Some Observations re: CSF Firewall / Rocky Linux / Virtualmin 7

No problems here to be solved, but just a few observations for others who want to use this combination:

– The latest syslog-ng (3.37 [open-source version]) has been A LOT more reliable than rsyslog.

— CSF’s user-creation has created empty groups when option 3 is used in RESTRICT_SYSLOG. The group can be manually populated, however. I’ve been using

dbus,polkitd,named,root,mail,daemon,dovecot,dovenull,rpc,mysql,ntp

which seems sensible to me.

– Creating an account csf@servername.example.tld and using the Mail Filters in Usermin allows all the probably-unimportant messages to be collected and stored away, never to be read; but the important ones to be forwarded to my mobile phone as MMS. Like this one:

The address doesn’t have to be csf, by the way. It can be anything.

This server is hosting only honeypots at the moment (which is why I redacted the image). I plant honeypots throughout the Interwebs for the sheer joy of it. It’s also one of the reasons I use CSF: Many of my honeypot scripts are dependent on it.

But it’s also a good firewall that others may want to use, hence this post.

– If you cat the lfd log at /var/log/lfd.log, restart csf and lfd. It doesn’t seem to like being catted very much and may stop reading the logs in protest if you do until being restarted. Faststart is good enough.

Richard