Install CSF DirectAdmin VPS and Dedicated Servers

Install CSF DirectAdmin

To install CSF on cPanel VPS Servers checkout How to Install CSF

As standard DirectAdmin does not include a firewall. This leaves your DirectAdmin server wide open to several attacks like BruteForce attacks and Port Sniffing. Although DirectAdmin includes a Brute Force Attack monitor it does not block IPs automatically. This means a malicious user could have an unlimited number of attempts to crack the passwords on services like FTP, Exim, and DirectAdmin.

There are several Firewall options available to deploy to DirectAdmin but probably the most popular choice is CSF. CSF gives the admin user a graphical user interface to manage the firewall and it will also block users that attempt to brute-force passwords. Here we are going to manually install CSF to a DirectAdmin server. There is an automatic way to deploy CSF to DirectAdmin servers and users who want to use the automated way should follow the first part of this guide. For more advanced users with more configuration options follow the manual CSF install process.

Automated Install Of CSF DirectAdmin

wget http://files.directadmin.com/services/all/csf/csf_install.sh
/bin/sh ./csf_install.sh

Manual Install Of CSF DirectAdmin

First, grab the latest CSF install from the CSF website, unpack and install it.

cd /usr/local/src
wget https://download.configserver.com/csf.tgz
tar -zxvf csf.tgz
cd ./csf

Now, test that CSF will work on your server.

./csftest.pl

DirectAdmin On OpenVZ/Virtuozzo hosts

If you get fatal errors and you are on an OpenVZ/Virtuozzo VPS server then you will likely need to install some modules. The best way to fix this is to enable. The best way is to enable stateful on the container. First, stop the container. You need access to the host node to enable this module. If you do not run the node contact your provider.

vzctl stop CTID

Then enable stateful

prlctl set CTID --netfilter stateful 

Then start the container again, enter the container and run the CSF test. This time it should pass.

vzctl start CTID
vzctl enter CTID
./csftest.pl  

Assuming the test passed now install CSF to DirectAdmin

./install.directadmin.sh

At this point in DirectAdmin, you should now see a link for ConfigServer Security & Firewall inside DirectAdmin under Extra Features.

You may see a warning inside CSF saying;

WARNING URLGET set to use LWP but perl module is not installed, reverting to HTTP::Tiny

Whilst CSF will work totally fine you can clear this error message by installing the below.

yum install perl-libwww-perl

That is CSF installed on a DirectAdmin server. Now it’s time to configure the firewall and ensure it’s connected to the DirectAdmin brute force monitor. First, disable the following options in CSF

LF_TRIGGER = "0"
LF_SSHD = "0"
LF_FTPD = "0"
LF_SMTPAUTH = "0"
LF_EXIMSYNTAX = "0"
LF_POP3D = "0"
LF_IMAPD = "0"
LF_HTACCESS = "0"
LF_MODSEC = "0"
LF_DIRECTADMIN = "0"

Now. Let’s make it compatible with DirectAdmin and the Bruteforce feature. This will automatically block IPs detected of trying to crack passwords.

cd /usr/local/directadmin/scripts/custom/
cp block_ip.sh block_ip.sh.bak
cp unblock_ip.sh unblock_ip.sh.bak

Note - ignore any warnings. These are resolved in the next step.

Now, get the block files from DirectAdmin

cd /usr/local/directadmin/scripts/custom/
wget -O block_ip.sh http://files.plugins-da.net/dl/csf_block_ip.sh.txt
wget -O unblock_ip.sh http://files.plugins-da.net/dl/csf_unblock_ip.sh.txt
wget -O show_blocked_ips.sh http://files.plugins-da.net/dl/csf_show_blocked_ips.sh.txt
chmod 700 block_ip.sh show_blocked_ips.sh unblock_ip.sh

Next, let’s create files for the blocked IPs to be placed in and then automate the blocking. Ensure you copy each line one at a time into your console.

touch /root/blocked_ips.txt
touch /root/exempt_ips.txt
cd /usr/local/directadmin/scripts/custom wget -O brute_force_notice_ip.sh http://files.directadmin.com/services/all/brute_force_notice_ip.sh chmod 700 brute_force_notice_ip.sh 

That’s the install completed. You can now configure CSF from DirectAdmin as required.

How was this article?

You might also like

Plesk

How To Setup CSF Firewall Plesk Servers

February 25, 2021

All About Linux

Useful CSF Commands to manage your firewall

September 25, 2019

cPanel Dedicated Servers Linux VPS Servers

How to install CSF to your VPS or dedicated server

March 11, 2016

More from DirectAdmin

How To Connect Your cPanel Server To A SmartHost Relay

Posted On February 10, 2021 F2H.Cloud 1

A smarthost relay is an external SMTP server that you can connect to your cPanel server. The smarthost will deal …

How To Install Imunify360 cPanel & DirectAdmin Servers

Posted On January 22, 2021 F2H.Cloud 0

How To Install Imunify360 cPanel & DirectAdmin ServersImunify360 is a fantastic tool to have in your server toolkit. It's a …

How to Install SpamAssassin DirectAdmin

Posted On August 13, 2019 F2H.Cloud 0

Install SpamAssassin DirectAdmin Install SpamAssassin on a DirectAdmin server will help keep spam to a minimum. Much like on cPanel servers …

Editor Picks

Compatible OS Versions – Linux KVM NVMe VPS

August 6, 2020 0

How To WordPress Prevent Website Hacks

January 8, 2020 0

Set up a website on an Ubuntu using Apache Virtual Hosts

January 30, 2019 0

Create Docker Container And The Basic Docker Commands

September 14, 2018 1