Sidebar

freedom mafia professional internet gateway solution loadbalance vpn vps adsl ipcop network qos freedom mafia professional internet gateway solution loadbalance vpn vps adsl ipcop network qos

CSF - Firewall Installation & Configuration

Details
Knowledge Management
OS
Itsara Payuhakid (biew55)
05 May 2015
2063
  • Print
  • Email

 

The CSF (ConfigServer) firewall is a Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers.

 

The CSF comes with the LFD (Login Failure Daemon), which would detect any malicious login attempts to the server made through any of these -

 

* courier imap and pop3
* ssh
* non-ssl cpanel / whm / webmail
* pure-pftd
* password protected web pages (htpasswd)
* mod_security failures

 

This is an additional feature to the packet filtering. With this Firewall installed, the need for manual intervention reduces. In case, of Brute Force attempts, multiple failed login attempts, high server load, etc. the LFD will send notification emails. These email notifications are being generated to keep you informed about system health and possible signs of brute force, (d)DoS attack or unauthorized processes running. While most of the actions will be done automatically by CSF/LFD, it still would be a good idea to check these emails for cases where, say, unauthorized logins are happening or things like unauthorized processes running on the system.

Register to read more...

fixed directadmin LWP but perl module is not installed

Details
Knowledge Management
Web Hosting
Itsara Payuhakid (biew55)
01 May 2015
1913
  • Print
  • Email

yum -y install perl-libwww-perl.noarch   or

 For example:

On rpm based systems:

yum install perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch

On APT based systems:

apt-get install libwww-perl liblwp-protocol-https-perl

Via cpan:

perl -MCPAN -eshell
cpan> install LWP LWP::Protocol::https

We recommend setting this set to "2" as upgrades to csf will be performed
over SSL to https://download.configserver.com

Improved CAPsMAN Wireless Client Roaming

Details
Knowledge Management
Mikrotik
Itsara Payuhakid (biew55)
29 Mar 2015
2591
  • Print
  • Email

CAPsMAN is a very useful method of setting up a large number of APs (CAPs) in a building, but how can you help a client to roam better?  The problem is that clients can get “sticky”. They refuse to disconnect themselves from an AP, even though they have actually moved their location and are now much closer to another AP.  The client software seems to hang in there for dear life, despite having a very poor and low speed of connection, but it seems to decide, “some connection, no matter how bad, is better than none at all, but I will not check to see if there are any other APs that are stronger”. So they remain “stuck” to that distant AP, even though there is a better one nearby.  So what’s the solution?

 

Add a couple of Access-List rules to the CAPsMAN controller and you can then make the AP forcibly disconnect the client once it has reached a certain signal level.  The client, now having been kicked from the AP will be forced to re-scan and (hopefully) find another AP much stronger and connect to that one instead.  The only downside is that if a client device is leaving the building, they will be forcibly kicked and have no other AP to connect to.  (But this can be used as a security feature as it now limits the receiving range of your Wireless System on the edge of your building, thus reducing the distance they can be connected from.)

 

Here is a config script which sets the level to kick a client at -80dBm. Run this on the CAPsMAN controller router, not on any of the CAPs. Obviously the exact level chosen is up to you, but I find that -80dBm is not a bad starting position for experimentation.

/caps-man access-list
add action=accept interface=all signal-range=-80..120
add action=reject interface=all signal-range=-120..-81

centos setup command

Details
Knowledge Management
OS
Itsara Payuhakid (biew55)
22 Sep 2014
2036
  • Print
  • Email

I usually use “setup” to do the firewall setup for permissive or not and setting of SELINUX, etc….

But on a minimal install you don’t have access to setup command, which is my favorite

1 [root@tel ~]# setup
2 -bash: setup: command not found

So how to install it in minimal install ?

1 yum –y install setuptool
2 yum –y install system-config-network*
3 yum -y install system-config-firewall*
4 yum –y install system-config-securitylevel-tui
5 yum –y install system-config-keyboard

(thanks JoVeN for spell mistake)

For system services utility install ntsysv (as Perico suggested in the user comments)

1 yum -y install ntsysv

install iftop htop

Details
Knowledge Management
OS
Itsara Payuhakid (biew55)
22 Sep 2014
2229
  • Print
  • Email

wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
rpm -ihv rpmforge-release*.rf.x86_64.rpm

More Articles...

  1. How to Install Zend Optimizer or Ioncube on DirectAdmin
  2. Mikrotik Hotspot Authentication for IPv6 dual-stacked clients
  3. Mikrotik Firewall / Short Notes + Scripts
  4. Install And Maintain Kamailio v4.0.x Version From GIT
Page 4 of 7
  • Start
  • Prev
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • Next
  • End
VOIP Service “Communication is Key to any business success” VOIP System, XenMin Systems Co., Ltd. solutions by XMSThailand.com.