the weekend, and they might have different preferences.
Cheers,
Jan
This message has been ROT-13 encrypted twice for higher security.
Re: ConfigServer Firewall on KeyHelp - is this of interest?
What is the status of this CSF integration manual ?
I would like to install this with GUI in Keyhelp panel , i didn't really like Fail2Ban
Thanks
I would like to install this with GUI in Keyhelp panel , i didn't really like Fail2Ban
Thanks
Re: ConfigServer Firewall on KeyHelp - is this of interest?
Hello, I was waiting to see if there is more interest. It is not written yet, but since you ask, I will try and post it in the next few days.
The time elapsed since I posted this, allowed me to polish up regex (and my logic) so it all worked better.
You may notice that I encountered an interesting situation here:
viewtopic.php?f=9&t=9171
This pushed me to create a CustomLog that contains reliable IP address entries (%a), instead of host (%h) which may be spoofed.
I must say, its been fun. In the process, I have blocked access for valid users, search engines, and even myself on many occasions. Needless to say I have learnt a lot more since then.
For now, it may be helpful for you to read the CSF readme.txt to get an idea of all the features, and precautions.
Guide coming soon...
The time elapsed since I posted this, allowed me to polish up regex (and my logic) so it all worked better.
You may notice that I encountered an interesting situation here:
viewtopic.php?f=9&t=9171
This pushed me to create a CustomLog that contains reliable IP address entries (%a), instead of host (%h) which may be spoofed.
I must say, its been fun. In the process, I have blocked access for valid users, search engines, and even myself on many occasions. Needless to say I have learnt a lot more since then.
For now, it may be helpful for you to read the CSF readme.txt to get an idea of all the features, and precautions.
Guide coming soon...
Re: ConfigServer Firewall on KeyHelp - is this of interest?
I am posting it in 3 parts:
1. Overview
2. Install & Configure
3. Security Admin
Currently doing Part 3, so almost done...
1. Overview
2. Install & Configure
3. Security Admin
Currently doing Part 3, so almost done...
Re: ConfigServer Firewall on KeyHelp - is this of interest?
Great, I'm looking forward to it!
Cheers,
Jan
Cheers,
Jan
This message has been ROT-13 encrypted twice for higher security.
Re: ConfigServer Firewall on KeyHelp - is this of interest?
Enjoy all!
I finally got it out...
PART 1: OVERVIEW
PART 2: INSTALL & CONFIGURE
PART 3: SECURITY ADMIN
PART 4: SECURITY EXTRAS
I finally got it out...
PART 1: OVERVIEW
PART 2: INSTALL & CONFIGURE
PART 3: SECURITY ADMIN
PART 4: SECURITY EXTRAS
Re: ConfigServer Firewall on KeyHelp - is this of interest?
thanks for sharing george!
Wer meint, Kompetenz sei teuer, möge es einmal mit Inkompetenz versuchen. Zitat: Bernd W. Klöckner.
Re: ConfigServer Firewall on KeyHelp - is this of interest?
You're welcome.