No problems here to be solved, but just a few observations for others who want to use this combination:
– The latest syslog-ng
(3.37 [open-source version]) has been A LOT more reliable than rsyslog
.
— CSF’s user-creation has created empty groups when option 3 is used in RESTRICT_SYSLOG. The group can be manually populated, however. I’ve been using
dbus,polkitd,named,root,mail,daemon,dovecot,dovenull,rpc,mysql,ntp
which seems sensible to me.
– Creating an account csf@servername.example.tld
and using the Mail Filters in Usermin allows all the probably-unimportant messages to be collected and stored away, never to be read; but the important ones to be forwarded to my mobile phone as MMS. Like this one:
The address doesn’t have to be csf, by the way. It can be anything.
This server is hosting only honeypots at the moment (which is why I redacted the image). I plant honeypots throughout the Interwebs for the sheer joy of it. It’s also one of the reasons I use CSF: Many of my honeypot scripts are dependent on it.
But it’s also a good firewall that others may want to use, hence this post.
– If you cat
the lfd log at /var/log/lfd.log
, restart csf
and lfd
. It doesn’t seem to like being cat
ted very much and may stop reading the logs in protest if you do until being restarted. Faststart is good enough.
Richard