Page 1 of 1

Disable few security checks on directadmin

Posted: 13 Aug 2019, 05:10
by MaXi32
The directadmin installation suggests that CSF config should be managed by the directadmin and we have to set some bruteforce settings to 0 or disable them. By doing this, the CSF will trigger few warning messages.

From what I've known, CSF use a special installation config file for directadmin called csf.directadmin.conf and it contains a generic variable DIRECTADMIN=1

If we can use this check, maybe we can ignore the warning message.

LF_SSHD option check
This option helps prevent brute force attacks on your server services
LF_FTPD option check
This option helps prevent brute force attacks on your server services
LF_SMTPAUTH option check
This option helps prevent brute force attacks on your server services
LF_POP3D option check
This option helps prevent brute force attacks on your server services
LF_IMAPD option check
This option helps prevent brute force attacks on your server services
LF_HTACCESS option check
This option helps prevent brute force attacks on your server services
LF_MODSEC option check
This option helps prevent brute force attacks on your server services
SYSLOG_CHECK option check

or we can have an option to exclude / ignore permanently the warning message to get the green color satisfaction.

My idea is to replace this code from the file ServerCheck.pm at the line 274 (im not sure if this will work because im not a perl programmer):

Code: Select all

open(my $IN, "<", "/etc/csf/csf.conf");
flock($IN, LOCK_SH);
my@ conf = < $IN > ;
close($IN);
chomp@ conf;
if (my@ ls = grep {
        $_ = ~/^\s*(DIRECTADMIN)\s*=\s*1/I}@
    conf) {#
    
    If csf.conf contains the value DIRECTADMIN = 1, which always true
    if using directadmin installation method Don 't do anything
    
     $status = 1 } 
     else 
     { 
     #Else print status 
     $status = 0 &addline($status,"$option option check","This option helps prevent brute force attacks on your server services"); }
This will be a good idea, if someone new in the server admin department suddenly got panic with the red color. Just a suggestion.

Regards,

MaXi32 @ Arafat Ali (https://earth.sofibox.com)

Re: Disable few security checks on directadmin

Posted: 04 Feb 2020, 10:25
by MaXi32
Thank you so much for adding this. Seems like it has been added on the latest version.

Regards,

MaXi32 @ Arafat Ali (https://earth.sofibox.com)