Author Topic: CSF is blocked httpd and emails  (Read 7930 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
CSF is blocked httpd and emails
« on: October 19, 2018, 07:35:16 AM »
hello here my csf.conf file content, this config broke my httpd and emails where is problem?


TESTING = "0"
TESTING_INTERVAL = "5"
RESTRICT_SYSLOG = "1"
RESTRICT_SYSLOG_GROUP = "mysyslog"
RESTRICT_UI = "1"
AUTO_UPDATES = "1"
LF_SPI = "1"
TCP_IN = "20,21,22,25,80,110,143,443,465,587,993,995,2030,2031,2082,2083,2086,2087,2095,2096,2304,2732"
TCP_OUT = "20,21,22,25,80,110,113,443,2030,2031,2082,2083,2086,2087,2095,2096,587,993,995,2304,2732"
UDP_IN = "20,21"
UDP_OUT = "20,21,113,123"
ICMP_IN = "1"
ICMP_IN_RATE = "1/s"
ICMP_OUT = "1"
ICMP_OUT_RATE = "0"
ICMP_TIMESTAMPDROP = "0"
IPV6 = "1"
IPV6_ICMP_STRICT = "0"
IPV6_SPI = "1"
TCP6_IN = "20,21,22,25,80,110,143,443,465,587,993,995,2030,2031,2082,2083,2086,2087,2095,2096,2732"
TCP6_OUT = "20,21,22,25,80,110,113,443,2030,2031,2082,2083,2086,2087,2095,2096,587,993,995"
UDP6_IN = "20,21"
UDP6_OUT = "20,21,113,123"
ETH_DEVICE = ""
ETH6_DEVICE = ""
ETH_DEVICE_SKIP = ""
USE_CONNTRACK = "1"
USE_FTPHELPER = "0"
SYSLOG_CHECK = "1800"
IGNORE_ALLOW = "0"
DNS_STRICT = "0"
DNS_STRICT_NS = "0"
DENY_IP_LIMIT = "200"
DENY_TEMP_IP_LIMIT = "100"
LF_DAEMON = "1"
LF_CSF = "1"
FASTSTART = "1"
LF_IPSET = "0"
WAITLOCK = "0"
WAITLOCK_TIMEOUT = "300"
LF_IPSET_HASHSIZE = "1024"
LF_IPSET_MAXELEM = "65536"
LFDSTART = "0"
VERBOSE = "1"
PACKET_FILTER = "1"
LF_LOOKUPS = "1"
STYLE_CUSTOM = "0"
STYLE_MOBILE = "1"
SMTP_BLOCK = "1"
SMTP_ALLOWLOCAL = "1"
SMTP_REDIRECT = "0"
SMTP_PORTS = "25,465,587"
SMTP_ALLOWUSER = ""
SMTP_ALLOWGROUP = "mail,mailman"
SMTPAUTH_RESTRICT = "0"
SYNFLOOD = "1"
SYNFLOOD_RATE = "50/s"
SYNFLOOD_BURST = "10"
CONNLIMIT = ""
PORTFLOOD = "25;tcp;150;5,80;tcp;150;5,3306;tcp;150;5"
UDPFLOOD = "0"
UDPFLOOD_LIMIT = "100/s"
UDPFLOOD_BURST = "500"
UDPFLOOD_ALLOWUSER = "named"
SYSLOG = "0"
DROP = "DROP"
DROP_OUT = "REJECT"
DROP_LOGGING = "1"
DROP_IP_LOGGING = "0"
DROP_OUT_LOGGING = "1"
DROP_UID_LOGGING = "1"
DROP_ONLYRES = "0"
DROP_NOLOG = "23,67,68,111,113,135:139,445,500,513,520"
CONNLIMIT_LOGGING = "0"
UDPFLOOD_LOGGING = "1"
LOGFLOOD_ALERT = "0"
LF_ALERT_TO = "server@sanalrenk.com.tr"
LF_ALERT_FROM = ""
LF_ALERT_SMTP = ""
BLOCK_REPORT = ""
UNBLOCK_REPORT = ""
X_ARF = "0"
X_ARF_FROM = ""
X_ARF_TO = ""
X_ARF_ABUSE = "0"
LF_PERMBLOCK = "1"
LF_PERMBLOCK_INTERVAL = "86400"
LF_PERMBLOCK_COUNT = "4"
LF_PERMBLOCK_ALERT = "1"
LF_NETBLOCK = "0"
LF_NETBLOCK_INTERVAL = "86400"
LF_NETBLOCK_COUNT = "4"
LF_NETBLOCK_CLASS = "C"
LF_NETBLOCK_ALERT = "1"
LF_NETBLOCK_IPV6 = ""
SAFECHAINUPDATE = "0"
DYNDNS = "0"
DYNDNS_IGNORE = "0"
LF_GLOBAL = "0"
GLOBAL_ALLOW = ""
GLOBAL_DENY = ""
GLOBAL_IGNORE = ""
GLOBAL_DYNDNS = ""
GLOBAL_DYNDNS_INTERVAL = "600"
GLOBAL_DYNDNS_IGNORE = "0"
LF_BOGON_SKIP = ""
URLGET = "2"
URLPROXY = ""
CC_DENY = ""
CC_ALLOW = ""
CC_ALLOW_FILTER = ""
CC_ALLOW_PORTS = ""
CC_ALLOW_PORTS_TCP = ""
CC_ALLOW_PORTS_UDP = ""
CC_DENY_PORTS = ""
CC_DENY_PORTS_TCP = ""
CC_DENY_PORTS_UDP = ""
CC_IGNORE = ""
CC_ALLOW_SMTPAUTH = ""
CC_DROP_CIDR = ""
CC_LOOKUPS = "1"
CC6_LOOKUPS = "0"
CC_INTERVAL = "14"
LF_TRIGGER = "0"
LF_TRIGGER_PERM = "1"
LF_SELECT = "0"
LF_EMAIL_ALERT = "1"
LF_SSHD = "7"
LF_SSHD_PERM = "1"
LF_FTPD = "7"
LF_FTPD_PERM = "1"
LF_SMTPAUTH = "7"
LF_SMTPAUTH_PERM = "1"
LF_EXIMSYNTAX = "10"
LF_EXIMSYNTAX_PERM = "1"
LF_POP3D = "7"
LF_POP3D_PERM = "1"
LF_IMAPD = "7"
LF_IMAPD_PERM = "1"
LF_HTACCESS = "7"
LF_HTACCESS_PERM = "1"
LF_MODSEC = "7"
LF_MODSEC_PERM = "1"
LF_BIND = "0"
LF_BIND_PERM = "1"
LF_SUHOSIN = "0"
LF_SUHOSIN_PERM = "1"
LF_CXS = "0"
LF_CXS_PERM = "1"
LF_QOS = "0"
LF_QOS_PERM = "1"
LF_SYMLINK = "0"
LF_SYMLINK_PERM = "1"
LF_WEBMIN = "0"
LF_WEBMIN_PERM = "1"
LF_SSH_EMAIL_ALERT = "1"
LF_SU_EMAIL_ALERT = "1"
LF_WEBMIN_EMAIL_ALERT = "1"
LF_CONSOLE_EMAIL_ALERT = "1"
LF_APACHE_404 = "0"
LF_APACHE_404_PERM = "3600"
LF_APACHE_403 = "0"
LF_APACHE_403_PERM = "3600"
LF_APACHE_401 = "0"
LF_APACHE_ERRPORT = "0"
LF_APACHE_401_PERM = "3600"
LF_MODSECIPDB_ALERT = "0"
LF_MODSECIPDB_FILE = "/var/run/modsecurity/data/ip.pag"
LF_EXPLOIT = "300"
LF_EXPLOIT_IGNORE = ""
LF_INTERVAL = "3600"
LF_PARSE = "5"
LF_FLUSH = "3600"
LF_REPEATBLOCK = "0"
LF_BLOCKINONLY = "0"
CF_ENABLE = "0"
CF_BLOCK = "block"
CF_TEMP = "3600"
LF_DIRWATCH = "300"
LF_DIRWATCH_DISABLE = "0"
LF_DIRWATCH_FILE = "0"


LF_INTEGRITY = "3600"

LF_DISTATTACK = "0"


# LF_DISTATTACK
LF_DISTATTACK_UNIQ = "2"


LF_DISTFTP = "0"


LF_DISTFTP_UNIQ = "3"


LF_DISTFTP_PERM = "1"


LF_DISTFTP_ALERT = "1"

LF_DISTSMTP = "0"

LF_DISTSMTP_UNIQ = "3"

LF_DISTSMTP_PERM = "1"


LF_DISTSMTP_ALERT = "1"


LF_DIST_INTERVAL = "300"

LF_DIST_ACTION = ""


LT_POP3D = "0"


LT_IMAPD = "0"


LT_EMAIL_ALERT = "1"


LT_SKIPPERMBLOCK = "0"


CT_LIMIT = "60"


CT_INTERVAL = "30"


CT_EMAIL_ALERT = "1"


CT_PERMANENT = "0"

CT_BLOCK_TIME = "1800"


CT_SKIP_TIME_WAIT = "0"

CT_STATES = ""

CT_PORTS = "80,25,110"

PT_LIMIT = "60"
PT_INTERVAL = "60"

PT_SKIP_HTTP = "0"
PT_DELETED = "0"

PT_DELETED_ACTION = ""
PT_USERPROC = "10"

PT_USERMEM = "512"
PT_USERRSS = "256"

PT_USERTIME = "1800"

PT_USERKILL = "0"


PT_USER_ACTION = ""


PT_LOAD = "30"
PT_LOAD_AVG = "5"
PT_LOAD_LEVEL = "6"
PT_LOAD_SKIP = "3600"


PT_APACHESTATUS = "http://127.0.0.1/server-status"


PT_LOAD_ACTION = ""

PT_FORKBOMB = "0"

PT_SSHDKILL = "0"


PT_SSHDHUNG = "0"


PS_INTERVAL = "0"
PS_LIMIT = "10"


PS_PORTS = "0:65535,ICMP"


PS_DIVERSITY = "1"


PS_PERMANENT = "0"
PS_BLOCK_TIME = "3600"


PS_EMAIL_ALERT = "1"

UID_INTERVAL = "0"
UID_LIMIT = "10"

UID_PORTS = "0:65535,ICMP"

AT_ALERT = "2"


AT_INTERVAL = "60"


AT_NEW = "1"


AT_OLD = "1"


AT_PASSWD = "1"


AT_UID = "1"


AT_GID = "1"


AT_DIR = "1"


AT_SHELL = "1"

UI = "0"


UI_PORT = "6666"


UI_IP = ""


UI_USER = "username"


UI_PASS = "password"


UI_TIMEOUT = "300"


UI_CHILDREN = "5"

UI_RETRY = "5"

UI_BAN = "1"


UI_ALLOW = "1"


UI_BLOCK = "1"


UI_ALERT = "4"


UI_CIPHER = "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH"

UI_SSL_VERSION = "SSLv23:!SSLv3:!SSLv2"


UI_CXS = "0"


UI_CSE = "0"


MESSENGER = "0"


MESSENGER_TEMP = "1"


MESSENGER_PERM = "1"


MESSENGER_USER = "csf"


MESSENGER_CHILDREN = "10"

MESSENGER_HTTPS = "8887"


MESSENGER_HTTPS_IN = ""


MESSENGER_HTTPS_CONF = "/etc/httpd/conf.d/ssl.conf"


MESSENGER_HTTPS_KEY = "/etc/pki/tls/private/localhost.key"
MESSENGER_HTTPS_CRT = "/etc/pki/tls/certs/localhost.crt"


MESSENGER_HTML = "8888"

MESSENGER_HTML_IN = "80,2082,2095"


MESSENGER_TEXT = "8889"


MESSENGER_TEXT_IN = "21"


MESSENGER_RATE = "100/s"
MESSENGER_BURST = "150"

RECAPTCHA_SITEKEY = ""
RECAPTCHA_SECRET = ""


RECAPTCHA_ALERT = "1"


RECAPTCHA_NAT = ""

CLUSTER_SENDTO = ""


CLUSTER_RECVFROM = ""



CLUSTER_MASTER = ""


CLUSTER_NAT = ""

CLUSTER_LOCALADDR = ""
CLUSTER_PORT = "7777"

CLUSTER_KEY = ""

CLUSTER_BLOCK = "1"

CLUSTER_CONFIG = "0"
CLUSTER_CHILDREN = "10"

PORTKNOCKING = ""


PORTKNOCKING_LOG = "1"

PORTKNOCKING_ALERT = "0"

LOGSCANNER = "0"

LOGSCANNER_INTERVAL = "hourly"

LOGSCANNER_STYLE = "1"

LOGSCANNER_EMPTY = "1"
LOGSCANNER_LINES = "5000"
ST_ENABLE = "1"

ST_IPTABLES = "100"
ST_LOOKUP = "0"
ST_SYSTEM = "0"

ST_SYSTEM_MAXDAYS = "30"

ST_MYSQL = "0"

ST_MYSQL_USER = "root"
ST_MYSQL_PASS = ""
ST_MYSQL_HOST = "localhost"

ST_APACHE = "0"
ST_DISKW = "0"


ST_DISKW_FREQ = "5"

ST_DISKW_DD = "if=/dev/zero of=/var/lib/csf/dd_test bs=1MB count=64 conv=fdatasync"

DOCKER = "0"


DOCKER_DEVICE = "docker0"


DOCKER_NETWORK4 = "172.17.0.0/16"

DOCKER_NETWORK6 = "2001:db8:1::/64"


IPTABLES = "/sbin/iptables"
IPTABLES_SAVE = "/sbin/iptables-save"
IPTABLES_RESTORE = "/sbin/iptables-restore"
IP6TABLES = "/sbin/ip6tables"
IP6TABLES_SAVE = "/sbin/ip6tables-save"
IP6TABLES_RESTORE = "/sbin/ip6tables-restore"
MODPROBE = "/sbin/modprobe"
IFCONFIG = "/sbin/ifconfig"
SENDMAIL = "/usr/sbin/sendmail"
PS = "/bin/ps"
VMSTAT = "/usr/bin/vmstat"
NETSTAT = "/bin/netstat"
LS = "/bin/ls"
MD5SUM = "/usr/bin/md5sum"
TAR = "/bin/tar"
CHATTR = "/usr/bin/chattr"
UNZIP = "/usr/bin/unzip"
GUNZIP = "/bin/gunzip"
DD = "/bin/dd"
TAIL = "/usr/bin/tail"
GREP = "/bin/grep"
ZGREP = "/usr/bin/zgrep"
IPSET = "/usr/sbin/ipset"
SYSTEMCTL = "/usr/bin/systemctl"
HOST = "/usr/bin/host"
IP = "/sbin/ip"
HTACCESS_LOG = "/usr/local/apache/logs/error_log"
MODSEC_LOG = "/usr/local/apache/logs/error_log"
SSHD_LOG = "/var/log/secure"
SU_LOG = "/var/log/secure"
FTPD_LOG = "/var/log/messages"
SMTPAUTH_LOG = "/var/log/maillog"
POP3D_LOG = "/var/log/dovecot-info.log"
IMAPD_LOG = "/var/log/dovecot-info.log"
IPTABLES_LOG = "/var/log/messages"
SUHOSIN_LOG = "/var/log/messages"
BIND_LOG = "/var/log/messages"
SYSLOG_LOG = "/var/log/messages"
WEBMIN_LOG = "/var/log/secure"

CUSTOM1_LOG = "/var/log/cwp_client_login.log"
CUSTOM2_LOG = "/var/log/customlog"
CUSTOM3_LOG = "/var/log/customlog"
CUSTOM4_LOG = "/var/log/customlog"
CUSTOM5_LOG = "/var/log/customlog"
CUSTOM6_LOG = "/var/log/customlog"
CUSTOM7_LOG = "/var/log/customlog"
CUSTOM8_LOG = "/var/log/customlog"
CUSTOM9_LOG = "/var/log/customlog"

PORTS_pop3d = "110,995"
PORTS_imapd = "143,993"
PORTS_htpasswd = "80,443"
PORTS_mod_security = "80,443"
PORTS_mod_qos = "80,443"
PORTS_symlink = "80,443"
PORTS_suhosin = "80,443"
PORTS_cxs = "80,443"
PORTS_bind = "53;udp,53;tcp"
PORTS_ftpd = "20,21"
PORTS_webmin = "10000"
PORTS_smtpauth = "25,465,587"
PORTS_eximsyntax = "25,465,587"
PORTS_sshd = "22,2732"

GENERIC = "1"
DEBUG = "0"
« Last Edit: October 19, 2018, 07:59:35 AM by dgnzcn »

Offline
*
Re: CSF is blocked httpd and emails
« Reply #1 on: October 21, 2018, 12:40:26 PM »
i added 53 udp and tcp ports section in csf.conf then problem resolved.