I know csf allows you to use the DShield block list. Have you considered adding the ability to send firewall logs to DShield? I'm looking into doing this outside of csf, but it would be really nice if it were just a matter of enabling it in the configuration.
Hi,
it would be nice to just enter into the main page of CSF in WHM and could see were it says:
View/Unblock the temporary IP bans the number of IPs banned. Somenthing like this:
View/Unblock the temporary IP bans (10 IPs blocked)
Will be usefull to see status of mysql connections (show processlist) and exim queue. If total queue messages number (exim -bpc) is lower enough (let's say below 1000), the summ can be also display (exim -bp | exiqsumm -c)
i got a question: if i whitelist a whole /24, why do i still get mail notification about blocked connections from those ip addresses? same happens with single ip whitelisted, and when i checked the iptables rules, the ip was multiple times added to DROP list.
this happens on generic install centos 5.1 64 bit.
I'm on dialup for alot of my time and use rather large deny lists(1000+ ips). when removeing a banned ip, it takes alongtime to upload the new deny list as well as display the full ruleset when flushing/restarting the firewall.(+20 seconds at times).
just thought it would be most convenient to be able to remove an ip from the iptables without haveing to flush everything.
maybe an unban...
Can you allow comments in the other config files such as the csf.dyndns using the same format as the csf.allow or csf.deny files:
From the readme.txt file:
Both csf.allow and csf.deny can have comments after the IP address listed. The
comments must be on the same line as the IP address otherwise the IP rotation
of csf.deny will remove them.
If editing the csf.allow or csf.deny files directly,...
Would there be harm is automatically updating the md5 check sums after the upcp runs? Since I could not find a specific parameter/switch on LFD to perform this operation, perhaps something like this could be added to the /scripts/postupcp file...
md5sum /usr/bin/* /usr/sbin/* /bin/* /sbin/* /usr/local/bin/* /usr/local/sbin/* /etc/init.d/* /etc/xinetd.d/* /etc/rc.local > /etc/csf/csf.tempint...
Hi, I was wondering when a feature would be enabled in this software to allow for more intuitive FTP connectivity.
Let me elaborate on the specific issue:
I upload/download to a couple of sites. Upgrades of blog software, what have you. The issue that I have come into quite frequently is that after 250 connections the IP I am uploading through essentially is blocked. I understand this is done...
CSF and LFD seem to be working great on two servers now. My Logging level is high and e-mail alerts are high, which dumps quite a few e-mails into my mailbox.
I only have 1 problem. All Server email alerts look exactly the same from the subject line. The all start with the same beginning (lfd: rest of subject)
I am currently going through and manually editing all the e-mail templates to...
Many moons ago I wrote a set of scripts much like csf. I am glad great minds think alike :)
I know this is a tricky one, but one improvement I would like to see is a way to set up a set of files which the System Integrity check will restore if they are modified.
For instance, sshd, ps, etc...
Last year, one of my servers was compromised but I caught it immediately (thanks to csf!) however,...
Is it possible to configure in csf a list of IPs that are allowed to access SSH and block all the others? I think this is better that changing the SSH port.
In my old iptables script I have a line like this:
-A INPUT -s x.x.x.x -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
on x86_64 systems courier-imap uses gamin to monitor file modifications in mailboxes, users with larger mailboxes trigger 'excessive resource usage' messages because gamin stays open for the duration of their session.
Was just dropping the hint that it possibly should be included in lfd's process whitelist by default.
obviously this is very simple to do manually after install, but just thought...
When you use csf Temporary IP Bans you notice a number of people trying over and over. When they are banned, they seem to pop back after their csf Temporary IP Bans is over. It would be a great feature if you could say, if an IP hits the csf Temporary IP Bans table more then x times in y minutes, they are put in the perm ban.
I recently configured my server so that ssh logins will only work using public key encryption, and not plain old passwords. I noticed that lfd stopped detecting and banning IPs for people that attack ssh. Not a problem, you might think, since they will never get in anyway since they don't have a valid key. However, looking at the very long logfile of attempts, I thought it was probably best to...
Is this possible when a WebHost Manager reseller click on ConfigServer Security&Firewall in the plugins menu (and other configserver link) to se a different message than You do not have access to modify ConfigServer Firewall .
Instead, i suggest to write: ConfigServer is installed and running!
I think it would be extremely useful if csf checked the error code of the audit_log and ban,temp_ban, or ignore based on the error code of the audit_log entry.
eg. permanantly ban any 412 code on 1 connection while temp banning a 403 error code with 5 attempts for X seconds and ignoreing 406 alltogether.
just thought it would add a whole new level of control :)
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum