Integrasi csf firewall dengan webmin dan virtualmin pada centos

0
1270

halo sobat jago, kali ini saya akan memberikan sedikit tips untuk mempermudah kalian dalam maintenance server, yaitu dengan menggunakan plugin csf, plugin csf sendiri saya tahu dari cpanel dan terpikirlah tentu sangat berguna jika plugin ini saya terapkan pada server sekolahlinux.com, dan akhirnya berhasil :D,

pertama-tama saya beranggapan kalian sudah berhasil menginstall webmin dan virtualmin dan berjalan lancar.

setelah itu ikuti langkah dibawah ini, jangan lupa anda harus dalam mode su / root

Download CSF: http://www.configserver.com/cp/csf.html

wget https://download.configserver.com/csf.tgz
tar zxvf csf.tgz
cd csf
./install.sh

proses installasinya kurang lebih akan seperti ini

[root@sekolahlinux csf]# ./install.sh

Selecting installer...

Running csf generic installer

Installing generic csf and lfd

Check we're running as root

Checking Perl modules...mode of `os.pl' changed to 0700 (rwx------)
Using configuration defaults
ok

mkdir: created directory `/etc/csf'
mkdir: created directory `/var/lib/csf'
mkdir: created directory `/var/lib/csf/backup'
mkdir: created directory `/var/lib/csf/Geo'
mkdir: created directory `/var/lib/csf/ui'
mkdir: created directory `/var/lib/csf/stats'
mkdir: created directory `/var/lib/csf/lock'
mkdir: created directory `/var/lib/csf/webmin'
mkdir: created directory `/var/lib/csf/zone'
mkdir: created directory `/usr/local/csf'
mkdir: created directory `/usr/local/csf/bin'
mkdir: created directory `/usr/local/csf/lib'
mkdir: created directory `/usr/local/csf/tpl'
`csf.generic.conf' -> `/etc/csf/csf.conf'
`csf.allow' -> `/etc/csf/./csf.allow'
`csf.deny' -> `/etc/csf/./csf.deny'
`csf.redirect' -> `/etc/csf/./csf.redirect'
`csf.resellers' -> `/etc/csf/./csf.resellers'
`csf.dirwatch' -> `/etc/csf/./csf.dirwatch'
`csf.syslogs' -> `/etc/csf/./csf.syslogs'
`csf.logfiles' -> `/etc/csf/./csf.logfiles'
`csf.logignore' -> `/etc/csf/./csf.logignore'
`csf.blocklists' -> `/etc/csf/./csf.blocklists'
`csf.ignore' -> `/etc/csf/./csf.ignore'
`csf.generic.pignore' -> `/etc/csf/csf.pignore'
`csf.rignore' -> `/etc/csf/./csf.rignore'
`csf.fignore' -> `/etc/csf/./csf.fignore'
`csf.signore' -> `/etc/csf/./csf.signore'
`csf.suignore' -> `/etc/csf/./csf.suignore'
`csf.uidignore' -> `/etc/csf/./csf.uidignore'
`csf.mignore' -> `/etc/csf/./csf.mignore'
`csf.sips' -> `/etc/csf/./csf.sips'
`csf.dyndns' -> `/etc/csf/./csf.dyndns'
`csf.syslogusers' -> `/etc/csf/./csf.syslogusers'
`csf.smtpauth' -> `/etc/csf/./csf.smtpauth'
`alert.txt' -> `/usr/local/csf/tpl/./alert.txt'
`reselleralert.txt' -> `/usr/local/csf/tpl/./reselleralert.txt'
`logalert.txt' -> `/usr/local/csf/tpl/./logalert.txt'
`logfloodalert.txt' -> `/usr/local/csf/tpl/./logfloodalert.txt'
`syslogalert.txt' -> `/usr/local/csf/tpl/./syslogalert.txt'
`integrityalert.txt' -> `/usr/local/csf/tpl/./integrityalert.txt'
`exploitalert.txt' -> `/usr/local/csf/tpl/./exploitalert.txt'
`queuealert.txt' -> `/usr/local/csf/tpl/./queuealert.txt'
`tracking.txt' -> `/usr/local/csf/tpl/./tracking.txt'
`connectiontracking.txt' -> `/usr/local/csf/tpl/./connectiontracking.txt'
`processtracking.txt' -> `/usr/local/csf/tpl/./processtracking.txt'
`accounttracking.txt' -> `/usr/local/csf/tpl/./accounttracking.txt'
`usertracking.txt' -> `/usr/local/csf/tpl/./usertracking.txt'
`sshalert.txt' -> `/usr/local/csf/tpl/./sshalert.txt'
`webminalert.txt' -> `/usr/local/csf/tpl/./webminalert.txt'
`sualert.txt' -> `/usr/local/csf/tpl/./sualert.txt'
`consolealert.txt' -> `/usr/local/csf/tpl/./consolealert.txt'
`uialert.txt' -> `/usr/local/csf/tpl/./uialert.txt'
`cpanelalert.txt' -> `/usr/local/csf/tpl/./cpanelalert.txt'
`scriptalert.txt' -> `/usr/local/csf/tpl/./scriptalert.txt'
`relayalert.txt' -> `/usr/local/csf/tpl/./relayalert.txt'
`filealert.txt' -> `/usr/local/csf/tpl/./filealert.txt'
`watchalert.txt' -> `/usr/local/csf/tpl/./watchalert.txt'
`loadalert.txt' -> `/usr/local/csf/tpl/./loadalert.txt'
`resalert.txt' -> `/usr/local/csf/tpl/./resalert.txt'
`portscan.txt' -> `/usr/local/csf/tpl/./portscan.txt'
`uidscan.txt' -> `/usr/local/csf/tpl/./uidscan.txt'
`permblock.txt' -> `/usr/local/csf/tpl/./permblock.txt'
`netblock.txt' -> `/usr/local/csf/tpl/./netblock.txt'
`portknocking.txt' -> `/usr/local/csf/tpl/./portknocking.txt'
`forkbombalert.txt' -> `/usr/local/csf/tpl/./forkbombalert.txt'
`x-arf.txt' -> `/usr/local/csf/tpl/./x-arf.txt'
`regex.custom.pm' -> `/usr/local/csf/bin/./regex.custom.pm'
`pt_deleted_action.pl' -> `/usr/local/csf/bin/./pt_deleted_action.pl'
`messenger' -> `/etc/csf/./messenger'
`messenger/csf_small.png' -> `/etc/csf/./messenger/csf_small.png'
`messenger/index.text' -> `/etc/csf/./messenger/index.text'
`messenger/index.html' -> `/etc/csf/./messenger/index.html'
`ui' -> `/etc/csf/./ui'
`ui/images' -> `/etc/csf/./ui/images'
`ui/images/LICENSE.txt' -> `/etc/csf/./ui/images/LICENSE.txt'
`ui/images/cxs-loader.gif' -> `/etc/csf/./ui/images/cxs-loader.gif'
`ui/images/csf_small.png' -> `/etc/csf/./ui/images/csf_small.png'
`ui/images/cse_small.png' -> `/etc/csf/./ui/images/cse_small.png'
`ui/images/deliver.png' -> `/etc/csf/./ui/images/deliver.png'
`ui/images/icon.gif' -> `/etc/csf/./ui/images/icon.gif'
`ui/images/ip.png' -> `/etc/csf/./ui/images/ip.png'
`ui/images/plus.png' -> `/etc/csf/./ui/images/plus.png'
`ui/images/cxs.png' -> `/etc/csf/./ui/images/cxs.png'
`ui/images/cxs_small.png' -> `/etc/csf/./ui/images/cxs_small.png'
`ui/images/minus.png' -> `/etc/csf/./ui/images/minus.png'
`ui/images/viewdelivery.png' -> `/etc/csf/./ui/images/viewdelivery.png'
`ui/images/delete.png' -> `/etc/csf/./ui/images/delete.png'
`ui/images/perm.png' -> `/etc/csf/./ui/images/perm.png'
`ui/ui.allow' -> `/etc/csf/./ui/ui.allow'
`ui/ui.ban' -> `/etc/csf/./ui/ui.ban'
`ui/server.key' -> `/etc/csf/./ui/server.key'
`ui/server.crt' -> `/etc/csf/./ui/server.crt'
`lfd.logrotate' -> `/etc/logrotate.d/lfd'
`csfcron.sh' -> `/etc/cron.d/csf-cron'
`lfdcron.sh' -> `/etc/cron.d/lfd-cron'
`csf.pl' -> `/usr/sbin/csf'
`lfd.pl' -> `/usr/sbin/lfd'
`/etc/csf/csf.pl' -> `/usr/sbin/csf'
`/etc/csf/lfd.pl' -> `/usr/sbin/lfd'
`/etc/csf/csfui.pl' -> `/usr/local/csf/bin/csfui.pl'
`/etc/csf/csftest.pl' -> `/usr/local/csf/bin/csftest.pl'
`/etc/csf/pt_deleted_action.pl' -> `/usr/local/csf/bin/pt_deleted_action.pl'
`/etc/csf/remove_apf_bfd.sh' -> `/usr/local/csf/bin/remove_apf_bfd.sh'
`/etc/csf/uninstall.sh' -> `/usr/local/csf/bin/uninstall.sh'
`/etc/csf/regex.custom.pm' -> `/usr/local/csf/bin/regex.custom.pm'
`/etc/csf/webmin' -> `/usr/local/csf/lib/webmin'
`/etc/csf/alerts' -> `/usr/local/csf/tpl'
`uninstall.generic.sh' -> `/usr/local/csf/bin/uninstall.sh'
`csfui.pl' -> `/usr/local/csf/bin/csfui.pl'
`csfuir.pl' -> `/usr/local/csf/bin/csfuir.pl'
`cseui.pl' -> `/usr/local/csf/bin/cseui.pl'
`csftest.pl' -> `/usr/local/csf/bin/csftest.pl'
`regex.pm' -> `/usr/local/csf/bin/regex.pm'
`remove_apf_bfd.sh' -> `/usr/local/csf/bin/remove_apf_bfd.sh'
`readme.txt' -> `/etc/csf/readme.txt'
`sanity.txt' -> `/usr/local/csf/lib/sanity.txt'
`restricted.txt' -> `/usr/local/csf/lib/restricted.txt'
`changelog.txt' -> `/etc/csf/changelog.txt'
`install.txt' -> `/etc/csf/install.txt'
`version.txt' -> `/etc/csf/version.txt'
`license.txt' -> `/etc/csf/license.txt'
`webmin' -> `/usr/local/csf/lib/webmin'
`webmin/csf.tar.gz' -> `/usr/local/csf/lib/webmin/csf.tar.gz'
`webmin/csf' -> `/usr/local/csf/lib/webmin/csf'
`webmin/csf/images' -> `/usr/local/csf/lib/webmin/csf/images'
`webmin/csf/images/LICENSE.txt' -> `/usr/local/csf/lib/webmin/csf/images/LICENSE.txt'
`webmin/csf/images/csf_small.png' -> `/usr/local/csf/lib/webmin/csf/images/csf_small.png'
`webmin/csf/images/icon.gif' -> `/usr/local/csf/lib/webmin/csf/images/icon.gif'
`webmin/csf/images/ip.png' -> `/usr/local/csf/lib/webmin/csf/images/ip.png'
`webmin/csf/images/plus.png' -> `/usr/local/csf/lib/webmin/csf/images/plus.png'
`webmin/csf/images/minus.png' -> `/usr/local/csf/lib/webmin/csf/images/minus.png'
`webmin/csf/images/delete.png' -> `/usr/local/csf/lib/webmin/csf/images/delete.png'
`webmin/csf/images/loader.gif' -> `/usr/local/csf/lib/webmin/csf/images/loader.gif'
`webmin/csf/images/perm.png' -> `/usr/local/csf/lib/webmin/csf/images/perm.png'
`webmin/csf/index.cgi' -> `/usr/local/csf/lib/webmin/csf/index.cgi'
`webmin/csf/module.info' -> `/usr/local/csf/lib/webmin/csf/module.info'
`ConfigServer' -> `/usr/local/csf/lib/ConfigServer'
`ConfigServer/Sanity.pm' -> `/usr/local/csf/lib/ConfigServer/Sanity.pm'
`ConfigServer/Ports.pm' -> `/usr/local/csf/lib/ConfigServer/Ports.pm'
`ConfigServer/ServerCheck.pm' -> `/usr/local/csf/lib/ConfigServer/ServerCheck.pm'
`ConfigServer/ServerStats.pm' -> `/usr/local/csf/lib/ConfigServer/ServerStats.pm'
`ConfigServer/Config.pm' -> `/usr/local/csf/lib/ConfigServer/Config.pm'
`ConfigServer/LookUpIP.pm' -> `/usr/local/csf/lib/ConfigServer/LookUpIP.pm'
`ConfigServer/CheckIP.pm' -> `/usr/local/csf/lib/ConfigServer/CheckIP.pm'
`ConfigServer/Service.pm' -> `/usr/local/csf/lib/ConfigServer/Service.pm'
`ConfigServer/URLGet.pm' -> `/usr/local/csf/lib/ConfigServer/URLGet.pm'
`ConfigServer/Slurp.pm' -> `/usr/local/csf/lib/ConfigServer/Slurp.pm'
`ConfigServer/GetIPs.pm' -> `/usr/local/csf/lib/ConfigServer/GetIPs.pm'
`Net' -> `/usr/local/csf/lib/Net'
`Net/CIDR' -> `/usr/local/csf/lib/Net/CIDR'
`Net/CIDR/Lite.pm' -> `/usr/local/csf/lib/Net/CIDR/Lite.pm'
`Geo' -> `/usr/local/csf/lib/Geo'
`Geo/IP.pm' -> `/usr/local/csf/lib/Geo/IP.pm'
`Geo/IP' -> `/usr/local/csf/lib/Geo/IP'
`Geo/IP/Record.pm' -> `/usr/local/csf/lib/Geo/IP/Record.pm'
`Geo/IP/Record.pod' -> `/usr/local/csf/lib/Geo/IP/Record.pod'
`Geo/Mirror.pm' -> `/usr/local/csf/lib/Geo/Mirror.pm'
`Crypt' -> `/usr/local/csf/lib/Crypt'
`Crypt/CBC.pm' -> `/usr/local/csf/lib/Crypt/CBC.pm'
`Crypt/Blowfish_PP.pm' -> `/usr/local/csf/lib/Crypt/Blowfish_PP.pm'
`HTTP' -> `/usr/local/csf/lib/HTTP'
`HTTP/Tiny.pm' -> `/usr/local/csf/lib/HTTP/Tiny.pm'
`csf.div' -> `/usr/local/csf/lib/csf.div'
`csfajaxtail.js' -> `/usr/local/csf/lib/csfajaxtail.js'
`ui/images/LICENSE.txt' -> `/etc/csf/ui/./images/LICENSE.txt'
`ui/images/cxs-loader.gif' -> `/etc/csf/ui/./images/cxs-loader.gif'
`ui/images/csf_small.png' -> `/etc/csf/ui/./images/csf_small.png'
`ui/images/cse_small.png' -> `/etc/csf/ui/./images/cse_small.png'
`ui/images/deliver.png' -> `/etc/csf/ui/./images/deliver.png'
`ui/images/icon.gif' -> `/etc/csf/ui/./images/icon.gif'
`ui/images/ip.png' -> `/etc/csf/ui/./images/ip.png'
`ui/images/plus.png' -> `/etc/csf/ui/./images/plus.png'
`ui/images/cxs.png' -> `/etc/csf/ui/./images/cxs.png'
`ui/images/cxs_small.png' -> `/etc/csf/ui/./images/cxs_small.png'
`ui/images/minus.png' -> `/etc/csf/ui/./images/minus.png'
`ui/images/viewdelivery.png' -> `/etc/csf/ui/./images/viewdelivery.png'
`ui/images/delete.png' -> `/etc/csf/ui/./images/delete.png'
`ui/images/perm.png' -> `/etc/csf/ui/./images/perm.png'
`profiles' -> `/usr/local/csf/profiles'
`profiles/protection_low.conf' -> `/usr/local/csf/profiles/protection_low.conf'
`profiles/block_all_perm.conf' -> `/usr/local/csf/profiles/block_all_perm.conf'
`profiles/block_all_temp.conf' -> `/usr/local/csf/profiles/block_all_temp.conf'
`profiles/disable_alerts.conf' -> `/usr/local/csf/profiles/disable_alerts.conf'
`profiles/protection_high.conf' -> `/usr/local/csf/profiles/protection_high.conf'
`profiles/protection_medium.conf' -> `/usr/local/csf/profiles/protection_medium.conf'
`csf.conf' -> `/usr/local/csf/profiles/reset_to_defaults.conf'
`csf.1.txt' -> `/usr/local/man/man1/csf.1'
`csf.help' -> `/usr/local/csf/lib/csf.help'
chmod: cannot access `/var/log/lfd.log*': No such file or directory
mode of `/usr/local/csf/bin/cseui.pl' changed to 0700 (rwx------)
mode of `/usr/local/csf/bin/csftest.pl' changed to 0700 (rwx------)
mode of `/usr/local/csf/bin/csfui.pl' changed to 0700 (rwx------)
mode of `/usr/local/csf/bin/csfuir.pl' changed to 0700 (rwx------)
mode of `/usr/local/csf/bin/pt_deleted_action.pl' changed to 0700 (rwx------)
mode of `/usr/local/csf/bin/remove_apf_bfd.sh' changed to 0700 (rwx------)
mode of `/usr/local/csf/bin/uninstall.sh' changed to 0700 (rwx------)
mode of `/usr/local/csf/bin/regex.custom.pm' changed to 0700 (rwx------)
mode of `/usr/local/csf/bin/regex.pm' changed to 0700 (rwx------)
mode of `/etc/csf/csf.pl' retained as 0700 (rwx------)
mode of `/etc/csf/csftest.pl' retained as 0700 (rwx------)
mode of `/etc/csf/csfui.pl' retained as 0700 (rwx------)
mode of `/etc/csf/lfd.pl' retained as 0700 (rwx------)
mode of `/etc/csf/pt_deleted_action.pl' retained as 0700 (rwx------)
chmod: cannot access `/etc/csf/*.cgi': No such file or directory
failed to change mode of `/etc/csf/*.cgi' to 0000 (---------)
mode of `/etc/csf/remove_apf_bfd.sh' retained as 0700 (rwx------)
mode of `/etc/csf/uninstall.sh' retained as 0700 (rwx------)
chmod: cannot access `/etc/csf/*.php': No such file or directory
failed to change mode of `/etc/csf/*.php' to 0000 (---------)
chmod: cannot access `/etc/csf/*.py': No such file or directory
failed to change mode of `/etc/csf/*.py' to 0000 (---------)
mode of `/etc/csf/webmin/csf/index.cgi' changed to 0700 (rwx------)
mode of `/etc/cron.d/lfd-cron' changed to 0644 (rw-r--r--)
mode of `/etc/cron.d/csf-cron' changed to 0644 (rw-r--r--)
mode of `auto.generic.pl' changed to 0700 (rwx------)
`/etc/csf/csf.conf' -> `/var/lib/csf/backup/1429000036_pre_v7_67_upgrade'

TCP ports currently listening for incoming connections:
22,25,53,80,110,143,443,587,993,995,1723,3306,10000,20000

UDP ports currently listening for incoming connections:
53,631,5353,10000,20000

IPv6 TCP ports currently listening for incoming connections:
21,22,53,110,143,993,995

IPv6 UDP ports currently listening for incoming connections:
53

Note: The port details above are for information only, csf hasn't been auto-configured.

Don't forget to:
1. Configure the following options in the csf configuration to suite your server: TCP_*, UDP_*, IPV6, TCP6_*, UDP6_*
2. Restart csf and lfd
3. Set TESTING to 0 once you're happy with the firewall, lfd will not run until you do so
`lfd.sh' -> `/etc/init.d/lfd'
`csf.sh' -> `/etc/init.d/csf'
mode of `/etc/init.d/lfd' retained as 0755 (rwxr-xr-x)
mode of `/etc/init.d/csf' retained as 0755 (rwxr-xr-x)
`/etc/csf/csfwebmin.tgz' -> `/usr/local/csf/csfwebmin.tgz'

Installation Completed

oke jika sudah jalankan command ini untuk restart csfnya

/etc/init.d/csf restart

jalankan command ini untuk melihat apakah semua sudah ok

[root@sekolahlinux csf]# perl /usr/local/csf/bin/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK

RESULT: csf should function on this server

sekarang jika sudah oke tahapan selanjutnya yaitu menginstall module csf pada webmin 😀

masuk kedalam folder plugin csf.tgz yang tadi kita ekstrak

cd /home/sekolahlinux/csf/
cd webmin/
tar -cvf csfwebmin.tgz csf/

nanti setelah itu kita akan menginstall modulenya via webmin, untuk cara install via webmin bisa ikuti cara dibawah ini

Install the csf webmin module in:
  Webmin > Webmin Configuration > Webmin Modules >
  From local file > /home/sekolahlinux/csf/webmin/csfwebmin.tgz > Install Module
  Webmin > Refresh Modules

jika sudah maka kita tinggal konfigurasi dan rubah menjadi seperti dibawah

https://alamat_ip:10000 / Webmin >> System >> ConfigServer Security & Firewall >> Firewall Configuration

#ganti nilai yang ada menjadi seperti dibawah

TESTING = 0 #sebelumnya nilainya 1

RESTRICT_SYSLOG = 3 #sebelumnya nilainya 0

jika sudah paling bawah klik Change dan lalu klik Restart csf+lfd untuk melihat ip mana saja yang berhasil terjaring dan terblokir bisa dilihat di Firewall Deny IPs pada halam panel csf seperti dibawah ini, untuk mewhitelist ip yang kena block csf tinggal hapus langsung 1 baris ip beserta penjelasannya 😀

Screenshot

oke sekian tutorial kali ini 😀 semoga bermanfaat