Tag Archives: csf

How to fix the WHM CSF security test errors!

As a part of ensuring security, we perform a CSF security scan from WHM. We may get the following error after the scan

Check csf LF_SCRIPT_ALERT option WARNING This option will notify you when a large amount of email is sent from a particular script on the server, helping track down spam scripts

To fix this error :  ssh into the server and edit the csf configuration file

vi /etc/csf/csf.conf

search for LF_SCRIPT_ALERT = “0″

Change the value from “0″ to “1″ to fix the issue.

Don’t forget to restart the CSF

You may also get the following error :

Check exim for extended logging (log_selector) WARNING You should enable extended exim logging to enable easier tracking potential outgoing spam issues. Add:log_selector = +arguments +subject +received_recipients

FIX:

Edit the exim configuration file :

/etc/exim.conf

Change the value from “log_selector = +all” to the following :

log_selector = +arguments +subject +received_recipients

save and restart the CSF to get this resolved.

How to install csf on a VPS .

How to install csf on a VPS or how to fix the error ” Error: iptables command [/sbin/iptables -v -A LOGDROPIN -p tcp -m limit --limit 30/m --limit-burst 5 -j LOG --log-prefix 'Firewall: *TCP_IN Blocked* '] failed, at line 196″

Introduction:

CSF is giving good compatibility with cpanel servers . But in a vps (openvz or Virtuzzo) the csf configuration is quite different.

Sometimes you may get an error as follow after the csf installation in vps

Error: iptables command [/sbin/iptables -v -A LOGDROPIN -p tcp -m limit --limit 30/m --limit-burst 5 -j LOG --log-prefix 'Firewall: *TCP_IN Blocked* '] failed, at line 196

So how to resolve this issue?. Let us do it as follows,
If you get the above error, then uninstall csf from your VPS & reinstall as follows.

There are two steps to configure the csf on a vps

i)Main vps server ( The host server ,in which the vps nodes are running) configuration

ii) Vps node configuration.

i)Main vps serverconfiguration :-

Before starting the csf installation in a node login to the main server (host server) and check whether the following modules are inserted in to the kernel

ipt_conntrack
ipt_LOG
ipt_owner
ipt_state
ip_conntrack_ftp

You can check it as follows

# lsmod |grep -i <module-name>

If not please insert these modules into the kernel.

#modprob <module-name>
eg: modprob ipt_conntrack

Now add these modules to iptable configuration as follows.

# vi /etc/sysconfig/iptables-config

Add the following in this file

IPTABLES_MODULES=”ipt_conntrack ipt_LOG ipt_owner ipt_state ip_conntrack_ftp”

Now edit the vps configuration file from /etc/sysconfig/vz-scripts/
Let 101 is the VEID, add the above inserted modules into the IPTABLE section in this configuration file.
To find the VEID :

vzlist -a

# vi /etc/sysconfig/vz-scripts/101.conf

IPTABLES=”iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ipt_state
iptable_nat ip_nat_ftp ipt_owner ip_conntrack_ftp”

Now we completed the main vps server(node) configuration . So now reboot the child node (not main server) as follows

# vzctl restart <veid>

eg: vzctl restart 101

ii) Vps node configuration.

Now ssh or vzctl enter into the child.

eg : vzctl enter VEID

Now download and install the csf .

Download here :- http://www.configserver.com/free/csf.tgz

sh /etc/csf/install.sh

Before starting the csf let us do some configurations as follows , Edit the file /etc/csf/csf.conf .Then set the following variables

ETH_DEVICE = “venet0″ #from ifconfig you can see the n/w device
MONOLITHIC_KERNEL = “1″
VERBOSE = “0″ # will disable the verbose output during start

start the csf and lfd :-

/etc/init.d/csf start

/etc/init.d/lfd start

DONE!