I recently installed a Promox server (Debian Wheezy) and I want to use CSF with this server. I have been using CSF successfully for a long time now but I would also like to use the graphical user interface. I tried to activate it but the page won't load for me.
Here is the relevant part of my CSF configuration
Code: Select all
###############################################################################
# SECTION:Integrated User Interface
###############################################################################
# Integrated User Interface. This feature provides a HTML UI to csf and lfd,
# without requiring a control panel or web server. The UI runs as a sub process
# to the lfd daemon
#
# As it runs under the root account and successful login provides root access
# to the server, great care should be taken when configuring and using this
# feature. There are additional restrictions to enhance secure access to the UI
#
# See readme.txt for more information about using this feature BEFORE enabling
# it for security and access reasons
#
# 1 to enable, 0 to disable
UI = "1"
# Set this to the port that want to bind this service to. You should configure
# this port to be >1023 and different from any other port already being used
#
# Do NOT enable access to this port in TCP_IN, instead only allow trusted IP's
# to the port using Advanced Allow Filters (see readme.txt)
UI_PORT = "6666"
# This should be a secure, hard to guess username
#
# This must be changed from the default
UI_USER = "<username>"
# This should be a secure, hard to guess password. That is, at least 8
# characters long with a mixture of upper and lowercase characters plus
# numbers and non-alphanumeric characters
#
# This must be changed from the default
UI_PASS = "<password>"
# This is the login session timeout. If there is no activity for a logged in
# session within this number of seconds, the session will timeout and a new
# login will be required
#
# For security reasons, you should always keep this option low (i.e 60-300)
UI_TIMEOUT = "300"
# This is the maximum concurrent connections allowed to the server. The default
# value should be sufficient
UI_CHILDREN = "5"
# The number of login retries allowed within a 24 hour period. A successful
# login from the IP address will clear the failures
#
# For security reasons, you should always keep this option low (i.e 0-10)
UI_RETRY = "5"
# If enabled, this option will add the connecting IP address to the file
# /etc/csf/ui/ui.ban after UI_RETRY login failures. The IP address will not be
# able to login to the UI while it is listed in this file. The UI_BAN setting
# does not refer to any of the csf/lfd allow or ignore files, e.g. csf.allow,
# csf.ignore, etc.
#
# For security reasons, you should always enable this option
UI_BAN = "1"
# If enabled, only IPs (or CIDR's) listed in the file /etc/csf/ui/ui.allow will
# be allowed to login to the UI. The UI_ALLOW setting does not refer to any of
# the csf/lfd allow or ignore files, e.g. csf.allow, csf.ignore, etc.
#
# For security reasons, you should always enable this option and use ui.allow
UI_ALLOW = "1"
# If enabled, this option will trigger an iptables block through csf after
# UI_RETRY login failures
#
# 0 = no block;1 = perm block;nn=temp block for nn secs
UI_BLOCK = "1"
# This controls what email alerts are sent with regards to logins to the UI. It
# uses the uialert.txt template
#
# 4 = login success + login failure/ban/block + login attempts
# 3 = login success + login failure/ban/block
# 2 = login failure/ban/block
# 1 = login ban/block
# 0 = disabled
UI_ALERT = "4"
# This is the SSL cipher list that the Integrated UI will negotiate from
UI_CIPHER = "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH"
# This is the SSL protocol version used. See IO::Socket::SSL if you wish to
# change this and to understand the implications of changing it
UI_SSL_VERSION = "SSLv23:!SSLv2"
# If cxs is installed then enabling this option will provide a dropdown box to
# switch between applications
UI_CXS = "0"
# There is a modified installation of ConfigServer Explorer (cse) provided with
# the csf distribution. If this option is enabled it will provide a dropdown
# box to switch between applications
UI_CSE = "0"I added the following rule to the "/etc/csf/csf.allow" file:
Code: Select all
tcp:in:d=6666:s=<my_ip_address>/32Code: Select all
root@pve1:/etc/csf# ps faux | grep lfd
root 158079 0.0 0.0 7788 884 pts/1 S+ 20:26 0:00 \_ grep lfd
root 157788 0.0 0.4 80232 17584 ? Ss 20:16 0:00 lfd - sleeping
root 157792 0.0 0.4 73916 18240 ? S 20:16 0:00 \_ lfd UIThere are no error messages in "/var/log/lfd.log" about the UI.
Can somebody help me getting the UI operational?
Kind regards,
Mannekino