Replacing CSF / LFD with UFW and OSSEC

UFW and OSSEC active response. In my quest to see if I would like to replace Debian with all of its third party tooling with more up-to-date Ubuntu servers (also with third party tooling), I’ll dedicate the next couple of posts to cross off this list. Starting at the top, today I’ll be replacing CSF…

Continue Reading

Debian DirectAdmin installation – Firewall followup

Our basis for DirectAdmin is pretty secure now after installing the firewall and AppArmor. Check out this followup though. After the CSF/LFD firewall installation on Debian, we also need to tweak some essential settings from the DirectAdmin console. It’s not too complicated, but nevertheless important. You can now login at https://yourserver.yourdomain.com:2222 with the credentials that…

Continue Reading

Debian DirectAdmin installation – AppArmor

This is a great followup on the previous firewall post: getting AppArmor to play nice with DirectAdmin and secure it some more. AppArmor has been subject of one or more posts before but since this some while ago, I’ll start with the basics how to set it up. It’s like SELinux, which I like a…

Continue Reading

Debian DirectAdmin installation – Firewall

After a couple of easy ones, now a bit more work. To secure our DirectAdmin enabled server, we’re installing the CSF/LFD Firewall by Configserver which has DirectAdmin special software. I must say, I’m using CSF/LFD now for a couple of months, and have a love / hate relationship with it. On the one hand it…

Continue Reading

CSF / LFD regular expressions

In my last post I talked about two additions on my existing CSF / LFD configurations. The first one was a more transparent approach to the login failure deamon. The second one is regular expressions to stop malicious IPs that aren’t being stopped via the build-in mechanism. Simply put: not all attacks are recognized as…

Continue Reading

CSF / LFD brute force settings

Not too long ago I wrote about being pretty happy with CSF / LFD as a replacement for my firewalld or ufw firewall. Using it for a while now, there are two additions I want to make. The first addition is a more granular and universal approach to the brute force mechanism (the LFD part,…

Continue Reading

CSF / LFD Firewall and Security on Debian 9

For my work I had to setup a DirectAdmin server (which was a great pain to setup perfect) and I was bothered by enormous amounts of brute force attempts, mostly on Exim ports. First thing on the agenda was of course look for a way to block these fuckers and in comes the CSF /LFD…

Continue Reading