The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

csf generic VS csf cPanel

Discussion in 'Security' started by 000, Aug 2, 2013.

  1. 000

    000 Well-Known Member

    Joined:
    Jun 3, 2008
    Messages:
    150
    Likes Received:
    0
    Trophy Points:
    16
    Hi.

    In my machine #1:

    Code:
    root@la [~]# csf -v
    csf: v6 (generic)
    root@la [~]#
    In my machine #2:
    Code:
    root@http [~]# csf -v
    csf: v6 (cPanel)
    root@http [~]#
    
    What is the difference into this versions ?

    Some manual/tutorial to config IPTABLES?

    Thanks
     
  2. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    The difference is that in #1 there is no cPanel, in #2 there is.



    If you use CSF you don't need to know anything about configuring iptables, CSF is doing it all for you.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    The output you provided indicates that cPanel is not installed on the first server where the generic version of CSF is installed. If cPanel is installed on this server, try uninstalling and then reinstalling CSF to ensure the cPanel-integrated version is installed.

    Thank you.
     
  4. 000

    000 Well-Known Member

    Joined:
    Jun 3, 2008
    Messages:
    150
    Likes Received:
    0
    Trophy Points:
    16
    Perfect!, error let's go...
    :)

    Now, know please how I can config CSF to:

    using PUTTY, x USER have access to server ONLY from IP1 and IP2

    Yes, we can config [csf.allow] to config x IP
    but: how config some rules only to x_user?

    Thanks
     
  5. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    As far as I understand that is not possible.
    An incoming connection does not have "USER" information.
     
  6. 000

    000 Well-Known Member

    Joined:
    Jun 3, 2008
    Messages:
    150
    Likes Received:
    0
    Trophy Points:
    16
    Thanks quietFinn.

    Connection using PUTTY require 2 fields:

    *user
    *password

    Just I say in message 1:

    "using PUTTY, how x USER have access to server ONLY from IP1 and IP2" ???
     
  7. quietFinn

    quietFinn Well-Known Member

    Joined:
    Feb 4, 2006
    Messages:
    998
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Finland
    cPanel Access Level:
    Root Administrator
    You also said:
    what you describe is not possible with a firewall.
     
  8. 000

    000 Well-Known Member

    Joined:
    Jun 3, 2008
    Messages:
    150
    Likes Received:
    0
    Trophy Points:
    16
    Ah! thanks, now I understand.

    I used csf.

    with this software is NO possible?

    Then how I can?
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You may find the following option useful:

    "WHM Home >> Security Center >> Host Access Control"

    It's not used-based, but it does allow you to white list specific IP addresses for each service. It's documented at:

    Host Access Control

    Thank you.
     
  10. 000

    000 Well-Known Member

    Joined:
    Jun 3, 2008
    Messages:
    150
    Likes Received:
    0
    Trophy Points:
    16
    Thanks.

    Specificly I need acces SHELL to 'X_user' ONLY from IP1 and IP2, is

    "WHM Home >> Security Center >> Host Access Control"

    the best option?
     
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    No, you will not be able to limit SSH to a specific username with the "Host Access Control" option. That would require the use of the following line in the /etc/ssh/sshd_config file:

    Code:
    AllowUsers example1
    This would block SSH access to all users on the system except that username. You could then add in IP limitation rules in a firewall or with Host Access Control.

    Thank you.
     
  12. 000

    000 Well-Known Member

    Joined:
    Jun 3, 2008
    Messages:
    150
    Likes Received:
    0
    Trophy Points:
    16
    ThaNKS.
    But how using CSF I can config SHELL only from IP1 and IP2 ??? (ONLY to SHELL)

    Using CSF I can config ACCESS GENERAL to server only from IP1, IP2, ...

    1// I active SHELL to userX

    2// ¿¿¿how??? I config access to port 22 tu userX ONLY from IPa and IPb ???

    userX can connect to any port/service from any IP/place
    EXCEPT
    to port 22, in this case, only from IP1 and IP2

    ...I no understand you solution.

    Thanks
     
    #12 000, Aug 19, 2013
    Last edited: Aug 19, 2013
  13. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    I recommend using:

    "WHM Home >> Security Center >> Host Access Control"

    Documentation on how to use this option to limit access on specific services to specific IP addresses is available at:

    Host Access Control

    Thank you.
     
Loading...

Share This Page