CSF: Difference between revisions
(→Logs) |
|||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
CSF (Config Server Firewall) is an iptables management script and logging daemon. | CSF (Config Server Firewall) is an iptables management script and logging daemon. | ||
== Command Line Options == | == Command Line Options == | ||
| Line 5: | Line 6: | ||
<code>csf -h</code> - get help for CSF command line options | <code>csf -h</code> - get help for CSF command line options | ||
<code>csf - | <code>csf -g <i>IP_Address</i></code> - Look (grep) for an IP address to see if it's blocked | ||
<code>csf -a <i>IP_Address</i></code> - permanently allows the specified IP address | |||
<code>csf -d <i>IP_Address</i> "Your comment goes here"</code> - Blocks the specified IP address, comment tells why | |||
<code>csf -dr <i>IP_Address</i></code> - Removes a blocked IP from being blocked | |||
<code>csf -ra</code> - Restart CSF and LFD (leave off the a to restart just CSF) | <code>csf -ra</code> - Restart CSF and LFD (leave off the a to restart just CSF) | ||
== Configuration Files == | == Configuration Files == | ||
| Line 21: | Line 29: | ||
See [[Log Locations]] | See [[Log Locations]] | ||
LFD (the logging daemon component of CSF) by default sends e-mails to root. If you want to send the e-mails somewhere else, you have two options: | |||
- Specify an e-mail address in <code>LF_ALERT_TO =</code> in csf.conf | |||
- Setup a forwarder in WHM>>Server Contacts>>Edit System Mail Preferences (this is the preferred method for cPanel servers.) | |||
There is a third option. | |||
LFD stores all the alert templates in: <code>/etc/csf/alerts</code> | |||
If the <code>LF_ALERT_TO =</code> setting in csf.conf is blank, LFD will use the settings in the templates. | |||
You can change the "from" and "to" settings in these templates to change where the e-mails for each are delivered, but you have to modify each template (as opposed to changing them all at once in csf.conf) | |||
This does give you the option to specify a different e-mail address for each alert. | |||
== References == | == References == | ||
<ol> | <ol> | ||
<li> | <li>[http://thelinuxfaq.com/47-how-do-you-manage-configserver-firewall-csf Linux FAQ Manage CSF]</li> | ||
</ol> | </ol> | ||
Latest revision as of 05:09, 21 January 2017
CSF (Config Server Firewall) is an iptables management script and logging daemon.
Command Line Options
csf -h - get help for CSF command line options
csf -g IP_Address - Look (grep) for an IP address to see if it's blocked
csf -a IP_Address - permanently allows the specified IP address
csf -d IP_Address "Your comment goes here" - Blocks the specified IP address, comment tells why
csf -dr IP_Address - Removes a blocked IP from being blocked
csf -ra - Restart CSF and LFD (leave off the a to restart just CSF)
Configuration Files
CSF and LFD settings are stored in:
/etc/csf
csf.conf - main CSF configuration file
Logs
See Log Locations
LFD (the logging daemon component of CSF) by default sends e-mails to root. If you want to send the e-mails somewhere else, you have two options:
- Specify an e-mail address in LF_ALERT_TO = in csf.conf
- Setup a forwarder in WHM>>Server Contacts>>Edit System Mail Preferences (this is the preferred method for cPanel servers.)
There is a third option.
LFD stores all the alert templates in: /etc/csf/alerts
If the LF_ALERT_TO = setting in csf.conf is blank, LFD will use the settings in the templates.
You can change the "from" and "to" settings in these templates to change where the e-mails for each are delivered, but you have to modify each template (as opposed to changing them all at once in csf.conf)
This does give you the option to specify a different e-mail address for each alert.