How to Setup ConfigServer Firewall (CSF) Server Cluster to Sync White and Black Lists

How to Setup ConfigServer Firewall (CSF) Server Cluster to Sync White and Black Lists

With ConfigServer Firewall (CSF) installed for our server, we can utilise Login Failure Daemon (LFD), to setup a server cluster. LFD tracks and records all attempts to brute force services on our server such as FTP, Mail, etc by scanning log files for failed authentications and then blocks the IP address. The IP addresses are stored in /etc/csf/csf.tempban for temporary bans or /etc/csf/csf.deny for permanent bans. If an IP address is whitelisted it is stored in /etc/csf/csf.allow file.

You can manage these files yourself either through the CSF GUI interface or via the command line using your favourite text editor. This would be fine if you have just one or maybe two servers but if you had more you would need to log into each server with CSF and update the blocklists manually, which would be very time-consuming. Instead of replicating each of the files individually to each server we can use a feature of CSF where the servers will share and update the files automatically. Therefore, if server1 has a brute force attempt made from an IP address, it will immediately forward that IP address to server2, server3 and server4 and the IP will be blocked on all your servers, not just server1. This is known as an LFD Cluster.

In this guide, we will show you how to set up a LFD Cluster to enable group sharing of your white and blacklists. With CSF being the same software between different control panels, this guide is applicable to DirectAdmin, cPanel and CyberPanel.

Configuring the Server

In order to configure our servers, we will need to edit the CSF configuration file /etc/csf/csf.conf. Usually, we could do this directly in CSF using the GUI, however, these are classed as restricted UI options meaning they can only be edited using the command line in DirectAdmin and CyberPanel or if you are using cPanel you can use ConfigServer Explorer which provides a Filesystem explorer directly in WHM. For the purposes of this guide, we will be using the command line.

Firstly, we need to obtain the IP addresses of all servers that will be participating as cluster members. For illustration, we will be using 192.168.0.1 and 127.0.0.1 as our example. You will, of course, need to substitute these IP addresses for your own.

Set Cluster IP Addresses

Now we need to edit the CSF configuration file to add the IP addresses of our server in the CLUSTER_SENDTO = “” and CLUSTER_RECVFROM = “” sections.

perl -pi -w -e "s/CLUSTER_SENDTO = \"\"/CLUSTER_SENDTO = \"192.168.0.1,127.0.0.1\"/" /etc/csf/csf.conf
perl -pi -w -e "s/CLUSTER_RECVFROM = \"\"/CLUSTER_RECVFROM = \"192.168.0.1,127.0.0.1\"/" /etc/csf/csf.conf

We have now created a network using CSF where each of the listed IP addresses will be become members of the CSF cluster and be able to send and receive white and black lists.

Set Cluster Block

Now we need to check the CLUSTER_BLOCK section to ensure it is set to on (CLUSTER_BLOCK = “1”). We can check this by using the following command:

grep -w '^CLUSTER_BLOCK' /etc/csf/csf.conf

If the CLUSTER_BLOCK returns a 0 (off) instead of 1 (on), you can use the following command to change it:

perl -pi -w -e "s/CLUSTER_BLOCK = \"0\"/CLUSTER_BLOCK = \"1\"/" /etc/csf/csf.conf

Set Cluster Port

Now we need to set the CLUSTER_PORT. This port is how our cluster members will communicate with each other. The default setting is CLUSTER_PORT = “7777”, however, if you decide to change it you will need to update the port on every cluster member. You can check the current CLUSTER_PORT using this command:

grep -w '^CLUSTER_PORT' /etc/csf/csf.conf

If you have changed the port number you can use this command to update the configuration file:

perl -pi -w -e "s/CLUSTER_PORT = \"7777\"/CLUSTER_PORT = \”NEW-PORT-NUMBER\”/" /etc/csf/csf.conf

Set Cluster Key

The CLUSTER_KEY is a secret key which is responsible for ensuring all communications between our cluster members is encrypted using the Blowfish algorithm. The key needs to be a minimum of 8 and a maximum of 56 characters long. The CSF team recommend a minimum length of 20 characters, however, we would recommend that the key is the maximum length of 56 characters.

For example, a randomly generated key using 56 characters would look similar to this 56681689651354229616644831765284737371348268199929918797

IMPORTANT This cluster key is for illustration only and not to be used in a production environment. Please generate a new key for your installation.

To add our CLUSTER_KEY to the CSF configuration file we would use the following command:

perl -pi -w -e "s/CLUSTER_KEY = \"\"/CLUSTER_KEY = \"56681689651354229616644831765284737371348268199929918797\"/" /etc/csf/csf.conf
IMPORTANT In order to set-up LFD Clustering on all servers you will need to repeat the steps above on each server we want to include in the cluster.

The completed LFD Clustering section in the /etc/csf/csf.conf file should now look like the image below.
CSF LFD Cluster Setup

Restart CSF/LFD

We have now finished editing the /etc/csf/csf.conf file so we need to restart CSF/LFD to ensure our changes take effect. We can restart CSF and LFD using the following commands:

csf -r
service lfd restart

Test the LFD Cluster

Now we have restarted CSF/LFD, we need to test our LFD Cluster to ensure all servers can communicate with each other. To test the cluster we will use the following command:

csf —cping

The output you will see in the command line session will be something similar to the example below. A successful connection between CSF will reply a [PONG!] message.

[root@csf-test ~]# csf --cping
Sent request to 192.168.0.1, replied: [PONG!]
Sent request to 127.0.0.1, replied: [PONG!]

That’s it. You have now successfully set up a ConfigServer Firewall (CSF) cluster to sync white and blacklists automatically.

VPSBasics

VPSBasics

This guide was written by the VPS Basics editorial team, led by Gilberto Van Roosen. They are a unique blend of people who are dedicated to providing highly detailed, comprehensive and easy to follow tutorials, written in plain English. They specialise in tutorials for managing Linux servers, its software and WordPress.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.