[How-to] CSF Support in Hestia CP

martineliascz · October 7, 2019, 7:09pm

CSF is a firewall bundle. An alternative to firewallD & Fail2ban (part of stock Hestia CP install).

For those who prefer the former above the latter - here is a simple tutorial how to enable the CSF & Hestia CP integration.

Prerequisities:

Disabled inbuilt firewall via Hestia CP
Installed rename (apt install rename)

CSF Install steps:

cd /usr/src
rm -fv csf.tgz
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
Execute the below snippet
sh install.hestia.sh

CSF to Hestia CP integration sed snippet:

find . -type f -exec sed -i 's/VESTA/HESTIA/g' {} + && \
find . -type f -exec sed -i 's/Vesta/Hestia/g' {} + && \
find . -type f -exec sed -i 's/vesta/hestia/g' {} + && \
rename 's/VESTA/HESTIA/' * && \
rename 's/vesta/hestia/' *

When upgrading to Hestia CP v1.1.0+ it is also required to edit the following file:
/usr/local/hestia/web/templates/admin/panel.html

Find last element of <div class="l-menu clearfix noselect">
=> <div class="l-menu__item <?php if($TAB == 'SERVER' )

Add the following code on a new line right after </div>
<div class="l-menu__item <?php if($TAB == 'CSF' ) echo 'l-menu__item--active' ?>"><a href="/list/csf/"><?=_('CSF')?></a></div>

If your version is 1.2.4 or older use:
<div class="l-menu__item <?php if($TAB == 'CSF' ) echo 'l-menu__item--active' ?>"><a href="/list/csf/"><?=__('CSF')?></a></div>

Thanks @Raphael & @eris for this tip.

CSF Autoupdates are working flawlessly.

PRO Tip:

Wanna enable IPset Blocking with CSF? Jump to this How-to

If you would like to have native CSF & Hestia CP support, feel free to raise your hand @ CSF FORUM

CSF
FirewallD

0 voters

Raphael · October 8, 2019, 8:00am

Hi @martineliascz

Thanks for sharing the tutorial with us! I’ll try to make it sticky on top :).

napisok · October 14, 2019, 10:11am

Hi
Have tried the guide on fresh install on debian 9.11. But get errors
root@server1:/usr/src/csf# find . -type f -exec sed -i ‘s/VESTA/HESTIA/g’ {} + &&

find . -type f -exec sed -i ‘s/Vesta/Hestia/g’ {} + &&
find . -type f -exec sed -i ‘s/vesta/hestia/g’ {} + &&
rename ‘s/VESTA/HESTIA/’ * &&
rename ‘s/vesta/hestia/’ *
sed: -e expression #1, char 1: unknown command: `▒’
root@server1:/usr/src/csf#

Which linux os and version, did it work for you.

martineliascz · October 14, 2019, 3:05pm

Hi @napisok

I use the very same version as you do - Debian Stretch 9.11.

According to the provided output - it seems like you have done wrong copy-paste.

Please retry with proper copy-paste and get back to us.

napisok · October 14, 2019, 8:49pm

Hi
rename ‘s/vesta/hestia/’ *
Give the error
sed: -e expression #1, char 1: unknown command: `▒’

Done following Step

cd /usr/src
rm -fv csf.tgz
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
find . -type f -exec sed -i ‘s/VESTA/HESTIA/g’ {} + &&
find . -type f -exec sed -i ‘s/Vesta/Hestia/g’ {} + &&
find . -type f -exec sed -i ‘s/vesta/hestia/g’ {} + &&
rename ‘s/VESTA/HESTIA/’ * &&
rename ‘s/vesta/hestia/’ *

martineliascz · October 14, 2019, 11:05pm

Thanks for reply, @napisok

Please try to enter the aforementioned commands manually.

The issue lies in the quote character:
scrnsht
Unfortunately I don’t have required permissions here to fix the attached snippet

Lupu · October 15, 2019, 2:57am

@martineliascz fixed the quoting in the snippet.

napisok · October 15, 2019, 5:33am

Thanks it worked. But after that you need to install:
apt install libwww-perl -y

martineliascz · October 15, 2019, 8:52am

@napisok - I am glad it’s working for you.

Installing Perl web modules is optional - depending on your CSF configuration. However I do strongly recommend installing them as all future CSF updates will be done over HTTPS instead of HTTP.

If you enjoy CSF integration in Hestia CP - please consider visiting CSF FORUM to secure native CSF & Hestia support in the future.

zulfianto · November 11, 2019, 1:54pm

can you create tutorial on Video ?

martineliascz · November 11, 2019, 1:57pm

Hi @zulfianto,

what makes you think that video tutorial would be beneficial?

I assume that provided simple snippet can be easily copy-pasted to terminal with no hassle at all.

Thank you.

zulfianto · November 11, 2019, 2:26pm

hi @martineliascz I’m sorry before.

in my opinion, if the video tutorial is easier to understand, and put into practice.

If you please.

entiti · November 11, 2019, 4:46pm

I try this install this in my previous deploy. But overwhelm by all those many settings.

Later I redeploy my server with default iptable and fail2ban.

May I know, why do you prefer this compare to iptable and fail2ban?

Thank you.

martineliascz · November 11, 2019, 5:08pm

@zulfianto - Unfortunately, I don’t have much free time to create a video. If you happen to find some - feel free to create one using asciinema … You could really help others - by verifying that the provided snippet works flawlessly.

@entiti - Why do I prefer CSF over Fail2ban? Simply put, I’m fan of very complex things
On embedded devices I do use only iptables, obviously…

zulfianto · November 11, 2019, 6:36pm

hmmmm, im not try yet… that’s why i ask you to create video…
oke thank you for your tutorial… i’ll try later.

donko · March 17, 2020, 12:56pm

is this still working? i tried install today and CSF option doesn’t appear on panel tab.

martineliascz · March 17, 2020, 9:09pm

@donko - You probably refer to Hestia v1.1.0, right? Haven’t yet tested it after upgrade. Will let you know soon.

jorgepala · March 28, 2020, 4:14pm

I also disappeared this option from the panel tabs.

HestiaCP Versión 1.1.1
SO: Debian 9.12

root · March 30, 2020, 6:37pm

Can anyone list some pro’s and cons for CSF vs Fail2ban