The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Firewalls

Discussion in 'General Discussion' started by thewebhosting, May 16, 2008.

  1. thewebhosting

    thewebhosting Well-Known Member

    Joined:
    May 9, 2008
    Messages:
    1,201
    Likes Received:
    1
    Trophy Points:
    38
    We are having APF firewall installed on our Linuxservers. Are there any other better firewalls to run on RHEL? what about configserver?
     
  2. shital

    shital Member

    Joined:
    May 28, 2007
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    You can BFD firewall on server.

    BFD installation
    ============

    wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz

    tar -xvzf bfd-current.tar.gz

    cd bfd-0.9/

    ./install.sh

    Configuration Steps
    ==============

    vi /usr/local/bfd/conf.bfd

    Find : ALERT_USR="0" CHANGE TO: ALERT_USR="1"

    Find : EMAIL_USR="root" CHANGE TO: EMAIL_USR="your@yourdomain.com"

    Prevent locking yourself out
    =====================

    vi pico -w /usr/local/bfd/ignore.hosts

    add your own trusted IP's Eg : 192.168.8.1

    BFD uses APF' cli insert feature and as such will override any allow_hosts.rules entries users have in-place. So be sure to add your trusted ip addresses to the ignore file to prevent locking yourself out.

    To run the program
    ===============

    /usr/local/sbin/bfd -s


    Also you can install CSF (Config Server Firewall)

    =========================================
    Below is a description how to install CSF (Config Server Firewall)

    I. Installation
    Installation is quite straightforward:

    rm -fv csf.tgz
    wget www.configserver.com/free/csf.tgz
    tar -xzf csf.tgz
    cd csf
    sh install.sh

    If you would like to disable APF+BFD (which you will need to do if you have
    them installed otherwise they will conflict horribly):

    sh disable_apf_bfd.sh

    That's it. You can then configure csf and lfd in WHM, or edit the files
    directly in /etc/csf/*

    csf is preconfigured to work on a cPanel server with all the standard cPanel
    ports open. It also auto-configures your SSH port if it's non-standard on
    installation.

    You should ensure that kernel logging daemon (klogd) is enabled. Typically, VPS
    servers have this disabled and you should check /etc/init.d/syslog and make
    sure that any klogd lines are not commented out. If you change the file,
    remember to restart syslog.

    II. Uninstallation
    Removing csf and lfd is even more simple:

    cd /etc/csf
    sh uninstall.sh

    Regards,
    Shital
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    What happened to this thread that you started another one of the same topic?
     
  4. thewebhosting

    thewebhosting Well-Known Member

    Joined:
    May 9, 2008
    Messages:
    1,201
    Likes Received:
    1
    Trophy Points:
    38
    Please close this topic as we have already installed csf on our server as per your advise.
     
Loading...

Share This Page