+38
Completed

Create plugin for csf (ConfigServer Security & Firewall)

Software Plant 6 years ago • updated by Dale Morris 4 years ago 15
Nowadays CSF becomes popular and de facto standard regarding security shield in vps and dedicated servers. Webmin has UI module for configuring CSF. So definitely CSF plugin is  must for Ajenti


+2

This will be a great addition! I think you could use an embedded test editor to allow users to update the csf.conf file. The other commands are very well documented in the csf -h portion of the readme. Outside of the restarts, the options for quickly allowing, denying, and unblocking are most important. I don't know how many people use the clustering function.

+1 for me as well, we use CSF on 99.9% of our servers and IMO it's become the most stable and reliable for cPanel and even non-cpanel servers.

It may be well worth reaching out to ConfigServer about integration as I know they have it for Webmin, and the other plugins they have work really nice as well (configserver exploit scanner, mail manage, etc)
+1
Hi,

There seems to be an error, the csf.conf cannot be load when it's there.


Where is your csf.conf located? Which OS are you using?
Just in case, I released an update which fixes /var/lib/csf not being found if you have never run csf after installation.
I suppose I have the same problem. CSF service is running, in plugins section binaries are detected, but I can't see any configuration options for csf firewall in Ajenti menus. Iptables plugin also doesn't show right config pushed by csf.

I run Ununtu (Trusty) x86_64 server and the .conf file is in /etc/csf/csf.conf. In don't know if this has anything to do with CSF plugin, but I log to Ajenti with my system user profile (not as root).
Have you allowed CSF section access for your (non-root) user?
In a matter of fact I had a suspicion this might be the solution, but when I checked I didn't found Software | CSF Firewall section to enable... or something similar. Furthermore my root account is not enabled, so I don't know how to proceed... If I have no other option I will enable root and check out - as a last resort.
Does the Plugins section indicate that CSF plugin was properly loaded? I.e. no warning sign near the plugin name.
No Plugin section hasn't any malfunction indications.

I found a workaround, but this is definitely a bug. The workaround is to switch off the system users and get back to default user "root" that comes with Ajenti. From there I saw CSF firewall check option in the account configuration options and enable it. Then I enabled system accounts again (lost all my account config by the way) and CSF check box was there - disabled. I enabled it and now it works fine.

I still have an issue with iptables plugin, though, which does not show iptables rules correctly. From command prompt "sudo iptables -L" shows that everything is set up. Please advise.
+1
Before installing much else on the server I advise to install CSF before you install other plugins. There are a couple of settings that need to be adjusted after installation to get it to work with Ajenti control panel.
I had a couple of issues getting CSF to work well with the panel but after adjusting these settings and double checking my conf file everything works well. This is on Ubuntu 14.04 lts server hvm on AWS Ec2 instance by the way.


Download the source file
wget http://www.configserver.com/free/csf.tgz
or
https://download.configserver.com/csf.tgz
2. Extract the file
tar -xzf csf.tgz
3. Run the installation script
cd csf
sh install.sh
4. Remove APF/BFD
If the server already installed with APF/BFD firewall, you need to uninstall it as they will conflict each other.
sh /etc/csf/remove_apf_bfd.sh
5. Before configuring the modules, you need to test the Iptable modules
perl /etc/csf/csftest.pl

If it doesn’t shows any fatal errors, we can go ahead with CSF configuration
cd into /etc/csf and
.
sudo nano csf.conf  or if root just nano csf.conf
file and make sure port 8000 is allowed in and out

TCP_IN = “20,21,22,25,53,80,110,143,443,465,587,993,995,8000
TCP_OUT = “20,21,22,25,37,43,53,80,110,113,443,8000
without underlines of course. Don't forget to allow your particular ip address in as well or else the control panel will be unreachable:

1. Allow an Ip address on the server
csf –a xxx.xxx.xx.xx

If your panel was already loaded in your browser window, restart the server from the control panel window. You will be logged out automatically. Log back in and check that the plugin is enabled in under the system heading on the left menu. If it is, you are good to go and can now configure CSF from within Ajenti.

Dale