CSF Installation on Webmin/Virtualmin
Installation
============
Installation is quite straightforward:
rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
Next, test whether you have the required iptables modules:
perl /etc/csf/csftest.pl
Don't worry if you cannot run all the features, so long as the script doesn't
report any FATAL errors
You should not run any other iptables firewall configuration script. For
example, if you previously used APF+BFD you can remove the combination (which
you will need to do if you have them installed otherwise they will conflict
horribly):
sh /etc/csf/remove_apf_bfd.sh
That's it. You can then configure csf and lfd by edit the files
directly in /etc/csf/*
csf auto-configures your SSH port on installation where it's running on a non-
standard port.
csf auto-whitelists your connected IP address where possible on installation.
You should ensure that kernel logging daemon (klogd) is enabled. Typically, openvz VPS
servers have this disabled and you should check /etc/init.d/syslog and make
sure that any klogd lines are not commented out. If you change the file,
remember to restart syslog. Read This : http://linux-server-admin.blogspot.com/2012/06/syslogd-appears-to-be-running-but-not.html
See the readme.txt file for more information.
Webmin Module Installation/Upgrade
==================================
To install or upgrade the csf webmin module:
Install csf as above
Install the csf webmin module in:
Webmin > Webmin Configuration > Webmin Modules >
From local file > /etc/csf/csfwebmin.tgz > Install Module
Uninstallation
==============
Removing csf and lfd is even more simple:
On generic linux servers:
cd /etc/csf
sh uninstall.generic.sh
GD::Graph
=========
This perl module is required for Statistical Graphs available from the csf UI.
It is dependent on garphical libraries being installed for your OS (e.g.
libgd, libpng, etc. which is beyond the scope of this document)
The perl module itself can be installed in a variety of ways, e.g.:
Debian v6:
# apt-get install libgd-graph-perl
Direct from cpan.org:
# perl -MCPAN -e shell
cpan> install GD::Graph
syslogd appears to be running, but not klogd which logs kernel firewall messages to syslog. You should ensure that klogd is running
When you run a CSF firewall to check your server's security, sometimes you get below mentioned warning, especially on a VPS running OpenVZ
syslogd appears to be running, but not klogd which logs kernel firewall messages to syslog. You should ensure that klogd is running
Typically, VPS servers have this disabled and you should check and edit /etc/init.d/syslog and make sure that any klogd lines are not commented out.
Do the following steps to resolve the issue.
If VPS edit /etc/init.d/syslog,
1. Root login to the server via WinSCP or if in ssh you can use nano -c /etc/init.d/syslog
2. Edit /etc/init.d/syslog
3. Search the line below, (nearly at line # 42)
passed klogd skipped #daemon klogd $KLOGD_OPTIONS
4. Change it to be lines below,
passed klogd skipped
daemon klogd $KLOGD_OPTIONS
5. Now search 'status klogd' and then un-comment it.
6. Now search '#killproc klogd' and chnage it to be 'killproc klogd'
7. Restart syslog via /etc/init.d/syslog restart
This should fix the issue.
To checks, try this command :
more /etc/init.d/syslog|grep klogd
It now should return output like below :
# syslog Starts syslogd/klogd.
[ -x /sbin/klogd ] || exit 5
passed klogd skipped
daemon klogd $KLOGD_OPTIONS
passed klogd skipped
killproc klogd
status klogd
echo -n "Reloading klogd..."
klog=`cat /var/run/klogd.pid 2>/dev/null`
If you change the file, remember to restart syslog via /etc/init.d/syslog restart
Subscribe to:
Posts (Atom)