Skip to main content

CWP: How to Increase your Server Security using CSF Firewall on CentOS 7

Access CSF UI on your browser with the specified port and click on "Check Server Security" ,
After that now check the report below:

# vi /etc/ssh/sshd_config

Port 22XX
UseDNS no

# systemctl restart sshd
allow the new ssh port on CSF firewall
# vi /etc/my.cnf
[mysqld]
local-infile=0 
# systemctl restart mariadb
You can also enable 'RESTRICT_SYSLOG option check, LF_POP3D option check, LF_IMAPD option check, SYSLOG_CHECK option check, RESTRICT_UI option check, Check SSH PasswordAuthentication'.  This option helps prevent brute force attacks on your server services

Important setting for me :
# cd /usr/local/csf/bin/
# perl csftest.pl

#vi /etc/csf/csf.conf
TESTING = "0"

Don't Block IP addresses that are in the csf.allow files.
IGNORE_ALLOW = "1"

ICMP_IN = "1"
ICMP_OUT = "1"

LF_SSH_EMAIL_ALERT = "1"
LF_SU_EMAIL_ALERT = "1"

LF_ALERT_TO = "admin@datahead.biz"
LF_ALERT_FROM = "" 
#systemctl start csf
#systemctl start lfd

#systemctl enable csf
#systemctl enable lfd

Labels: Reactions:

Comments

Post a Comment

Thank you for reading Python Bangla | Python Programming Language ! Comments may take awhile for me to moderate! I'll post them as soon as I can and reply! If you haven't followed "Python Bangla | Python Programming Language " check the right side of my blog to do so!

Note: Only a member of this blog may post a comment.

Most Popular

CWP DNS Part 1 : How to Configure DNS properly for CentOS WebPanel on CentOS 7.6

After hosting my parent domain on CWP7.admin, I am getting dns error and i'm not able access my server using my server FQDN but i can access using my server IP.
So what can i do for that problem ?

Yes, you have to fix the error .

Environment Details:
Distro Name: CentOS Linux release 7.6.1810 (Core)
CentOS-Web Panel version: CWP7.admin
CWP version: 0.9.8.757
WebServer: Apache Only
FQDN: host.datahead.biz
IP: 192.120.10.3

1.Change Hostname Permanently:
# hostnamectl set-hostname host.datahead.biz# hostnamectl Static hostname: host.datahead.biz Icon name: computer-vm Chassis: vm Machine ID: 7400071490ea4f7d931374824ad4b52c Boot ID: 6e1f2d76495d4b318c25c4a1195aa130 Virtualization: vmware Operating System: CentOS Linux 7 (Core) CPE OS Name: cpe:/o:centos:centos:7 Kernel: Linux 3.10.0-862.14.4.el7.x86_64 Architecture: x86-64 It also writes this information to the /etc/hostname file as well.
# cat /etc/hostname host.d…
Post a Comment
Read more

CWP: How to Configure Let's Encrypt SSL Certificate for your server Hostname/FQDN on CWP7.admin

I wrote a blog on http://forum.centos-webpanel.com regarding Let's Encrypt SSL Certificate for CentOS Web Panel when "Letsencrypt Manager"  option was exist under Apache Settings >> Letsencrypt Manager >> Install Letsencrypt .

At Present CWP Team has been removed "Letsencrypt Manager"  that's why it will not renew any cert automatic . They made Auto SSL by default but Auto SSL grade is B and I'm not satisfied with Auto SSL.

Previous Article Link Install Letsencrypt SSL Certificate for your Server Hostname/FQDN, 100% Working 

N.B: I am using the below cipherlist 
https://cipherli.st/
https://mozilla.github.io/server-side-tls/ssl-config-generator/
https://wiki.mozilla.org/Security/Server_Side_TLS

So now I am writing this solution again for all of guys and I hope that it will be 100% working again on your CentOS-Webpanel as mine .

Environment Details:
CPU Model: Intel(R) Xeon(R) CPU X3440 @ 2.53GHz
CPU Details: 2 Core (2527 MHz)
Distro Name: Ce…
Post a Comment
Read more