David Slack - Web developer
Search:
- 29 North
- Act Maintenance Solutions
- Ady Mills
- Arm & Eye
- Documenting the Mundane
- DS Card
- Ebay shop - Tech Genome
- Elevator Studios
- ESS Newton
- Farango
- Lilly Grove
- Lost and Found
- Lucky Fingers
- Luna
- My BubbleBee
- My website
- Relish
- Rotary Club of Liverpool
- SATandCABLE
- Senua Digital
- Senua Hydroponics
- The Natural Apothecary
- Vehcam
- Wind in the Willows Child Care
Install Configserver Security and Firewall on WHM
To help stop DOS (and to a certain extent DDOS) attacks we need a firewall. CSF (Configserver Security and Firewall) seems to be the most used on WHM.
- Download the package with:
wget http://www.configserver.com/free/csf.tgz
- Untar the package{syntaxhighlighter brush: as3;fontsize: 100; first-line: 1; }tar -xzf csf.tgz{/syntaxhighlighter}
- Change to the Directory{syntaxhighlighter brush: as3;fontsize: 100; first-line: 1; }cd csf{/syntaxhighlighter}
- Install the package{syntaxhighlighter brush: as3;fontsize: 100; first-line: 1; }sh install.sh{/syntaxhighlighter}
Now wait until the package installs. Once it's done we need to get rid of any problem firewalls
Get rid of APF+BFD
{syntaxhighlighter brush: as3;fontsize: 100; first-line: 1; }sh /etc/csf/remove_apf_bfd.sh{/syntaxhighlighter}
To Allow ports open the file /etc/csf/csf.conf (with 'vi /etc/csf/csf.conf') and edit the lines with ports numbers. Here are some of the most used:
21 => FTP
22 => SSH
23 => Telnet
25 => SMTP Mail Transfer
43 => WHOIS service
53 => name server (DNS)
80 => HTTP (Web server)
110 => POP protocol (for email)
443 => HTTP Secure (SSL for https:// )
995 => POP over SSL/TLS
9999 => Urchin
3306 = > MysQL Server
2082 => CPANEL Default
2083 => CPANEL - Secure/SSL
2086 => CPANEL WHM
2087 => CPANEL WHM - Secure/SSL
2095 => cpanel webmail
2096 => cpanel webmail - secure/SSL
Plesk Control Panel => 8443
DirectAdmin Control Panel => 2222
Webmin Control Panel => 10000
You now need to go to Cpanel WHM -> CSF Firewall & Security -> Check System Security to sort any warnings
Once you have everything working as you like you need to run the Firewall without TESTING mode.
To do this open /etc/csf/csf.conf and look for the line TESTING = "1", change it to TESTING = "0".
Now restart the Firewall
{syntaxhighlighter brush: as3;fontsize: 100; first-line: 1; }csf -r{/syntaxhighlighter}
Some Errors/Warrnings
Now the Firewall is working if you look on the left hand side of the WHM at the very bottom you will see 'ConfigServer Security&Firewall', clikc this to see the firewall control panel. This has all the setings for blocking and letting in any IPs, ranges, etc. We will start by getting rid of any of the warnings. In your 'ConfigServer Security & Firewall' hit the top button marked 'Check Server Security' and start fixing anything in red.
Check incoming MySQL port
- With SSH open '/etc/csf/csf.conf' using 'vi /etc/csf/csf.conf'
- Take out 3306 from the TCP_IN list
- Save
- Restart the server with csf -r
Check csf SMTP_BLOCK option
This will stop users on the server using port 25 to send emails. It will stop some scripts sending emails.
- Run /etc/csf/csftest.pl'
- If its all ok open '/etc/csf/csf.conf' using 'vi /etc/csf/csf.conf'
- Find SMTP_BLOCK = "0" and change to SMTP_BLOCK = "1"
- Save
- Restart the server with csf -r
Check csf LF_SCRIPT_ALERT option
- If its all ok open '/etc/csf/csf.conf' using 'vi /etc/csf/csf.conf'
- Find LF_SCRIPT_ALERT = "0" and change to LF_SCRIPT_ALERT = "1"
- Save
- Restart the server with csf -r
Check csf PT_ALL_USERS option
- If its all ok open '/etc/csf/csf.conf' using 'vi /etc/csf/csf.conf'
- Find PT_ALL_USERS = "0" and change to PT_ALL_USERS = "1"
- Save
- Restart the server with csf -r
File Permissions
Some files will need to be set as 1777, to do this with /TMP for example
{syntaxhighlighter brush: as3;fontsize: 100; first-line: 1; }chmod -R 1777 /tmp{/syntaxhighlighter}
Check /dev/shm is mounted noexec,nosuid
This means anyone may be able to run anything in that directory. To fix
- Open /etc/fstab in vi
- Look for /dev/shm and look to the right, it says "defaults"
- Change 'defaults' to 'noexec,nosuid'
- Now re-mount the drive with 'mount -o remount /dev/shm'
Check SSH UseDNS
Open and find 'UseDNS no', change it to 'UseDNS yes' and save.
NB: If something goes wrong use SSH and edit this file /etc/csf/csf.allow and allow your IP. You can get in and sort it out.
If all else fails use
{syntaxhighlighter brush: as3;fontsize: 100; first-line: 1; }sh /etc/csf/uninstall.sh{/syntaxhighlighter}
to uninstall
Thanks to mysql-apache-php.com for this tutorial
Also see this installation doc and the main CSF page.
Latest content
There are lots of developers out there with varying degrees of experience and expertise, some mid level, some junior and some senior. Some...
First thoughts are Symfony is ace!Only been using Symfony for 1 project but the amount of coding it has saved has been worth the time spent...
The Lost and Found website was built by myself (David Slack) and designed by Arm & Eye.The site was created to promote a bar and...
Social networks
Contact me here or catch me on one of
the social networks below
Off-site News
My blog
Wednesday, 2 August, 2017 - 06:56
There are lots of developers out there with varying degrees of experience and expertise, some mid level, some junior and some senior. Some developers...
Tuesday, 5 March, 2013 - 09:49
First thoughts are Symfony is ace!Only been using Symfony for 1 project but the amount of coding it has saved has been worth the time spent learning...
Monday, 3 December, 2012 - 10:07
As a web developer and web designer I need to take into account everything on a site from SEO, marketing, usability across devices, the look and feel...
Try this on your mobile
You should be able to use this right from the screen
Latest tweets
Calendar
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
|
|
|
|
|
|
1 |
2 |
|
3 |
4 |
5 |
6 |
7 |
8 |
9 |
|
10 |
11 |
12 |
13 |
14 |
15 |
16 |
|
17 |
18 |
19 |
20 |
21 |
22 |
23 |
|
24 |
25 |
26 |
27 |
28 |
29 |
30 |
|
31 |
|
|
|
|
|
|
Copyright David Slack - Web developer