Install CSF DirectAdmin
As standard DirectAdmin does not include a firewall. This leaves your DirectAdmin server wide open to several attacks like BruteForce attacks and Port Sniffing. Although DirectAdmin includes a Brute Force Attack monitor it does not block IPs automatically. This means a malicious user could have an unlimited number of attempts to crack the passwords on services like FTP, Exim, and DirectAdmin.
There are several Firewall options available to deploy to DirectAdmin but probably the most popular choice is CSF. CSF gives the admin user a graphical user interface to manage the firewall and it will also block users that attempt to brute-force passwords. Here we are going to manually install CSF to a DirectAdmin server. There is an automatic way to deploy CSF to DirectAdmin servers and users who want to use the automated way should follow the first part of this guide. For more advanced users with more configuration options follow the manual CSF install process.
Automated Install Of CSF DirectAdmin
wget http://files.directadmin.com/services/all/csf/csf_install.sh /bin/sh ./csf_install.sh
Manual Install Of CSF DirectAdmin
First, grab the latest CSF install from the CSF website, unpack and install it.
cd /usr/local/src wget https://download.configserver.com/csf.tgz tar -zxvf csf.tgz cd ./csf
Now, test that CSF will work on your server.
DirectAdmin On OpenVZ/Virtuozzo hosts
If you get fatal errors and you are on an OpenVZ/Virtuozzo VPS server then you will likely need to install some modules. The best way to fix this is to enable. The best way is to enable stateful on the container. First, stop the container. You need access to the host node to enable this module. If you do not run the node contact your provider.
vzctl stop CTID
Then enable stateful
prlctl set CTID --netfilter stateful
Then start the container again, enter the container and run the CSF test. This time it should pass.
vzctl start CTID vzctl enter CTID ./csftest.pl
Assuming the test passed now install CSF to DirectAdmin
At this point in DirectAdmin, you should now see a link for ConfigServer Security & Firewall inside DirectAdmin under Extra Features.
You may see a warning inside CSF saying;
WARNING URLGET set to use LWP but perl module is not installed, reverting to HTTP::Tiny
Whilst CSF will work totally fine you can clear this error message by installing the below.
yum install perl-libwww-perl
That is CSF installed on a DirectAdmin server. Now it’s time to configure the firewall and ensure it’s connected to the DirectAdmin brute force monitor. First, disable the following options in CSF
LF_TRIGGER = "0" LF_SSHD = "0" LF_FTPD = "0" LF_SMTPAUTH = "0" LF_EXIMSYNTAX = "0" LF_POP3D = "0" LF_IMAPD = "0" LF_HTACCESS = "0" LF_MODSEC = "0" LF_DIRECTADMIN = "0"
Now. Let’s make it compatible with DirectAdmin and the Bruteforce feature. This will automatically block IPs detected of trying to crack passwords.
cd /usr/local/directadmin/scripts/custom/ cp block_ip.sh block_ip.sh.bak cp unblock_ip.sh unblock_ip.sh.bak Note - ignore any warnings. These are resolved in the next step.
Now, get the block files from DirectAdmin
cd /usr/local/directadmin/scripts/custom/ wget -O block_ip.sh http://files.plugins-da.net/dl/csf_block_ip.sh.txt wget -O unblock_ip.sh http://files.plugins-da.net/dl/csf_unblock_ip.sh.txt wget -O show_blocked_ips.sh http://files.plugins-da.net/dl/csf_show_blocked_ips.sh.txt chmod 700 block_ip.sh show_blocked_ips.sh unblock_ip.sh
Next, let’s create files for the blocked IPs to be placed in and then automate the blocking. Ensure you copy each line one at a time into your console.
touch /root/blocked_ips.txt touch /root/exempt_ips.txt cd /usr/local/directadmin/scripts/custom wget -O brute_force_notice_ip.sh http://files.directadmin.com/services/all/brute_force_notice_ip.sh chmod 700 brute_force_notice_ip.sh
That’s the install completed. You can now configure CSF from DirectAdmin as required.
How was this article?
You might also like
More from DirectAdmin
How To Install Imunify360 cPanel & DirectAdmin ServersImunify360 is a fantastic tool to have in your server toolkit. It's a …