Difference between revisions of "Main Page"

From Wiki.onotech.org
Jump to: navigation, search
(For proFTPd)
(Passive mode issues)
Line 89: Line 89:
 
==FTP==
 
==FTP==
 
===Passive mode issues===
 
===Passive mode issues===
Determine which ftp service is in use; '''PureFTPd''' or '''proFTPd'''
+
====Determine which ftp service is in use==== '''PureFTPd''' or '''proFTPd'''
 
Then enable the use of passive ports for the FTP service being used.
 
Then enable the use of passive ports for the FTP service being used.
 
   
 
   
Line 97: Line 97:
 
Restart the services updated.
 
Restart the services updated.
 
Make sure that passive mode is open in the ftp config
 
Make sure that passive mode is open in the ftp config
====For PureFTPd====
+
=====For PureFTPd=====
 
backup the existing conf
 
backup the existing conf
 
  cp -va /etc/pure-ftpd.conf{,.$(date +"%m-%d-%Y").bak}
 
  cp -va /etc/pure-ftpd.conf{,.$(date +"%m-%d-%Y").bak}
Line 108: Line 108:
 
xor
 
xor
  
====For proFTPd====
+
=====For proFTPd=====
 
backup the existing conf
 
backup the existing conf
 
  cp -va /etc/proftpd.conf{,.$(date +"%m-%d-%Y").bak}
 
  cp -va /etc/proftpd.conf{,.$(date +"%m-%d-%Y").bak}
Line 114: Line 114:
  
 
add or modify to look something like this:  
 
add or modify to look something like this:  
  PassivePorts 30000 35000  
+
  PassivePorts 30000 35000
  
 
===Then open those ports in the firewall===
 
===Then open those ports in the firewall===

Revision as of 18:53, 1 October 2017

MediaWiki has been installed.

Consult the User's Guide for information on using the wiki software.

Wiki

Firewalls/Blocked IPs

APF

Blacklist

vim /etc/apf/deny_hosts.rules 

Whitelist

vim /etc/apf/allow_hosts.rules 

Config file

vim /etc/apf/conf.apf 

Restart

/etc/init.d/apf restart 

Flush IP Tables

iptables -F

CSF

Use CSF to grep the current rules for an IP

csf -g ip.add.re.ss

CSF uses maxmind geoip free databass to add Geo info to the logs. You can also manually query what CSf has stored locally, from command line:

csf -i ip.add.re.ss

Blacklist

vim /etc/csf/csf.deny 

Whitelist

vim /etc/csf/csf.allow 

Restart (both CSF and LFD)

csf -ra 

Configuration

vim /etc/csf/csf.conf 

login failure log

/var/log/lfd.log 

Fun output, IP address and the LFD trigger that got it blocked:

grep "*Blocked in csf*" /var/log/lfd.log | egrep -o '( (([0-9]{1,3}\.){3})[0-9]{1,3}|\[LF_.*)' | sed -e :a -e '$!N;s/\n\[/ \t==blocked for==\> \t\[/;ta' -e 'P;D' 


looks like

118.98.66.56    ==blocked for==> [LF_SMTPAUTH]
92.38.233.191   ==blocked for==> [LF_SSHD]
104.167.104.147 ==blocked for==> [LF_SSHD]
73.179.232.255  ==blocked for==> [LF_CPANEL]
118.163.76.38   ==blocked for==> [LF_SMTPAUTH]


cPHulk

Brute Force Protection deny/allow list edited through WHM

 Main >> Security Center >> cPHulk Brute Force Protection 

command line

Is it running?

/usr/local/cpanel/scripts/restartsrv_cphulkd --status 

stop and disable it

/usr/local/cpanel/etc/init/stopcphulkd
/usr/local/cpanel/bin/cphulk_pam_ctl --disable


Host Access Control

GUI in WHM (along with syntax/instructions):

Main >> Security Center >> Host Access Control

or edit the file directly:

/etc/hosts.allow 

keep in mind that there is

/etc/hosts.deny 

which WHM does not not touch, but this is another place IPs can be manually blocked


FTP

Passive mode issues

====Determine which ftp service is in use==== PureFTPd or proFTPd Then enable the use of passive ports for the FTP service being used.

By default the FTP configs will show/suggest using 30000 to 50000 this is an unnecessarily large range of ports to use open. Determine whether APF or CSF is in use. Then make sure the ports are open in the firewall. Restart the services updated. Make sure that passive mode is open in the ftp config

For PureFTPd

backup the existing conf

cp -va /etc/pure-ftpd.conf{,.$(date +"%m-%d-%Y").bak}
vim /etc/pure-ftpd.conf 

add or modify to look something like this

#Port range for passive connections replies. - for firewalling. 
PassivePortRange 30000 35000 

xor

For proFTPd

backup the existing conf

cp -va /etc/proftpd.conf{,.$(date +"%m-%d-%Y").bak}
vim /etc/proftpd.conf 

add or modify to look something like this:

PassivePorts 30000 35000

Then open those ports in the firewall

For CSF backup the existing conf

cp -va /etc/csf/csf.conf{,.$(date +"%m-%d-%Y").bak}
vim /etc/csf/csf.conf 


add

30000:35000 

(CSF's range syntax is a colon)


to the end of

# Allow incoming TCP ports
TCP_IN = "ports,moreports,otherports,30000:35000" 

xor

====For APF==== backup the existing conf

cp -va /etc/apf/conf.apf{,.$(date +"%m-%d-%Y").bak}
vim /etc/apf/conf.apf 

add

30000_35000

(APF's range syntax is an underscore) to the end of

# Common inbound (ingress) TCP ports 
IG_TCP_CPORTS="ports,moreports,otherports,30000_35000" 

check storm / smart server firewall! this might be blocking ports as well

As always remember to restart the services

/etc/init.d/pure-ftpd restart 

or

/etc/init.d/proftpd restart 

As well as APF or CSF