Howto install ConfigServer Security & Firewall

Satu lagi tools yang harus atau musti di install di server
untuk membantu mengawasi server
heheheh
gw dapet tools ini dari temen gw dextone
pertama dia yang install di mesin yang online

dan gw coba di local dengan hasil seperti ini

syarat utama Harus di jalankan dari root :d

download csf
wget -bc http://www.configserver.com/free/csf.tgz
extrak file hasil download dgn perintah “tar -xzf csf.tgz”
jalankan perintah berikut atau bisa baca manualnya
cd csf
sh install.sh

kemudian akan muncul hasil ini
[root@****** csf]# sh install.sh

Configuring for OS

Checking for perl modulesok

Running csf generic installer

Installing generic csf and lfd

Check we’re running as root

`loadalert.txt’ -> `/etc/csf/loadalert.txt.new’
`portscan.txt’ -> `/etc/csf/portscan.txt.new’
`lfdcron.sh’ -> `/etc/cron.d/lfdcron.sh’
`csf.pl’ -> `/etc/csf/csf.pl’
`csfui.pl’ -> `/etc/csf/csfui.pl’
`csftest.pl’ -> `/etc/csf/csftest.pl’
`lfd.pl’ -> `/etc/csf/lfd.pl’
`regex.pm’ -> `/etc/csf/regex.pm’
`servercheck.pm’ -> `/etc/csf/servercheck.pm’
`readme.txt’ -> `/etc/csf/readme.txt’
`sanity.txt’ -> `/etc/csf/sanity.txt’
`changelog.txt’ -> `/etc/csf/changelog.txt’
`install.txt’ -> `/etc/csf/install.txt’
`version.txt’ -> `/etc/csf/version.txt’
`license.txt’ -> `/etc/csf/license.txt’
`uninstall.generic.sh’ -> `/etc/csf/uninstall.sh’
`remove_apf_bfd.sh’ -> `/etc/csf/remove_apf_bfd.sh’
`lfd.sh’ -> `/etc/init.d/lfd’
`csf.sh’ -> `/etc/init.d/csf’
`Net/CIDR/Lite.pm’ -> `/etc/csf/Net/CIDR/Lite.pm’
`Sys/Hostname/Long.pm’ -> `/etc/csf/Sys/Hostname/Long.pm’
`File/Type/Builder.pm’ -> `/etc/csf/File/Type/Builder.pm’
`File/Type.pm’ -> `/etc/csf/File/Type.pm’
`IP/Authority/auth.gif’ -> `/etc/csf/IP/Authority/auth.gif’
`IP/Authority/._ipauth.gif’ -> `/etc/csf/IP/Authority/._ipauth.gif’
`IP/Authority/ipauth.gif’ -> `/etc/csf/IP/Authority/ipauth.gif’
`IP/Authority/._auth.gif’ -> `/etc/csf/IP/Authority/._auth.gif’
`IP/Country.pm’ -> `/etc/csf/IP/Country.pm’
`IP/._Authority.pm’ -> `/etc/csf/IP/._Authority.pm’
`IP/Countries.pm’ -> `/etc/csf/IP/Countries.pm’
`IP/Country/Medium.pm’ -> `/etc/csf/IP/Country/Medium.pm’
`IP/Country/MaxMind.pm’ -> `/etc/csf/IP/Country/MaxMind.pm’
`IP/Country/._Medium.pm’ -> `/etc/csf/IP/Country/._Medium.pm’
`IP/Country/Fast/ip.gif’ -> `/etc/csf/IP/Country/Fast/ip.gif’
`IP/Country/Fast/cc.gif’ -> `/etc/csf/IP/Country/Fast/cc.gif’
`IP/Country/Fast/._cc.gif’ -> `/etc/csf/IP/Country/Fast/._cc.gif’
`IP/Country/Fast/._ip.gif’ -> `/etc/csf/IP/Country/Fast/._ip.gif’
`IP/Country/._Slow.pm’ -> `/etc/csf/IP/Country/._Slow.pm’
`IP/Country/._Fast.pm’ -> `/etc/csf/IP/Country/._Fast.pm’
`IP/Country/Fast.pm’ -> `/etc/csf/IP/Country/Fast.pm’
`IP/Country/._MaxMind.pm’ -> `/etc/csf/IP/Country/._MaxMind.pm’
`IP/Country/Slow.pm’ -> `/etc/csf/IP/Country/Slow.pm’
`IP/Authority.pm’ -> `/etc/csf/IP/Authority.pm’
mode of `/etc/csf/uninstall.sh’ changed to 0700 (rwx——)
mode of `/etc/csf/csf.pl’ changed to 0700 (rwx——)
mode of `/etc/csf/csfui.pl’ changed to 0700 (rwx——)
mode of `/etc/csf/csftest.pl’ changed to 0700 (rwx——)
mode of `/etc/csf/servercheck.pm’ changed to 0700 (rwx——)
mode of `/etc/csf/lfd.pl’ changed to 0700 (rwx——)
mode of `/etc/init.d/lfd’ changed to 0700 (rwx——)
mode of `/etc/init.d/csf’ changed to 0700 (rwx——)
mode of `/etc/cron.d/lfdcron.sh’ changed to 0644 (rw-r–r–)
mode of `/etc/cron.d/csfcron.sh’ retained as 0644 (rw-r–r–)
ln: creating symbolic link `/usr/sbin/csf’: File exists
ln: creating symbolic link `/usr/sbin/lfd’: File exists

TCP ports currently listening for incoming connections:
24,53,80,111,443,3306,10000,47192

UDP ports currently listening for incoming connections:
53,67,111,631,632,659,5353,10000,44611,48155

Note: The port details above are for information only, csf hasn’t been auto-configured.

Don’t forget to:
1. Configure the TCP_IN, TCP_OUT, UDP_IN and UDP_OUT options in the csf configuration to suite your server
2. Restart csf and lfd
3. Set TESTING to 0 once you’re happy with the firewall

Installation Completed

Setelah selesai proses instalasi silahkan di test dengan perintah ini
[root@****** csf]# perl /etc/csf/csftest.pl
Testing ip_tables/iptable_filter…OK
Testing ipt_LOG…OK
Testing ipt_multiport/xt_multiport…OK
Testing ipt_REJECT…OK
Testing ipt_state/xt_state…OK
Testing ipt_limit/xt_limit…OK
Testing ipt_recent…OK
Testing ipt_owner…OK
Testing iptable_nat/ipt_REDIRECT…OK

RESULT: csf should function on this server

jika terdapat error. dan masih bisa di lanjtkan, maka lanjutkan saja
selama error tersebut bukan error yg fatal

Dan jika memang sudah pasang iptables
harus di remove iptables firewall nya

dan CSF ini sudah terintegrated ke webmin
jadi jika sudah install webmin
module ini akan langsung ke load di webmin

manual install..nemu di google

Webmin Module Installation/Upgrade
==================================

To install or upgrade the csf webmin module:

Install csf as above
Install the csf webmin module in:
  Webmin > Webmin Configuration > Webmin Modules >
  From local file > /etc/csf/csfwebmin.tgz > Install Module
  1. Hehehe mangstab… lanjutgan…😀

    • hihihih ….
      untuk sekedar saling mengingatkan …
      nice info to be shared

  2. dapat pesan sperti ini itu gmn bro?
    Testing iptable_nat/ipt_REDIRECT…FAILED [Error: iptables v1.3.5: can’t initialize iptables table `nat’: Table does not exist (do you need to insmod?)] – Required for MESSENGER feature

    • gue
    • January 11th, 2010

    Sepertinya bro bikin iptables yah bro ..
    sedangkan ini tutor utk configserver atau CSF
    coba lihat ke sini bro “http://www.howtoforge.com/forums/showthread.php?t=3196”

  3. @ganool
    libs iptables nya ga lengkap tuh😀

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: