Enabling ConfigServers Firewall (csf) clustering for Login Failure Daemon (lfd)

ConfigServer Firewal (csf) is a very lightweight and easy to configure firewall for linux systems. Its cPanel interface provides a very easy to access and control the firewall from the WHM (Web Host manager). One of the best part of it, it’s fully free.

 

In version 5, csf introduced  lfd (Login Failure Daemon) clustering which allows IP address blocks to be automatically propagated around a group of servers running lfd. It allows allows cluster-wide allows, removals and configuration changes.

Login Failure Daemon (lfd) process that runs all the time and periodically (every X seconds) scans the latest log file entries for login attempts against your server that continually fail within a short period of time. Such attempts are often called “Brute-force attacks” and the daemon process responds very quickly to such patterns and blocks offending IP’s quickly. Other similar products run every x minutes via cron and as such often miss break-in attempts until after they’ve finished, our daemon eliminates such long waits and makes it much more effective at performing its task.

This feature is extremely helpful if you have multiple servers and you want a IP blocked in any of your server (lfd clustering configured server) to be propagated to all servers. Let’s see how to configure it from WHM. Please remember, you need to be root to configure it .

Configuring LFD Clustering

Login to WHM as root

Click ‘ConfigServer Security&Firewall‘ from the Plugins section.

Then click ‘Firewall Configuration’

It will open csf configuration panel. Select ‘lfd Clustering‘ from the drop down list.

Now the main part.You will see a few input boxes but all are not our concern at this level.

First concentrate to input box labeled ‘CLUSTER_SENDTO’. Here you should enter the ip address of the server to which the current server should send requests too. Suppose, you denied an IP address in this server. This denial will be send to the IP address you mentioned in this box. If you want it to be send to many other servers (running csf), add all the IP addresses using comma as separator. 

Then, ‘CLUSTER_RECVFROM’. This is the reverse of previous. It’s a list of (comma separated IPs) servers from that this server will listen requests. If you deny any IP in other servers listed here, this server will receive instructions from those servers provided that current server’s IP also also added in those servers’ ‘CLUSTER_SENDTO‘ list.

Let’s make it straight forward for now. Let’s consider you have to servers and you want to cluster lfd among these two. Consider your first server’s IP is xx.xx.xx.xx and your second server’s IP is yy.yy.yy.yy. Also consider we are now in first server. So we need to allow second server here. Put yy.yy.yy.yy in the both boxes.

 

You need not to worry about port unless you want to set something different. Even, you don’t need to open it in firewall as csf will automatically do it for you.

One important step is to set clustering key. Set a random value ‘CLUSTER_KEY’. It is suggested to be more than 20 characters.

When done, hit the ‘Change’ button and then restart csf.

We are done in our first server. Now we need to replicate this same thing on second server. However, put first server’s IP (xx.xx.xx.xx) in the CLUSTER_RECVFROM and CLUSTER_SENDTO in the second server.

Note: Please change xx.xx.xx.xx and yy.yy.yy.yy with your server’s IP addresses.

After configuring, you can check ‘lfd log’ to see if any error is reported.

 

To know more visit official site.

Related posts:

1. Enabling passive ftp in Pure-FTPd
2. Hardening/Securing SSHD (Secure SHell Daemon)
3. Configuring your Firewall for Webmin
4. DoS Protection via APF, BFD, DDOS and RootKit
5. Installing APF Firewall in cPanel server