CSF / LFD brute force settings

lfdNot too long ago I wrote about being pretty happy with CSF / LFD as a replacement for my firewalld or ufw firewall. Using it for a while now, there are two additions I want to make.

The first addition is a more granular and universal approach to the brute force mechanism (the LFD part, or Login Failure Deamon).

It’s pretty simple, just make these small adjustments.

Better LFD configuration

We have we brute force protection on all kind of services and the defaults are probably not all that great. With these settings we make things more transparent. You can of course move some settings around per server role.

In the /etc/csf/csf.conf at the Login Failure Blocking and Alerts section:

LF_TRIGGER = "0"
LF_TRIGGER_PERM = "1"
LF_SELECT = "0"
LF_EMAIL_ALERT = "1"
LF_SSHD = "5"
LF_SSHD_PERM = "1"
LF_FTPD = "10"
LF_FTPD_PERM = "1"
LF_SMTPAUTH = "10"
LF_SMTPAUTH_PERM = "1"
LF_EXIMSYNTAX = "10"
LF_EXIMSYNTAX_PERM = "1"
LF_POP3D = "10"
LF_POP3D_PERM = "1"
LF_IMAPD = "10"
LF_IMAPD_PERM = "1"
LF_HTACCESS = "10"
LF_HTACCESS_PERM = "1"
LF_MODSEC = "10"
LF_MODSEC_PERM = "1"

That is all!

UPDATE: Regular expressions.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.