CSF Firewall

csf Firewall от ConfigServer

updated: 19.02.2009

Достаточно продвинутый скрипт. Имеет множество функций и работает практически под всеми версиями linux (RedHat/CentOS/Fedora, OpenSUSE, debian/Ubuntu,Mandriva 2009)

Возможности:

• Straight-forward SPI iptables firewall script
• Daemon process that checks for login authentication failures for:
  • Courier imap, Dovecot, uw-imap, Kerio
  • openSSH
  • cPanel, WHM, Webmail (cPanel servers only)
  • Pure-pftd, vsftpd, Proftpd
  • Password protected web pages (htpasswd)
  • Mod_security failures (v1 and v2)
  • Suhosin failures
  • exim SMTP AUTH
  • Custom login failures with separate log file and regular expression matching
• POP3/IMAP login tracking to enforce logins per hour
• SSH login notification
• SU login notification
• Excessive connection blocking
• UI Integration for cPanel, directadmin and Webmin
• Easy upgrade between versions from within cPAnel/WHM, DirectAdmin or Webmin
• Easy upgrade between versions from shell
• Pre-configured to work on a cPanel server with all the standard cPanel ports open
• Pre-configured to work on a DirectAdmin server with all the standard DirectAdmin ports open
• Auto-configures the SSH port if it's non-standard on installation
• Block traffic on unused server IP addresses – helps reduce the risk to your server
• Alert when end-user scripts sending excessive emails per hour – for identifying spamming scripts
• Suspicious process reporting – reports potential exploits running on the server
• Excessive user processes reporting
• Excessive user process usage reporting and optional termination
• Suspicious file reporting – reports potential exploit files in /tmp and similar directories
• Directory and file watching – reports if a watched directory or a file changes
• Block traffic on the DShield Block List and the Spamhaus DROP List
• BOGON packet protection
• Pre-configured settings for Low, Medium or High firewall security (cPanel servers only)
• Works with multiple ethernet devices
• Server Security Check – Performs a basic security and settings check on the server (via cPanel/DirectAdmin/Webmin UI)
• Allow Dynamic DNS IP addresses – always allow your IP address even if it changes whenever you connect to the internet
• Alert sent if server load average remains high for a specified length of time
• mod_security log reporting (if installed)
• Email relay tracking – tracks all email sent through the server and issues alerts for excessive usage (cPanel servers only)
• IDS (Intrusion Detection System) – the last line of detection alerts you to changes to system and application binaries
• SYN Flood protection
• Ping of death protection
• Port Scan tracking and blocking
• Permanent and Temporary (with TTL) IP blocking
• Exploit checks
• Account modification tracking – sends alerts if an account entry is modified, e.g. if the password is changed or the login shell
• Shared syslog aware

Передустановкой следует удалить скрипты apf+BFD, если они используются.

Установка проста: скачиваем последний архив, распаковываем и запускаем файл install.sh

wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

После установки следует поправить конфиг фаирвола “под себя”.

…. продолжение следует ….