ConfigServer Firewall/Login Failure Daemon

Let us COMPLETELY configure and setup CSF/LFD so that it works on your server at maximum capacity.

A Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers.

• Straight-forward SPI iptables firewall script
• Daemon process that checks for login authentication failures for:
  • Courier imap, Dovecot, uw-imap, Kerio
  • openSSH
  • cPanel, WHM, Webmail (cPanel servers only)
  • Pure-pftd, vsftpd, Proftpd
  • Password protected web pages (htpasswd)
  • Mod_security failures (v1 and v2)
  • Suhosin failures
  • Exim SMTP AUTH
  • Custom login failures with separate log file and regular expression matching
• POP3/IMAP login tracking to enforce logins per hour
• SSH login notification
• SU login notification
• Excessive connection blocking
• UI Integration for cPanel, DirectAdmin and Webmin
• Easy upgrade between versions from within cPanel/WHM, DirectAdmin or Webmin
• Easy upgrade between versions from shell
• Pre-configured to work on a cPanel server with all the standard cPanel ports open
• Pre-configured to work on a DirectAdmin server with all the standard DirectAdmin ports open
• Auto-configures the SSH port if it's non-standard on installation
• Block traffic on unused server IP addresses - helps reduce the risk to your server
• Alert when end-user scripts sending excessive emails per hour - for identifying spamming scripts
• Suspicious process reporting - reports potential exploits running on the server
• Excessive user processes reporting
• Excessive user process usage reporting and optional termination
• Suspicious file reporting - reports potential exploit files in /tmp and similar directories
• Directory and file watching - reports if a watched directory or a file changes
• Block traffic on the DShield Block List and the Spamhaus DROP List
• BOGON packet protection
• Pre-configured settings for Low, Medium or High firewall security (cPanel servers only)
• Works with multiple ethernet devices
• Server Security Check - Performs a basic security and settings check on the server (via cPanel/DirectAdmin/Webmin UI)
• Allow Dynamic DNS IP addresses - always allow your IP address even if it changes whenever you connect to the internet
• Alert sent if server load average remains high for a specified length of time
• mod_security log reporting (if installed)
• Email relay tracking - tracks all email sent through the server and issues alerts for excessive usage (cPanel servers only)
• IDS (Intrusion Detection System) - the last line of detection alerts you to changes to system and application binaries
• SYN Flood protection
• Ping of death protection
• Port Scan tracking and blocking
• Permanent and Temporary (with TTL) IP blocking
• Exploit checks
• Account modification tracking - sends alerts if an account entry is modified, e.g. if the password is changed or the login shell
• Shared syslog aware
• Messenger Service - Allows you to redirect connection requests from blocked IP addresses to preconfigured text and html pages to inform the visitor that they have been blocked in the firewall. This can be particularly useful for those with a large user base and help process support requests more efficiently
• Country Code blocking - Allows you to deny or allow access by ISO Country Code
• Port Flooding Detection - Per IP, per Port connection flooding detection and mitigation to help block DOS attacks
• DirectAdmin UI integration
• Updated Webmin UI integration
• WHM root access notification (cPanel servers only)
• ...lots more!

EXIM Phishing Protection

Tired of spammers and phishers using and abusing your e-mail service before you have a chance to stop them? Let us make some modifications with our latest up-to-date protection list to EXIM which will block most phishers and they won't get your IPs blacklisted!

IonCube & ZendEncoder

Let us install and setup both IonCube and Zend on your server so that your clients can make full use of PHP applications.

CHKRootkit

Let us install and setup CHKRootkit Hunter on your server which will monitor for rootkits and compromised files and send you e-mail logs.

RKHunter

Let us install and setup RKHunter on your server which will monitor for rootkits and compromised files and send you e-mail logs.

LES (Linux Environment Security)

Let us install and configure LES for maximum performance so that you get the MOST out of your server!

Linux Environment Security is intended as a facility to quickly & easily secure RedHat/RPM based environments. It does such by enforcing root-only permissions on system binaries (binaries that have no place being executed by normal users), enforcing root-only path traversal on system paths, enforcing immutable bit on essential rpm package contents (i.e: coreutils), and enforcing immutable bit on shell profile scripts.

The combined usage of all LES options provides an increased level of local environment security, with the goal of preventing environment based attacks. Such attacks would consist of compromised system binaries; tainting the $PATH variable to point to invalid paths where trojan/malicious binaries are located; alterations to user profile scripts to activate key loggers or process based hi-jacking; traversal exploration of the system paths etc; the possible attack trends are numerious hence the importance of hardening the local environment space.

LSM (Linux Socket Monitor)

Let us install and configure LSM for maximum performance so that you get the MOST out of your server!

LSM is a network socket monitor; it is designed to track changes to Network sockets and Unix domain sockets, effectively a port monitor. It does this by a rather simple differential based comparison of current and new server sockets (Server Ports). A simple and configurable alerting system sends alerts whenever new ports activate. LSM will ignore services that are currently holding sockets open, events are only applicable when a 'new' socket (port) is created.

NSIV (Network Socket Inode Validation)

Let us install and configure NSIV for maximum performance so that you get the MOST out of your server!

Network socket inode validation is a rule based utility intended to aid in the validation of inodes against each LISTEN socket on a system. The nature for this app is such that rouge binaries can easily hijack a user, program privileges, or work space; and utilize such to kill the old service & execute a new service on the known port they crashed. The best known examples of this trend is 'tmp' path uploaded content via php remote include exploits; which is executed, crashes the web server and starts a rouge httpd process and other such items.

A simple structure of validation is used by NSIV to verify the integrity of services on a given system. The rules system has 3 required variables; the first being a declared PORT value for which the service is known to operate on, the second is the BIN value which is simply the path to your service executed binary and the third option is the RST value which points to an init script with restart flags.

The execution cycle of NSIV is very simple, first it determines the running process ID of your binary followed by the trusted inode (that which is associated to the BIN variable). Then, the PORT value is used to check that the binary holding said port open actually references back to the trusted inode, if it does not then we assume the service has been hijacked and the PID is killed / RST executed with optional e-mail alert dispatched.

PRM (Process Resource Monitor)

Let us install and configure PRM for maximum performance so that you get the MOST out of your server!

PRM monitors the process table on a given system and matches process id's with set resource limits in the configuration file or per-process based rules. Process id's that match or exceed the set limits are logged and killed; includes e-mail alerts, and kernel logging routine.

SIM (System Integrity Monitor)

Let us install and configure SIM for maximum performance so that you get the MOST out of your server!

SIM is a system and services monitor for 'SysVinit' systems. It is designed to be intuitive and modular in nature, and to provide a clean and informative status system. It does this by consistently verifying that services are online, load averages are in check, and log files are at reasonable sizes. Many other SIM modules sport different and in-depth features to bring a well rounded tool to your disposal to stop otherwise common issues daunting internet hosts.

SPRI (System Priority)

Let us install and configure SPRI for maximum performance so that you get the MOST out of your server!

The problem? Linux has priority levels to thread all tasks at, these prio's are ranged from -20 to +19 (negative = high prio, positive = low prio) with 0 as the default for all processes. So this being the fact, with everything operating at prio 0 you got fights between services as to who gets what resources first.

Solution? Very simply, que different processes at different priority levels to effectively discipline the system on who gets what resource access first. SPRI (System Priority) is a utility designed to que different processes with different priority levels based on 3 class levels of importance (high,med,low). The average load level of a server can be substantialy decreased by using spri, by as much as 20%, of course results may vary.