David Slack - Web developer

Install Configserver Security and Firewall on WHM

To help stop DOS (and to a certain extent DDOS) attacks we need a firewall. CSF (Configserver Security and Firewall) seems to be the most used on WHM.

  1. Download the package with:
    wget http://www.configserver.com/free/csf.tgz
  2. Untar the package{syntaxhighlighter brush: as3;fontsize: 100; first-line: 1; }tar -xzf csf.tgz{/syntaxhighlighter}
  3. Change to the Directory{syntaxhighlighter brush: as3;fontsize: 100; first-line: 1; }cd csf{/syntaxhighlighter}
  4. Install the package{syntaxhighlighter brush: as3;fontsize: 100; first-line: 1; }sh install.sh{/syntaxhighlighter}

Now wait until the package installs. Once it's done we need to get rid of any problem firewalls

Get rid of APF+BFD

{syntaxhighlighter brush: as3;fontsize: 100; first-line: 1; }sh /etc/csf/remove_apf_bfd.sh{/syntaxhighlighter}

To Allow ports open the file /etc/csf/csf.conf (with 'vi /etc/csf/csf.conf') and edit the lines with ports numbers. Here are some of the most used:

21 => FTP
22 => SSH
23 => Telnet
25 => SMTP Mail Transfer
43 => WHOIS service
53 => name server (DNS)
80 => HTTP (Web server)
110 => POP protocol (for email)
443 => HTTP Secure (SSL for https:// )
995 => POP over SSL/TLS
9999 => Urchin
3306 = > MysQL Server
2082 => CPANEL Default
2083 => CPANEL - Secure/SSL
2086 => CPANEL WHM
2087 => CPANEL WHM - Secure/SSL
2095 => cpanel webmail
2096 => cpanel webmail - secure/SSL
Plesk Control Panel => 8443
DirectAdmin Control Panel => 2222
Webmin Control Panel => 10000

You now need to go to Cpanel WHM -> CSF Firewall & Security -> Check System Security to sort any warnings

Once you have everything working as you like you need to run the Firewall without TESTING mode.
To do this open /etc/csf/csf.conf and look for the line TESTING = "1", change it to TESTING = "0".

Now restart the Firewall

{syntaxhighlighter brush: as3;fontsize: 100; first-line: 1; }csf -r{/syntaxhighlighter}

Some Errors/Warrnings

Now the Firewall is working if you look on the left hand side of the WHM at the very bottom you will see 'ConfigServer Security&Firewall', clikc this to see the firewall control panel. This has all the setings for blocking and letting in any IPs, ranges, etc. We will start by getting rid of any of the warnings. In your 'ConfigServer Security & Firewall' hit the top button marked 'Check Server Security' and start fixing anything in red.

Check incoming MySQL port

  1. With SSH open '/etc/csf/csf.conf' using 'vi /etc/csf/csf.conf'
  2. Take out 3306 from the TCP_IN list
  3. Save
  4. Restart the server with csf -r

Check csf SMTP_BLOCK option

This will stop users on the server using port 25 to send emails. It will stop some scripts sending emails.

  1. Run /etc/csf/csftest.pl'
  2. If its all ok open '/etc/csf/csf.conf' using 'vi /etc/csf/csf.conf'
  3. Find SMTP_BLOCK = "0" and change to SMTP_BLOCK = "1"
  4. Save
  5. Restart the server with csf -r

Check csf LF_SCRIPT_ALERT option

  1. If its all ok open '/etc/csf/csf.conf' using 'vi /etc/csf/csf.conf'
  2. Find LF_SCRIPT_ALERT = "0" and change to LF_SCRIPT_ALERT = "1"
  3. Save
  4. Restart the server with csf -r

Check csf PT_ALL_USERS option

  1. If its all ok open '/etc/csf/csf.conf' using 'vi /etc/csf/csf.conf'
  2. Find PT_ALL_USERS = "0" and change to PT_ALL_USERS = "1"
  3. Save
  4. Restart the server with csf -r

File Permissions

Some files will need to be set as 1777, to do this with /TMP for example

{syntaxhighlighter brush: as3;fontsize: 100; first-line: 1; }chmod -R 1777 /tmp{/syntaxhighlighter}

Check /dev/shm is mounted noexec,nosuid

This means anyone may be able to run anything in that directory. To fix

  1. Open /etc/fstab in vi
  2. Look for /dev/shm and look to the right, it says "defaults"
  3. Change 'defaults' to 'noexec,nosuid'
  4. Now re-mount the drive with 'mount -o remount /dev/shm'

Check SSH UseDNS

Open and find 'UseDNS no', change it to 'UseDNS yes' and save.

 

 

NB: If something goes wrong use SSH and edit this file /etc/csf/csf.allow and allow your IP. You can get in and sort it out.
If all else fails use

{syntaxhighlighter brush: as3;fontsize: 100; first-line: 1; }sh /etc/csf/uninstall.sh{/syntaxhighlighter}

to uninstall

Thanks to mysql-apache-php.com for this tutorial
Also see this installation doc and the main CSF page.

Latest content

What is a Senior Developer
There are lots of developers out there with varying degrees of experience and expertise, some mid level, some junior and some senior. Some...
Read more...
Symfony
First thoughts are Symfony is ace!Only been using Symfony for 1 project but the amount of coding it has saved has been worth the time spent...
Read more...
Lost and Found
The Lost and Found website was built by myself (David Slack) and designed by Arm & Eye.The site was created to promote a bar and...
Read more...
Read more...

Social networks

Contact me here or catch me on one of
the social networks below


What I'm listening to

My blog

What is a Senior Developer
Wednesday, 2 August, 2017 - 06:56
There are lots of developers out there with varying degrees of experience and expertise, some mid level, some junior and some senior. Some developers...
Read more
Symfony
Tuesday, 5 March, 2013 - 09:49
First thoughts are Symfony is ace!Only been using Symfony for 1 project but the amount of coding it has saved has been worth the time spent learning...
Read more
Web design "Fold" myth
Monday, 3 December, 2012 - 10:07
As a web developer and web designer I need to take into account everything on a site from SEO, marketing, usability across devices, the look and feel...
Read more

Try this on your mobile

Use your QR reader to read this

You should be able to use this right from the screen

Latest tweets

Calendar

Monday, April 1

M T W T F S S
1
 
2
 
3
 
4
 
5
 
6
 
7
 
8
 
9
 
10
 
11
 
12
 
13
 
14
 
15
 
16
 
17
 
18
 
19
 
20
 
21
 
22
 
23
 
24
 
25
 
26
 
27
 
28
 
29
 
30
 
 
 
 
 
 

You are here

Home » Servers » cPanel and WHM » Install Configserver Security and Firewall on WHM
Back to top

Copyright David Slack - Web developer