Kemampuan script ConfigServer Firewall ini diantaranya:
- Dapat cek otentikasi gagal login pada:
- Courier imap, Dovecot, uw-imap, Kerio
- openSSH
- cPanel, WHM, Webmail (hanya pada server cPanel)
- Pure-ftpd, vsftpd, Proftpd
- Password protected web pages (htpasswd)
- Mod_security failures (v1 and v2)
- Suhosin failures
- Exim SMTP AUTH
- Custom login failures with separate log file and regular expression matching
- Notifikasi login SSH
- Notifikasi login SU (Super User)
- Notifikasi WHM root login (hanya pada server cPanel)
- Integrasi User Interface (UI) untuk cPanel, DirectAdmin dan Webmin
- Exploit checks
- BOGON packet protection
- Port Scan tracking & blocking
- dan beberapa fungsi lainnya. Selengkapnya dapat dilihat pada halaman ini.
Berikut tutorial singkat install ConfigServer Firewall pada cPanel/WHM Server:
Command:
rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
[bash collapse="false"]
root@server5 [~]# rm -fv csf.tgz
root@server5 [~]#
[/bash]
[bash collapse="false"]
root@server5 [~]# wget http://www.configserver.com/free/csf.tgz
--2012-05-28 03:38:24-- http://www.configserver.com/free/csf.tgz
Resolving www.configserver.com... 85.13.195.235
Connecting to www.configserver.com|85.13.195.235|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 434432 (424K) [application/x-tar]
Saving to: âcsf.tgzâ
100%[======================================>] 434,432 91.8K/s in 4.6s
2012-05-28 03:38:30 (91.8 KB/s) - âcsf.tgzâ
root@server5 [~]#
[/bash]
[bash collapse="false"]
root@server5 [~]# tar -xzf csf.tgz
root@server5 [~]#
[/bash]
[bash collapse="false"]
root@server5 [~]# cd csf
root@server5 [~/csf]#
[/bash]
[bash]
root@server5 [~/csf]# sh install.sh
Configuring for OS
Running csf cPanel installer
Installing csf and lfd
Check we're running as root
Checking Perl modules...Using configuration defaults
ok
mkdir: created directory `/etc/csf'
mkdir: created directory `/etc/csf/zone'
mkdir: created directory `/etc/csf/stats'
mkdir: created directory `/etc/csf/lock'
`csf.conf' -> `/etc/csf/./csf.conf'
`csf.allow' -> `/etc/csf/./csf.allow'
`csf.deny' -> `/etc/csf/./csf.deny'
`csf.redirect' -> `/etc/csf/./csf.redirect'
`csf.resellers' -> `/etc/csf/./csf.resellers'
`reselleralert.txt' -> `/etc/csf/./reselleralert.txt'
`csf.dirwatch' -> `/etc/csf/./csf.dirwatch'
`csf.logfiles' -> `/etc/csf/./csf.logfiles'
`csf.logignore' -> `/etc/csf/./csf.logignore'
`logalert.txt' -> `/etc/csf/./logalert.txt'
`csf.ignore' -> `/etc/csf/./csf.ignore'
`csf.pignore' -> `/etc/csf/./csf.pignore'
`csf.rignore' -> `/etc/csf/./csf.rignore'
`csf.fignore' -> `/etc/csf/./csf.fignore'
`csf.signore' -> `/etc/csf/./csf.signore'
`csf.suignore' -> `/etc/csf/./csf.suignore'
`csf.mignore' -> `/etc/csf/./csf.mignore'
`csf.sips' -> `/etc/csf/./csf.sips'
`csf.dyndns' -> `/etc/csf/./csf.dyndns'
`alert.txt' -> `/etc/csf/./alert.txt'
`logfloodalert.txt' -> `/etc/csf/./logfloodalert.txt'
`integrityalert.txt' -> `/etc/csf/./integrityalert.txt'
`exploitalert.txt' -> `/etc/csf/./exploitalert.txt'
`queuealert.txt' -> `/etc/csf/./queuealert.txt'
`tracking.txt' -> `/etc/csf/./tracking.txt'
`connectiontracking.txt' -> `/etc/csf/./connectiontracking.txt'
`processtracking.txt' -> `/etc/csf/./processtracking.txt'
`accounttracking.txt' -> `/etc/csf/./accounttracking.txt'
`usertracking.txt' -> `/etc/csf/./usertracking.txt'
`sshalert.txt' -> `/etc/csf/./sshalert.txt'
`sualert.txt' -> `/etc/csf/./sualert.txt'
`consolealert.txt' -> `/etc/csf/./consolealert.txt'
`uialert.txt' -> `/etc/csf/./uialert.txt'
`cpanelalert.txt' -> `/etc/csf/./cpanelalert.txt'
`scriptalert.txt' -> `/etc/csf/./scriptalert.txt'
`relayalert.txt' -> `/etc/csf/./relayalert.txt'
`filealert.txt' -> `/etc/csf/./filealert.txt'
`watchalert.txt' -> `/etc/csf/./watchalert.txt'
`loadalert.txt' -> `/etc/csf/./loadalert.txt'
`resalert.txt' -> `/etc/csf/./resalert.txt'
`portscan.txt' -> `/etc/csf/./portscan.txt'
`permblock.txt' -> `/etc/csf/./permblock.txt'
`netblock.txt' -> `/etc/csf/./netblock.txt'
`portknocking.txt' -> `/etc/csf/./portknocking.txt'
`regex.custom.pm' -> `/etc/csf/./regex.custom.pm'
`pt_deleted_action.pl' -> `/etc/csf/./pt_deleted_action.pl'
`messenger' -> `/etc/csf/./messenger'
`messenger/index.text' -> `/etc/csf/./messenger/index.text'
`messenger/index.html' -> `/etc/csf/./messenger/index.html'
`messenger/csf_small.png' -> `/etc/csf/./messenger/csf_small.png'
`ui' -> `/etc/csf/./ui'
`ui/server.key' -> `/etc/csf/./ui/server.key'
`ui/ui.ban' -> `/etc/csf/./ui/ui.ban'
`ui/server.crt' -> `/etc/csf/./ui/server.crt'
`ui/ui.allow' -> `/etc/csf/./ui/ui.allow'
`ui/images' -> `/etc/csf/./ui/images'
`ui/images/cxs.png' -> `/etc/csf/./ui/images/cxs.png'
`ui/images/icon.gif' -> `/etc/csf/./ui/images/icon.gif'
`ui/images/cxs_small.png' -> `/etc/csf/./ui/images/cxs_small.png'
`ui/images/minus.png' -> `/etc/csf/./ui/images/minus.png'
`ui/images/viewdelivery.png' -> `/etc/csf/./ui/images/viewdelivery.png'
`ui/images/delete.png' -> `/etc/csf/./ui/images/delete.png'
`ui/images/deliver.png' -> `/etc/csf/./ui/images/deliver.png'
`ui/images/cxs-loader.gif' -> `/etc/csf/./ui/images/cxs-loader.gif'
`ui/images/plus.png' -> `/etc/csf/./ui/images/plus.png'
`ui/images/perm.png' -> `/etc/csf/./ui/images/perm.png'
`ui/images/cse_small.png' -> `/etc/csf/./ui/images/cse_small.png'
`ui/images/csf_small.png' -> `/etc/csf/./ui/images/csf_small.png'
`lfd.logrotate' -> `/etc/logrotate.d/lfd'
`csfcron.sh' -> `/etc/cron.d/csfcron.sh'
`lfdcron.sh' -> `/etc/cron.d/lfdcron.sh'
`csf.pl' -> `/etc/csf/csf.pl'
`csfui.pl' -> `/etc/csf/csfui.pl'
`csfuir.pl' -> `/etc/csf/csfuir.pl'
`cseui.pl' -> `/etc/csf/cseui.pl'
`csftest.pl' -> `/etc/csf/csftest.pl'
`lfd.pl' -> `/etc/csf/lfd.pl'
`regex.pm' -> `/etc/csf/regex.pm'
`servercheck.pm' -> `/etc/csf/servercheck.pm'
`readme.txt' -> `/etc/csf/readme.txt'
`sanity.txt' -> `/etc/csf/sanity.txt'
`x-arf.txt' -> `/etc/csf/x-arf.txt'
`changelog.txt' -> `/etc/csf/changelog.txt'
`install.txt' -> `/etc/csf/install.txt'
`version.txt' -> `/etc/csf/version.txt'
`license.txt' -> `/etc/csf/license.txt'
`uninstall.sh' -> `/etc/csf/uninstall.sh'
`remove_apf_bfd.sh' -> `/etc/csf/remove_apf_bfd.sh'
`lfd.sh' -> `/etc/init.d/lfd'
`csf.sh' -> `/etc/init.d/csf'
`Net' -> `/etc/csf/Net'
`Net/CIDR' -> `/etc/csf/Net/CIDR'
`Net/CIDR/Lite.pm' -> `/etc/csf/Net/CIDR/Lite.pm'
`Geo' -> `/etc/csf/Geo'
`Geo/IP' -> `/etc/csf/Geo/IP'
`Geo/IP/PurePerl.pm' -> `/etc/csf/Geo/IP/PurePerl.pm'
`Crypt' -> `/etc/csf/Crypt'
`Crypt/Blowfish_PP.pm' -> `/etc/csf/Crypt/Blowfish_PP.pm'
`Crypt/CBC.pm' -> `/etc/csf/Crypt/CBC.pm'
`csf.div' -> `/etc/csf/csf.div'
`ui/images/cxs.png' -> `/etc/csf/ui/./images/cxs.png'
`ui/images/icon.gif' -> `/etc/csf/ui/./images/icon.gif'
`ui/images/cxs_small.png' -> `/etc/csf/ui/./images/cxs_small.png'
`ui/images/minus.png' -> `/etc/csf/ui/./images/minus.png'
`ui/images/viewdelivery.png' -> `/etc/csf/ui/./images/viewdelivery.png'
`ui/images/delete.png' -> `/etc/csf/ui/./images/delete.png'
`ui/images/deliver.png' -> `/etc/csf/ui/./images/deliver.png'
`ui/images/cxs-loader.gif' -> `/etc/csf/ui/./images/cxs-loader.gif'
`ui/images/plus.png' -> `/etc/csf/ui/./images/plus.png'
`ui/images/perm.png' -> `/etc/csf/ui/./images/perm.png'
`ui/images/cse_small.png' -> `/etc/csf/ui/./images/cse_small.png'
`ui/images/csf_small.png' -> `/etc/csf/ui/./images/csf_small.png'
chmod: cannot access `/var/log/lfd.log*': No such file or directory
mode of `/etc/csf/cseui.pl' changed to 0700 (rwx------)
mode of `/etc/csf/csf.pl' changed to 0700 (rwx------)
mode of `/etc/csf/csftest.pl' changed to 0700 (rwx------)
mode of `/etc/csf/csfui.pl' changed to 0700 (rwx------)
mode of `/etc/csf/csfuir.pl' changed to 0700 (rwx------)
mode of `/etc/csf/lfd.pl' changed to 0700 (rwx------)
mode of `/etc/csf/pt_deleted_action.pl' changed to 0700 (rwx------)
mode of `/etc/csf/regex.custom.pm' changed to 0700 (rwx------)
mode of `/etc/csf/regex.pm' changed to 0700 (rwx------)
mode of `/etc/csf/servercheck.pm' changed to 0700 (rwx------)
mode of `/etc/csf/remove_apf_bfd.sh' changed to 0700 (rwx------)
mode of `/etc/csf/uninstall.sh' changed to 0700 (rwx------)
chmod: cannot access `/etc/csf/*.php': No such file or directory
failed to change mode of `/etc/csf/*.php' to 0000 (---------)
mode of `/etc/init.d/lfd' changed to 0700 (rwx------)
mode of `/etc/init.d/csf' changed to 0700 (rwx------)
mode of `/etc/cron.d/lfdcron.sh' changed to 0644 (rw-r--r--)
mode of `/etc/cron.d/csfcron.sh' changed to 0644 (rw-r--r--)
`/usr/sbin/csf' -> `/etc/csf/csf.pl'
`/usr/sbin/lfd' -> `/etc/csf/lfd.pl'
`addon_csf.cgi' -> `/usr/local/cpanel/whostmgr/docroot/cgi/./addon_csf.cgi'
mode of `/usr/local/cpanel/whostmgr/docroot/cgi/addon_csf.cgi' changed to 0700 (rwx------)
`csf/' -> `/usr/local/cpanel/whostmgr/docroot/cgi/csf'
`csf/minus.png' -> `/usr/local/cpanel/whostmgr/docroot/cgi/csf/minus.png'
`csf/delete.png' -> `/usr/local/cpanel/whostmgr/docroot/cgi/csf/delete.png'
`csf/plus.png' -> `/usr/local/cpanel/whostmgr/docroot/cgi/csf/plus.png'
`csf/perm.png' -> `/usr/local/cpanel/whostmgr/docroot/cgi/csf/perm.png'
`csf/csf_small.png' -> `/usr/local/cpanel/whostmgr/docroot/cgi/csf/csf_small.png'
*** IPV6 Enabled
*** IPV6_SPI set to 1
TCP ports currently listening for incoming connections:
21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,3306,5672
UDP ports currently listening for incoming connections:
53,68
IPv6 TCP ports currently listening for incoming connections:
21,22,25,465,587,5672
IPv6 UDP ports currently listening for incoming connections:
Note: The port details above are for information only, csf hasn't been auto-configured.
Don't forget to:
1. Configure the following options in the csf configuration to suite your server: TCP_*, UDP_*, IPV6, TCP6_*, UDP6_*
2. Restart csf and lfd
3. Set TESTING to 0 once you're happy with the firewall
Adding current SSH session IP address to the csf whitelist in csf.allow:
Adding 192.168.211.1 to csf.allow only while in TESTING mode (not iptables ACCEPT)
*WARNING* TESTING mode is enabled - do not forget to disable it in the configuration
Installation Completed
root@server5 [~/csf]#
[/bash]
Selanjutnya, cek apakah iptables modules diminta (diperlukan) dengan menjalankan command berikut:
[bash]
root@server5 [~/csf]# perl /etc/csf/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK
RESULT: csf should function on this server
root@server5 [~/csf]#
[/bash]
Konfigurasi iptables apapun lainnya harus di-disabled, misal jika sebelumnya menggunakan APF+BFD dengan terlebih dahulu men-disable (hapus/remove).
Command:
sh /etc/csf/remove_apf_bfd.sh
Selesai. CSF dapat dikonfigurasikan langsung via edit file /etc/csf/*, atau pada cPanel dapat menggunakan WHM UI (User Interface).
[caption id="attachment_1217" align="alignnone" width="150" caption="ConfigServer Security & Firewall (CSF) WHM Plugin"]
[/caption]Harap diingat, CSF auto configure port ssh sesuai pada saat instalasi dan juga otomatis menambahkan IP Address administrator waktu install ke daftar whitelist.
Webmin Module Installation/Upgrade
Untuk install atau upgrade module csf pada webmin, install csf seperti command di atas, kemudian install module csf.
Webmin → Webmin Configuration → Webmin Modules → From local file → /etc/csf/csfwebmin.tgz → Install Module
[caption id="attachment_1218" align="alignleft" width="150" caption="CSF Webmin Module 1"]
[/caption][caption id="attachment_1219" align="alignleft" width="150" caption="CSF Webmin Module 2"]
[/caption][caption id="attachment_1220" align="alignleft" width="150" caption="CSF Webmin Module 3"]
[/caption]Klik Refresh Module → System → ConfigServer Security & Firewall untuk mulai configurasi CSF.
[caption id="attachment_1221" align="alignleft" width="150" caption="CSF Webmin Module 4"]
[/caption][caption id="attachment_1222" align="alignleft" width="150" caption="CSF Webmin Module 5"]
[/caption]Uninstall CSF
cPanel Server, gunakan command berikut:
[bash collapse="false"]
[root@localhost ~]# cd /etc/csf
[root@localhost csf]# sh uninstall.sh
[/bash]
Pada DirectAdmin servers, jalankan command berikut:
[bash collapse="false"]
[root@localhost ~]# cd /etc/csf
[root@localhost csf]# sh uninstall.directadmin.sh
[/bash]
Pada Generic Linux Server, jalankan command berikut:
[bash collapse="false"]
[root@localhost ~]# cd /etc/csf
[root@localhost csf]# sh uninstall.generic.sh
[/bash]
Visit Publisher Script
Tidak ada komentar:
Posting Komentar