I think Fail2Ban parses the logs so it shouldn’t be affected. Not too hard to test though. I see little on SSH because changing the port doesn’t stop the standard port attempts but they never make it as far as the login.
1 Like
Thanks! I will test it.
I really like CSF. I’m just not using it right now because about 8/9 months ago I lost access with my then provider. Then I reinstalled and continued with Firewalld because I believed I would have the same problems. It would be wonderful if you could adjust CSF by Webmin/Virtualmin. It would be an excellent sub-product for everyone.
There is already a module for CSF, and Ilia has spent quite a lot of time on it. I don’t use it, but people seem to like it.
1 Like
can you think of any potential downside or disadvantage to making it GPL?
Its documented here
Correct, except it won’t know which is the new SSH port and which port to block.
1 Like
You had me checking since it’s been well over a year since I did this. The GUI has ‘ports to block’ and lists ssh. I renamed the service in /etc/services when I changed the port. But it almost never gets an attempt on the new port anyhow.
They have changed a bit the communicate:
To allay some fears, we are actively working on releasing csf (ConfigServer Security & Firewall) under the GPLv3 license. If we do this, it will be before we close for business and the software will be made available via our GitHub repository.
Good news!
2 Likes
I hope this happens - CSF is excellent. I wonder if the Virtualmin team might be interested in approaching them and offer to take over as its maintainers on the basis it will always remain OS? Could be a nice way to get exposure for Virtualmin as lots of people I know use CSF..
It’s written in Perl (and pretty nice Perl from what I’ve seen), so it wouldn’t be a big stretch, but I’m not overly fond of the way firewalls like CSF work. They’re useful in their place, but quite heavy and complicated for a web hosting environment (then again, so is fail2ban, I wish I’d known about sshguard back when making the call to use fail2ban but for a long time sshguard only worked with ssh).
Ilia loves CSF, though, so maybe he’d be interested. I wouldn’t want to volunteer him for something, though, as he’s already extremely busy.
That said, I would expect there are people more invested in CSF than we’ve historically been who might be interested in carrying it forward.
I mean, sure, it is an opportunity, I’m sure having the reins of CSF handed over to some entity would be good marketing for that entity, but I’m not opportunistic about stuff like this. This was someone’s work for many years, and if our experience is any indicator, they probably didn’t make a lot of money doing it. I hope they do what they feel good about doing with it. If that includes handing it off to someone they trust, that’s great. If it involves just adding a GPL license to the existing repo and letting a thousand forks bloom (and see who survives), that’s also great.
In short: I think Ilia has communicated with them in the past, and he’s done a lot of work making using it nice in Webmin, but I don’t think they’d think of us anywhere near the top of the list of possible adopters of the project, and I’d want them to make decisions based on what they want to see happen.
5 Likes
I would expect cPanel/WHM to pick it up and if it is GPL then others can benefit etc…
1 Like
I’ve said this before. A proper firewall goes in front of the server. Unless you have a machine that is WAY over what you need things like DDOS attacks will bring you down anyhow by eating up the server resources. Basically having DDOS protection on your server is a losing proposition.
I’m guessing the reason for closure may be due to ill-health - CSF has been around a long time and so I imagine its creator is probably getting on a bit now. I hope I am wrong and I hope the person behind it is ok. (Just checked and it looks like it’s a husband-wife team with them being almost 60 years old - I hope they’re both ok).
Looks like someone has started this to keep copies of the old scripts:
2 Likes