csf generic VS csf cPanel

[000]

Hi.

In my machine #1:

root@la [~]# csf -v
csf: v6 (generic)
root@la [~]#

In my machine #2:

root@http [~]# csf -v
csf: v6 (cPanel)
root@http [~]#

What is the difference into this versions ?

Some manual/tutorial to config IPTABLES?

Thanks

 

[quietFinn]

In my machine #1:

root@la [~]# csf -v
csf: v6 (generic)
root@la [~]#

In my machine #2:

root@http [~]# csf -v
csf: v6 (cPanel)
root@http [~]#

What is the difference into this versions ?

The difference is that in #1 there is no cPanel, in #2 there is.

Some manual/tutorial to config IPTABLES?

If you use CSF you don't need to know anything about configuring iptables, CSF is doing it all for you.

 

[cPanelMichael]

Hello

The output you provided indicates that cPanel is not installed on the first server where the generic version of CSF is installed. If cPanel is installed on this server, try uninstalling and then reinstalling CSF to ensure the cPanel-integrated version is installed.

Thank you.

 

[000]

try uninstalling and then reinstalling CSF

Perfect!, error let's go...


Now, know please how I can config CSF to:

using PUTTY, x USER have access to server ONLY from IP1 and IP2

Yes, we can config [csf.allow] to config x IP
but: how config some rules only to x_user?

Thanks

 

[quietFinn]

Now, know please how I can config CSF to:

using PUTTY, x USER have access to server ONLY from IP1 and IP2

Yes, we can config [csf.allow] to config x IP
but: how config some rules only to x_user?

Thanks

As far as I understand that is not possible.
An incoming connection does not have "USER" information.

 

[000]

Thanks quietFinn.

connection does not have "USER" information

Connection using PUTTY require 2 fields:

*user
*password

Just I say in message 1:

"using PUTTY, how x USER have access to server ONLY from IP1 and IP2" ???

 

[quietFinn]

You also said:

how I can config CSF to ...

what you describe is not possible with a firewall.

 

[000]

what you describe is not possible with a firewall.

Ah! thanks, now I understand.

I used csf.

with this software is NO possible?

Then how I can?

 

[cPanelMichael]

You may find the following option useful:

"WHM Home >> Security Center >> Host Access Control"

It's not used-based, but it does allow you to white list specific IP addresses for each service. It's documented at:

Host Access Control

Thank you.

 

[000]

it does allow you to allow specific IP addresses for each service.

Thanks.

Specificly I need acces SHELL to 'X_user' ONLY from IP1 and IP2, is

"WHM Home >> Security Center >> Host Access Control"

the best option?

 

[cPanelMichael]

No, you will not be able to limit SSH to a specific username with the "Host Access Control" option. That would require the use of the following line in the /etc/ssh/sshd_config file:

AllowUsers example1

This would block SSH access to all users on the system except that username. You could then add in IP limitation rules in a firewall or with Host Access Control.

Thank you.

 

[000]

ThaNKS.

You could then add in IP limitation rules in a firewall or with Host Access Control.

But how using CSF I can config SHELL only from IP1 and IP2 ??? (ONLY to SHELL)

Using CSF I can config ACCESS GENERAL to server only from IP1, IP2, ...

1// I active SHELL to userX

2// ¿¿¿how??? I config access to port 22 tu userX ONLY from IPa and IPb ???

userX can connect to any port/service from any IP/place
EXCEPT
to port 22, in this case, only from IP1 and IP2

...I no understand you solution.

Thanks

 

[cPanelMichael]

I recommend using:

"WHM Home >> Security Center >> Host Access Control"

Documentation on how to use this option to limit access on specific services to specific IP addresses is available at:

Host Access Control

Thank you.