[PLUGIN] ConfigServer Security & Firewall

chirpy

Verified User
Joined
Feb 14, 2009
Messages
13
I've just released v4.50 of csf which now installs a UI plugin for DiractAdmin admin users.

It is included, free of charge, and is automatically installed when you install/upgrade to v4.50 of csf on a DirectAdmin server.

If you come across any difficulties with the plugin then please feel free to post on our support forums.

For more information, please visit http://www.configserver.com/cp/csf.html
 
That's really great! Thank you for this nice product. :)
 
If anyone tries it out and does find out any problems or has suggestions regarding the DA environment, please do post them in our csf suggestions forum.

I'm new to DirectAdmin (thank you to DA for their help) and I hope the plugin does work as expected, but am happy to hear from people about their experiences with it.
 
I issued csf -u and then also restarted direct admin, but I still don't see anything inside the direct admin web ui.
 
I also ran csf -u on one of my servers, restarted DA en no changes at all.
 
Thanks, that's great.

I have some problem and need to fix. When i use "Server security check", i get some warning:

Code:
[B]Check /tmp is mounted as a filesystem[/B]
/tmp should be mounted as a separate filesystem. Consider using /scripts/securetmp

Code:
[B]Check /var/tmp is mounted as a filesystem[/B]
/var/tmp should either be symlinked to /tmp or mounted as a filesystem


What do I need to do to fix these?
Thanks
 
Last edited:
Thanks, I have fix it by Google ^^
I think it may helpful with you:

Step 1: Securing /tmp
Step 1.1: Backup your fstab file

cp /etc/fstab /etc/fstab.bak

Step 1.2: Creating tmpmnt partition file (Around 1Gb in size)

cd /var
dd if=/dev/zero of=tmpMnt bs=1024 count=1048576

Step 1.3: Format the new partition

mkfs.ext3 -j /var/tmpMnt

Press Y when asked
Step 1.4: Making backup of old /tmp

cp -Rp /tmp /tmp_backup

Step 1.5: Mount the tmp filesystem

mount -o loop,noexec,nosuid,rw /var/tmpMnt /tmp

Step 1.6: Set the right permissions

chmod 0777 /tmp

Step 1.7: Copy the files back to new tmp folder

cp -Rp /tmp_backup/* /tmp/

Step 1.8: Adding new /tmp filesystem to fstab

echo "/var/tmpMnt /tmp ext3 loop,rw,noexec,nosuid,nodev 0 0" >> /etc/fstab

Step 2: No need for 2 tmp filesystems, so we symlink /var/tmp to /tmp

rm -rf /var/tmp/
ln -s /tmp/ /var/tmp
 
It would be great to have 35000:35999 added by default (Passive FTP) and outgoing 2222 for DA Multi-Server.
 
Last edited:
It would be great to have 35000:35999 added by default (Passive FTP) and outgoing 2222 for DA Multi-Server.
A passive port hole is only needed for kernels with broken connection tracking (e.g. Virtuosso VPS, or some custom built kernels). Kernels from the OS vendor should not need any holes created for PASV.

I'll add 2222 to TCP_OUT to the DA installation.
 
Back
Top