Ok so you need a firewall. Well we recommend using APF. The following are the instructions you need to install
1) Login to your box as root
2) Download the APF Source (current version 0.9.3.3) ...........
Can anyone recommend a firewall to install on my VPS using CentOS5.3.
Please explain why should I choose it or what are its advantages.
And do firewalls make your VPS slower by consuming some resources?
I am thinking about install CSF firewall (without cPanel or any control Panel) in the master (the dedicated is virtualized with OpenVZ).
I no have services (only the OpenVZ panel to manage -hypervm-) and no extra services. Only for increase secutiry on master and avoid security problems-related.
Its recomendable to use any firewall in Master? Could be problematic on future?
I need to open the vps ports in use on master firewall?
provider asks me not to install firewall?
I have a dedicated server
I wanted to install a firewall my provider told me I don't need one because they have iptables and if I want I can ask them to include an ip in there
what do they mean?
I don't need a firewall? will it harm if I install a firewall for myself?
I have read on this forums and google CSF seem to be the best firewall out there, so i installed it configure and run it. After the installation i found that i received a lot time out error on web service. Page take a lot longer to load. I think it's my configuration.
Can someone take a look at my configuration if possible please share your configuration. I really like to have CSF run without poor performance on web service.
TESTING = "0"
TESTING_INTERVAL = "5"
AUTO_UPDATES = "1"
ETH_DEVICE = "eth1"
ETH_DEVICE_SKIP = ""
TCP_IN = "20,21,22,25,53,80,110,143,443,465,953,993,995,2077,2078,2082,2083,2086,2087,2095,2096,8184"
TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,953,2087,2089,2703"
UDP_IN = "20,21,53,953"
UDP_OUT = "20,21,53,113,123,873,953,6277"
ICMP_IN = "1"
ICMP_OUT = "0"
SMTP_BLOCK = "1"
SMTP_ALLOWLOCAL = "0"
MONOLITHIC_KERNEL = "0"
DROP = "DROP"
DROP_LOGGING = "1"
DROP_IP_LOGGING = "1"
DROP_ONLYRES = "0"
DROP_NOLOG = "67,68,111,113,135:139,445,513,520"
PACKET_FILTER = "1"
DROP_PF_LOGGING = "0"
VERBOSE = "1"
SYSLOG = "0"
DYNDNS = "0"
RELAYHOSTS = "1"
DENY_IP_LIMIT = "100"
GLOBAL_ALLOW = ""
GLOBAL_DENY = ""
GLOBAL_IGNORE = ""
LF_GLOBAL = ""
LF_DAEMON = "1"
LF_TRIGGER = "0"
LF_TRIGGER_PERM = "1"
LF_SELECT = "1"
LF_SSHD = "3"
LF_SSHD_PERM = "1"
LF_FTPD = "3"
LF_FTPD_PERM = "1"
LF_SMTPAUTH = "3"
LF_SMTPAUTH_PERM = "1"
LF_POP3D = "5"
LF_POP3D_PERM = "1"
LF_IMAPD = "5"
LF_IMAPD_PERM = "1"
LF_HTACCESS = "5"
LF_HTACCESS_PERM = "300"
LF_MODSEC = "0"
LF_MODSEC_PERM = "1"
LF_CPANEL = "3"
LF_CPANEL_PERM = "3600"
LF_CSF = "1"
LF_SSH_EMAIL_ALERT = "1"
LF_SU_EMAIL_ALERT = "1"
LF_SCRIPT_ALERT = "1"
LF_SCRIPT_LIMIT = "100"
LF_SCRIPT_PERM = "0"
LF_DIRWATCH = "60"
LF_DIRWATCH_DISABLE = "1"
LF_DIRWATCH_FILE = "1"
LF_INTEGRITY = "3600"
LF_INTERVAL = "300"
LF_PARSE = "5"
LF_EMAIL_ALERT = "1"
LT_EMAIL_ALERT = "1"
LT_POP3D = "60"
LT_IMAPD = "0"
RT_RELAY_ALERT = "1"
RT_RELAY_LIMIT = "100"
RT_RELAY_BLOCK = "0"
RT_AUTHRELAY_ALERT = "1"
RT_AUTHRELAY_LIMIT = "100"
RT_AUTHRELAY_BLOCK = "0"
RT_POPRELAY_ALERT = "1"
RT_POPRELAY_LIMIT = "100"
RT_POPRELAY_BLOCK = "0"
RT_LOCALRELAY_ALERT = "1"
RT_LOCALRELAY_LIMIT = "100"
RT_LOCALRELAY_BLOCK = "0"
LF_DSHIELD = "86400"
LF_DSHIELD_URL = [url]
LF_SPAMHAUS = "86400"
LF_SPAMHAUS_URL = [url]
LF_BOGON = "86400"
LF_BOGON_URL = [url]
CT_LIMIT = "300"
CT_INTERVAL = "60"
CT_EMAIL_ALERT = "1"
CT_PERMANENT = "1"
CT_BLOCK_TIME = "1800"
CT_SKIP_TIME_WAIT = "0"
CT_STATES = ""
PT_LIMIT = "30"
PT_INTERVAL = "60"
PT_SKIP_HTTP = "0"
PT_USERPROC = "8"
PT_USERMEM = "100"
PT_USERTIME = "1800"
PT_USERKILL = "0"
PT_LOAD = "30"
PT_LOAD_AVG = "5"
PT_LOAD_LEVEL = "6"
PT_LOAD_SKIP = "3600"
PT_SMTP = "0"
IPTABLES = "/sbin/iptables"
MODPROBE = "/sbin/modprobe"
IFCONFIG = "/sbin/ifconfig"
SENDMAIL = "/usr/sbin/sendmail"
NETSTAT = "/bin/netstat"
PS = "/bin/ps"
FUSER = "/sbin/fuser"
VMSTAT = "/usr/bin/vmstat"
LS = "/bin/ls"
MD5SUM = "/usr/bin/md5sum"
TAR = "/bin/tar"
CHATTR = "/usr/bin/chattr"
HTACCESS_LOG = "/usr/local/apache/logs/error_log"
MODSEC_LOG = "/usr/local/apache/logs/error_log"
SSHD_LOG = "/var/log/secure"
SU_LOG = "/var/log/secure"
FTPD_LOG = "/var/log/messages"
SMTPAUTH_LOG = "/var/log/exim_mainlog"
SMTPRELAY_LOG = "/var/log/exim_mainlog"
POP3D_LOG = "/var/log/maillog"
IMAPD_LOG = "/var/log/maillog"
CPANEL_LOG = "/usr/local/cpanel/logs/login_log"
SCRIPT_LOG = "/var/log/exim_mainlog"
I heard that CSF firewall will block the ips but still its useful to install? or is there any other method to stop to automatically block the ips from csf? Just want to know about it.
View 14 Replies View RelatedI'm in the process of installing PPA on infrastructure running Parallels Cloud Server. Each container has 2 interfaces, one public facing and a private interface for inter-server communication.
No problems installing PPA 11.5 (specifying IP's on commandline) or adding service nodes however, the firewall rules the documentation speaks of are nowhere to be seen? i.e.:
Important: After the installation, PPA creates the special firewall chain PPA-SN-Rules-INPUT used for communication with service nodes. Do not change it, otherwise, you will not be able to add service nodes to PPA.Click to expand...
Has this been dropped from PPA 11.5 ? (I recall seeing the firewall settings in 11.1) There is also no sign of the ppa.firewall tool that is also mentioned.
The only rule I see inserted is for Postgres on the management node, and 2 for pleskd on all of the nodes (open to world!).
Do you recommend a software firewall when behind a hardware firewall?
All of our servers are behind Cisco ASA 5505 firewalls which we rent from Liquidweb. All are being managed correctly and setup to there optimal levels. With hardware firewalls firmly in place, do you still recommend a software firewall such as APF or IPTables (we're talking linux); in our opinion we see it as an extra administration overhead. If this is however untrue, we will change out thinking.
I recently found out the hard way that cPanel cannot run behind firewall using NAT, I got pretty far in configuring the server but I ran into major issues when it came to SSL and gave up!
Anyway, I current have one cPanel server with CSF and IFD which is working great (I guess), but what happens when I want to move all my server over to cPanel? Will I need CSF/IFD installed on the servers? This seems really impractical and a nightmare to administer. What firewall can I use so that all my cPanel servers can sit behind it?
Any input would be much appreciated as I cannot seem to find a solution, everything seems to have a catch!
I entered Virtouzza, and sounded good to enable firewall, once i enable firewall, WHM/Cpanel was down.
and there isn't a button to disable it back.
I've found a dedicated server at a great price and plan to stick with it, my first ( already have 2 vps accounts ). I don't have the money for a hardware firewall. However, I do have a chance to renew a Kerio WinRoute Firewall license from way back.
Does anyone think this would be better than the default windows 2003 firewall?
how i can install imagemagick on cPanel VPS?
View 7 Replies View RelatedI have tried my best to install cpanel on a fresh new CentOS 5.2 server.
But everytime failed,it take me about 5 hours to install.
And I find no cpanel service is installed.
I think re-install is also no use.
i am running a VPS and recently installed cPanel DNS Only so it can operate as a standalone DNS server.
I would also like to serve standard webpages on it via apache and php, i therefore tired to install php, mysql etc via 'yum install php' but it says there is no package to be installed.
Has the cPanel DNS only install done someting to the yum config? I have installed Yum Priorities plugin, and my repos files are as follows:
Code:
root@stripe [~]# yum list installed | grep httpd
httpd.i386 2.2.3-22.el5.centos.1 installed
root@stripe [~]# yum list installed | grep php*
root@stripe [~]# cat /etc/yum.repos.d/CentOS-Base.repo
# CentOS-Base.repo
#
# This file uses a new mirrorlist system developed by Lance Davis for CentOS.
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#
[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=1
#released updates
[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=1
#packages used/produced in the build but not released
[addons]
name=CentOS-$releasever - Addons
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=addons
#baseurl=http://mirror.centos.org/centos/$releasever/addons/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=1
i worrying about WHM/CPanel login without SSL, it possible to install SSL?
View 5 Replies View Relatedi have install modsecurity by WHM > Manage Plugins > check Name: modsecurity and save .and so without error its complite .
and restart my apache.
but i cant finde it in phpinfo and my Plugins in whm
I'm not experienced with linux or web hosting software and I want to find a way to get my cPanel or WHM to send the backups it does to my amazon s3 storage account.
Now I know this can be done as I've see lots of places around the web talk about it. I'm not experienced enough to do it so to just get it done and setup I'm willing to pay someone.
My VPS is at ServInt.net running on Centos5 with WHM/cPanel.
Has anybody ever had this error in CPanel 11 SSL Manager? How did you solve it? We used the CA Bundle supplied by Comodo. We tried installing SSL with Comodo and the CA Bundle isn't installing at all. Is this an issue with the server?
The CRT itself installs fine so it looks OK from web browsers - but not Google Checkout.
Error in CPanel:
=====
Verifcation Result [/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=[url] error 2 at 3 depth lookup:unable to get issuer certificate]
====
As a result, Google Checkout refuses to calculate shipping:
--------------------
SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086: SSL routines: func(144): reason(134)
--------------------
I tried manually with curl (Google Checkout uses curl) and it says:
~: curl [url]
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086SL routinesSL3_GET_SERVER_CERTIFICATE:certificate verify failed
to install SSL certificate to my site using Cpanel. I dont know anything about it and have zero idea. I am open to hear all of you, are know about SSL installation.
View 1 Replies View RelatedI have a server without cpanel and it have this partition details :
Code:
server-rescue / # df -h
Filesystem Size Used Avail Use% Mounted on
192.168.0.1:/nfsroot/gentoo
228G 134G 82G 63% /
none 1.9G 56K 1.9G 1% /mnt/unionfs/etc
none 230G 134G 84G 62% /etc
none 1.9G 720K 1.9G 1% /mnt/unionfs/var
none 230G 134G 84G 62% /var
none 1.9G 0 1.9G 0% /mnt/unionfs/root
none 230G 134G 84G 62% /root
none 1.9G 4.0K 1.9G 1% /tmp
udev 1.9G 160K 1.9G 1% /dev
shm 1.9G 0 1.9G 0% /dev/shm
/dev/sda2 226G 28G 187G 13% /mnt/sysimage
what I can do for this partition before start Cpanel Install?
i have fedora core 4
i run sh latest
but take me error :
____ _
___| _ __ _ _ __ ___| |
/ __| |_) / _` | '_ / _ |
| (__| __/ (_| | | | | __/ |
\___|_| \__,_|_| |_|\___|_|
Installer Version 11.4.0
grep: /etc/yum.conf: No such file or directory
grep: /etc/yum.conf: No such file or directory
Your operating system's rpm update method (yum) was not able to locate the glibc package. This is an indication of an improper setup. You must correct this error before you can proceed.
Is it possible to install Plesk 12 to Debian Jessie with the autoinstall script?
View 7 Replies View Relatedhow to install shared ssl in cpanel server
View 2 Replies View RelatedI receive my server tha preinstall diectadmin. May I know is it possible I remove the directmin adn install the cpanel without format the drive?
View 7 Replies View RelatedHow to install mrtg on a cpanel server?
I followed the tutorial on [url]but it didn't work
how to install mod_top on a Cpanel / Centos box?
[url]
This does not work (gives off errors such as file or dir not found)