How to Install ConfigServer & Firewall on a Virtualmin Box

by | Jun 12, 2024 | Technical Help, Web Hosting

Enhancing Your Virtualmin Security with ConfigServer & Firewall on Virtualmin

Server management security scenario depictionIn the world of server security, to install ConfigServer Security & Firewall (CSF) in Virtualmin stands out as a superior choice over the traditional tools like Fail2Ban and FirewallD Virtualmin comes standard with. CSF integrates seamlessly with Virtualmin, offering a comprehensive and user-friendly interface that simplifies the management of your server’s security. Unlike the piecemeal approach of using Fail2Ban for intrusion detection and FirewallD for firewall management, CSF provides an all-in-one solution, making it easier to configure, monitor, and maintain robust security settings. This not only enhances your server’s protection but also streamlines your administrative tasks, giving you more control and peace of mind.

Follow these steps to install ConfigServer & Firewall (CSF) on a Virtualmin server and remove Fail2Ban and FirewallD

Prerequisites

Minimal Debian 12.5 Installation:

      • Ensure your Debian 12 system is fully updated by running this at your console or via PuTTY:
        apt-get update && apt-get upgrade
      • Ensure your Virtualmin control panel has been installed and is working

Step-by-Step Instructions

      1. Install wget (after a fresh installation of Debian 12, I discovered that wget was not present):
        apt-get install wget
      2. Download and Extract CSF (this process will bring the file into the directory you are in – which should be root’s home directory at this point) – and then the tar command will extract its contents to a csf directory):
        wget https://download.configserver.com/csf.tgz
        tar -xzf csf.tgz
      3. Install bind9-host (this was to prevent a warning I got while initially installing CSF in the following step):
        apt-get update
        apt-get install bind9-host
      4. Install CSF (change directory to the newly created csf directory where we can run the installation):
        cd csf
        sh install.sh
      1. Edit the csf.conf file (this will address warnings and other issues that were present at the end of the installation output when I did this):
            • Open the configuration file:
              nano /etc/csf/csf.conf
            • Modify the Testing flag – it enables a CRON job that clears iptables incase of configuration problems when you start CSF. This should be enabled until you are sure that the firewall works. Otherwise you can get locked out of your server!  Set it to 0 prior to restarting CSF:
              TESTING = "0"
              
            • I got a warning that indicated RESTRICT_SYSLOG is disabled. Syslog and rsyslog allow end-users to add fake log entries, making it hard to distinguish real logs from fake ones. This can cause false alerts and potentially block innocent IP addresses. Some CSF/LFD features rely on these logs, making them vulnerable to exploitation. To prevent this, you can enable the RESTRICT_SYSLOG option, which disables these vulnerable features. However, doing so may reduce protection against certain exploits. There are excruciating details in the file you need to edit this setting in. Here is how I set mine:
              RESTRICT_SYSLOG = "3"
              
            • Modify the TCP_IN and TCP_OUT lines to include your custom SSH port (I have non-standard port 2222 shown here as an example) and remove port 22. You also may need to add the range 35000:35999 so your backups will work using FTP should you need that:
              TCP_IN = "20,21,25,53,80,110,143,443,2222,35000:35999"
              TCP_OUT = "20,21,25,53,80,110,113,443,2222"
              
            • I used the same settings for IPv6 TCP ports, again with my 2222 example and set up to allow FTP to work from this box:
              TCP6_IN = "20,21,25,53,80,110,143,443,2222,35000:35999"
              TCP6_OUT = "20,21,25,53,80,110,113,443,2222"
              
            • I also got a warning after installing CSF that the binary location for [HOST] [/usr/bin/host] in /etc/csf/csf.conf is either incorrect, is not installed or is not executable. Mine looked like this in the OS Specific Settings section:
              HOST = "/usr/bin/host"
              
            • Now we just need to restart CSF and LFD to ensure all our settings changes are put into effect:
              csf -r
              systemctl restart lfd
              

    Integration into Webmin

    Now we are ready to actually integrate ConfigServer & Firewall (CSF) into the Webmin interface. This will make access easy for controlling it from within Webmin itself. The only thing I have noticed that’s unavailable in my Webmin interface is the ability to modify the settings in the /etc/csf/csf.conf file. I still have to modify any settings in there using nano (my favorite Linux text editor). I will explore this later and see if there is a solution or if I have missed a setting someplace.

      1. Integrate CSF with Webmin:
        • Log in to Webmin.
        • Navigate to Webmin Configuration -> Webmin Modules.
        • Select From local file and enter the path /usr/local/csf/csfwebmin.tgz.
        • Click Install Module.
      2. Remove Fail2Ban:
        apt-get purge fail2ban
        rm -rf /etc/fail2ban
      3. Remove FirewallD:
        apt-get purge firewalld
        rm -rf /etc/firewalld
      4. Restart Webmin:
        systemctl restart webmin
      5. Verify and Configure CSF in Webmin:
        • Log in to Webmin.
        • Navigate to System -> ConfigServer Security & Firewall.
        • Check it can be viewed through there.
      6. Remove FirewallD and Fail2Ban in Webmin:
        • Log in to Webmin.
        • Navigate to Webmin -> Webmin Configuration > Webmin Modules > Delete.
        • Select the following by clicking on them and holding down your CTRL key:
          Fail2Ban Intrusion Detector
          FirewallD
          Linux Firewall
          Linux IPv6 Firewall
        • Click on the Delete Selected Modules.

    Following the steps steps above should have helped you to have ConfigServer & Firewall (CSF) installed and properly configured on your Virtualmin box, with Fail2Ban and FirewallD (as well as Linux Firewall and Linux IPv6 Firewall entries) removed to avoid conflicts.

    To learn more about the Virtualmin web server control panel, check out their website at this address:
    https://www.virtualmin.com/

    And to learn more specifically about ConfigServer & Security (CSF) web server security software at this address:
    https://configserver.com/configserver-security-and-firewall/

CLICK HERE to find your domain name!   CLICK HERE to transfer your domain name!

Archives

Tags

24 hour (1) Accessibility (2) Accounting (1) Advertising (16) AdWare (1) Alex Johnson (2) Alignment (1) Android (2) Anti-Virus (1) Antivirus (1) Antrim Computer Repair and Service (3) APC Back-UPS (1) Appearance (2) Apple Mail (4) Apple Mobile Mail (2) Attachments (1) Audit (1) Authorized (1) Autoresponder (5) Availability (1) Backups (1) Badges (3) Bank Account (1) Bank Statement (1) Battery Backup (2) Better Business Bureau (3) Bob Hill (1) Bookkeeper (1) Branding (8) Budget (2) Business (29) Business Management (1) Catalog (1) Categories (1) Charles Oropallo (1) CharlesWorks (42) Cherryl Jensen (1) Chrome (1) CleanTalk (1) Cloud (1) Code (2) Communicating (1) Competition (1) Computer (2) Computer Cache (1) Computer Hardware (1) Computer Security (2) Constant Contact (1) Consultation (1) Contact Information (2) Content (1) Content Management (39) Content Management System (1) Copiers (1) Copy Machine (1) Coronavirus (2) Courteous (1) COVID-19 (3) Credibility (9) Credit Card (1) Credit Card Processing (1) CSS (9) Customer Service (2) Database (1) Debian (1) Design (49) Design Expertise (1) Desktop (1) Dialup (1) DirectAdmin (4) Directions (1) DIVI (7) DNS (2) Do-it-Yourself (1) Documentation (1) Domains (18) Domain Transfers (5) E-Commerce (1) ecommerce (1) Elementor (1) Email (65) Email Lists (4) Email Management (4) Email marketing (4) Etiquette (3) Eudora 6 (1) Exchange (1) Expanding (1) Facebook (2) Financial (1) Finish (1) Firefox (1) Fonts (1) Forms (2) Forms Protection (1) Fraud (2) Galaxy S4 (1) General Info (1) Gmail (1) GoDaddy (1) Google (1) Google Adwords Certified Partner (1) Google Chrome (2) Groups (1) Happy Holidays (1) Hardware Help (1) Hill Specialty Networks (1) Hosting (1) Images (1) IMAP (1) include (1) Infected (1) Information (36) insert pages (1) Internet Browsing Errors (1) Internet Consultant (1) Internet Explorer (1) Joomla! (1) Keywords (2) Laptop (1) Legibility (1) Linux (12) Logging on (1) Macintosh (1) Mail 6.0 (1) Mail 2011 (2) Make-Over (1) Malicious (1) Malware (1) Marketing (8) Matt Burke (3) MDaemon (3) MelbourneIT (2) menu (1) Merchant (1) meta (1) Microsoft (1) Microsoft Edge (1) Microsoft Hosted Exchange (5) Microsoft Live (2) Mobile Email Setup (1) Monadnock Region (1) Mozilla Firefox (2) MySQL (1) Nathan Wesley (1) Netscape (1) Netscape Messenger (1) Office Copiers (1) OfficeLive (1) Online (1) Outlook (9) Outlook 2010 (2) Outlook Express (1) PayPal (1) Pay Per Click (2) PC (1) Personal (1) Peter Harris (1) Peter Harris Creative (1) Phishing (2) PHP (3) pixel (1) plugins (1) Pop Email (1) Popularity (1) Portfolio (1) Power Grid Failure (1) PPC (1) Prevent Fraud (1) Privacy (1) Private (1) Product (6) products (1) Professional (6) Projects (2) Protect (1) Protection (1) QR codes (1) Quality (2) QuickBooks (1) Reconciliation (1) Reduce Risk (1) Register (1) Reliability (2) Renew (1) Reseller (2) Resolution (1) Restrict User Access (1) Results (1) Review (2) Risk (1) Robin Snow (1) Roundcube (1) Safe (1) Samsung (2) Scam (18) Scammer (18) Search (1) Search and Replace (1) Search Engine Optimization (SEO) (21) Security (28) Security Risk (1) Selling (1) Servers (2) Service (11) Shopping Cart (1) Site (1) SmarterMail (9) Social Engineering (1) Social Networking (1) Software (1) solar flares (1) Solutions for Today (1) Spam (1) Spam Filtering (16) Spammer (1) Spyware (2) SquirrelMail (1) SSL (8) Statistics (2) Stats (2) Stone Pond Technology (1) Storage (1) Support (1) Tablet (1) Target Market (1) Technical Help (1) Testimonials (9) The CW Corner (1) Thom Little (1) Thom Little Associates (1) Thunderbird (3) Thunderbird 10 (2) TLD (1) Topic (1) Top Level Domains (3) Transaction (2) Transfer Data (1) Transfer Funds (1) Typography (1) Update (2) Uploading (1) UPS System (2) Up to Date (1) Virtualmin (1) Virus (2) Viruses (1) Vista (1) Web (1) Web-Over (1) Web Development (102) Web Hoster (1) Web Hosting (2) Web Hosting Company (1) Webmail (8) Web Mail (1) Webmaster (10) Webmin (1) Web Presence (28) Website (114) Website Development (1) websites (2) Web Stats (1) Web terms (1) Web Writing (1) Windows 7 (2) Windows Mail (6) Windows XP (1) WooCommerce (6) WordPress (90) WordPress Updates (1) Working Remote (2) Writing (1) YouTube (1)
Protected by CleanTalk Anti-Spam