New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How to Install ConfigServer Firewall (CSF) on VPS
ConfigServer Firewall, or CSF, is a common Linux security suite. Log in to your VPS as the root user and run the following commands to install CSF:
# rm -fv csf.tgz
# wget http://www.configserver.com/free/csf.tgz
# tar -xzf csf.tgz
# cd csf
# sh install.sh
If WHM/cPanel is installed on your server, you can configure CSF from WHM, otherwise edit the files in /etc/csf.
For more information, see: http://configserver.com/cp/csf.html
Comments
Also don't forget to change from "Test" mode to active mode.
yes that right
Spamtastic
I'm confused. Why are you removing the .tgz file before you have actually download it
@GetKVM_Ash GOES FASTER
Thanks for copy and paste yet again
https://my.vps6.net/knowledgebase/24/How-to-Install-ConfigServer-Firewall-CSF.html
if you're using a lowend openvz VPS you also might want to run this command to see which CSF features won't work on your box because the majority of openvz hosts don't enable all of the required iptables kernel modules (there are a few hosts who enable all required iptables modules by default):
my personal list of lowend CSF openvz compatibility:
RamNode-all iptables modules enabled
Cinfu -all modules enabled
Prometeus node pm33-all modules enabled
ChicagoVPS Buffalo-all modules enabled
IntoVPS- missing xt_connlimit
Prometeus SSD node pm38-missing ipt_recent and xt_connlimit
ChicagoVPS Los Angeles-missing ipt_recent and xt_connlimit
IcelandVPS-missing ipt_recent and xt_connlimit
DotVPS UK-missing ipt_recent and xt_connlimit
HostInEuro Netherlands node-missing ipt_recent and xt_connlimit
HostSlim-missing ipt_recent and xt_connlimit
UGVPS Los Angeles and Chicago nodes-missing ipt_recent and xt_connlimit
ipt_recent is required for CSF portflood and port knocking features
xt_connlimit is required for CSF connlimit feature
==============
for webmin users, there is an admin GUI module available:
Webmin > Webmin Configuration > Webmin Modules >
From local file > /etc/csf/csfwebmin.tgz > Install Module"
http://configserver.com/free/csf/install.txt
Removes any possibly older copy on the server.
That's how tutorials write it.
That's how tutorials write it.
Ah i would have thought tutorials were based on a fresh OS install, in which case that file wouldn't be there :P
I love csf.
That's how tutorials write it.
I actually keep an old copy in my private stash of tools, because csf -u just works.
Great post. Great. Really! I have written something smart too:
An organism's sex is defined by the gametes it produces: males produce male gametes (spermatozoa, or sperm) while females produce female gametes (ova, or egg cells); individual organisms which produce both male and female gametes are termed hermaphroditic. Frequently, physical differences are associated with the different sexes of an organism; these sexual dimorphisms can reflect the different reproductive pressures the sexes experience.>
Okay, it's just Copy & Paste. Just as smart as your posting.
I prefer @eastonch and copy & pasta, best typo of the week!
Can we get these posts removed?
Or maybe just merged?
Merged and removed? LOL.
Or merged and then removed?
lol @Corey.
Great minds think alike.
A better question is, can we get all lowend openvz hosts to enable all of the required iptables kernel modules that CSF uses by default (see my list above)?
It's not part of the solus installer, so to answer your question, no.
LOL (nice jab at providers that don't know what they are doing)
But seriously @DomainBop - I've only ever had 2 people need CSF previously and so it was just faster/easier to load them when the customer requests. It is a good idea for me to add this to my 'node setup' script though.
Somehow I find this the appropriate venue and you the appropriate person to post this for. I found this yesterday posted as an article on a hacked website hosted with GoDaddy where the password was, conveniently, the same as the domain name. The content seems to rival that of what @actionx posts.
That's so beautiful! I am melting away... :-)
"Consume meat into vagina; it may render."
Pure Poetry.
If you go ahead and open a ticket, we can get those modules enabled for you at no cost.
Thanks!
@DomainBop This is actually done, all modules are loaded on boot for some. I've not played with my scripts for a few months but pretty sure it covers csf modules aswell.
+1, Ran into a couple of LEB providers that didn't have all necessary iptables modules loaded in order to run another iptables firewall. When some are notified, they blame you (the customer) because:
1) they don't know how to enable the necessary modules, or
2) other customers don't have a problem because they are not running a firewall within the container (so it must be me, right? /sarcasm)
A frustrating and disappointing waste of time on a couple of really nice deals.
One provider who did eventually "get it" and solved it: LetBox (good for you!)
One provider that did not solve it (for me): BlueVM
I should hope so, charging for that sort of thing would be ridiculous.
This is so true.
still xt_connlimit is missing on your node.
I'm using "recent" module to filter DNS Amp.
ChicagoVPS instantly loaded all modules for my request.
SpotVPS finally did but took a day long and required reinstall OS template (I dont know why...
EaseVPS, I'm still waiting your reply.
kernel modules reveal how much skilled they are...