[How-to] CSF Support in Hestia CP

gaetan-x · November 23, 2021, 2:13am

Hello @martineliascz ,thanks for this tutorial and the add on !

Your tutorial was clear and precise I 've been able to add CSF to my Hestia panel in no time !

I know this topic is old, and my question may be stupid (I am totally new to Hestia, I used to work with goPanel but as it is mac only I would rather use a cPanel like Hestia for my new servers …) ,

following your instruction I have been able to add several custom link and widget to the header nav bar (now the nav bar is totally something else than what is default haha) to have a quick access to my favorite tab (pretty much same stuff than you did by adding the CSF tab)

My question : how can I make it that it will “survive” the updates of Hestia, because I am guessing when Hestia will update it will erase those html changes …

i am running Hestia v1.4.17 on ubuntu 20.04
thanks in advance !

eris · November 23, 2021, 5:12am

No it will not …

Somebody need to develop something like this…

martineliascz · November 23, 2021, 8:23am

@gaetan-x Hi, thanks for the comment. Could you please show us how your nav bar looks like? I’m curious… love inspiration

ww7 · September 28, 2022, 2:18am

@eris
@martineliascz

For preserve CSF button with HestiaCP updates, next code can be placed to /etc/hestiacp/hooks/post_install.sh

#!/usr/bin/env bash

# panel template update
cd /usr/local/hestia/web/templates/includes
[[ -n $(grep '<!-- Customized -->' panel.html) ]] && exit 1
cp panel.html panel.html-bkp-script
sed -z -i -E 's#<!-- *Statistics tab *-->#<!-- Customized -->\n<div class="l-menu__item <?php if($TAB == "CSF" ) echo "l-menu__item--active" ?>"><a href="/list/csf/"><i class="fas fa-shield-alt"></i>\&nbsp;<?=_("CSF");?></a></div>\n<!-- Statistics tab -->#' panel.html

martineliascz · September 28, 2022, 9:43am

@ww7 Thanks for this tuto!

Anyway, calling sed twice is not needed, you could just use regex replace, such as simple “.”.

Thanks and take care!

Martin

ww7 · September 28, 2022, 7:01pm

Instead '.' updated with ' *' (also can be '[ ]*'), means any number of whitespaces

@martineliascz Thank you for great threads for HestiaCP!

martineliascz · September 29, 2022, 10:25am

@ww7 You’re welcome!

Hestia CP is still the best CP out there. I’m using it on all of my Debian servers…

I’m now working on many projects in parallel, so hopefully I’ll find some time in the future to contribute once again…

Martin

Eduardo · September 30, 2022, 12:37am

Hello Martin ! I have no experience with CSF, can you tell me a couple of advantages of CSF over firewallD and Fail2ban?
I would like to know and try CSF.
Thanks !

martineliascz · September 30, 2022, 11:04am

Hi @Eduardo - please check my previous post why I do prefer the CSF over stock firewall.

Anyway, @Lupu and others did a very great job with implementing some of the CSF features, such as the ipset blocking to the Hestia CP while preserving the simplicity of stock firewall.

Thanks and take care!

Martin

indianets · January 2, 2023, 4:10pm

Hello,

In the newer version the template path which needs to be edited is /usr/local/hestia/web/templates/includes/panel.html instead.

Also, to make it look consistent with the Hestia CP design, a little fa icon wouldn’t hurt -

<div class="l-menu__item <?php if($TAB == 'CSF' ) echo 'l-menu__item--active' ?>"><a href="/list/csf/"><i class="fas fa-shield-alt panel-icon"></i><?=_('CSF')?></a></div>

Thanks

martineliascz · January 2, 2023, 4:31pm

Hi @indianets and welcome to the forum!

I’ll soon install the latest Hestia CP and update the tutorial accordingly as I will have some free time this year.

Thanks too!

DSystem · January 10, 2023, 8:50pm

I’m a fan of CSF and it should come as standard on HestiaCP!!!

I’ve been using CSF and Fail2ban for a long time without problems.

To do this, just disable the SSH protection in Fail2ban so as not to conflict with the CSF.

sed -i -e 's/port    = ssh/enable  = false\nport    = ssh/' /etc/fail2ban/jail.conf;
service fail2ban restart;
service fail2ban status

In these links you have a good read on this subject:
https://www.digitalfaq.com/guides/webhosting/install-fail2ban-cpanel-pt1.htm
https://www.digitalfaq.com/guides/webhosting/install-fail2ban-cpanel-pt2.htm

bubblecatcher · February 9, 2023, 1:18pm

what is the status of this, does the guide working with latest version?

thanks

martineliascz · February 9, 2023, 2:39pm

@bubblecatcher For now you can use my steps and a mix of @indianets. Thanks!

MAN5 · April 24, 2023, 3:41pm

*** as of today, HestiaTeam is not providing any supporting yet for CSF, due to strong reasons behind there…

But there are ways to have it working within hestia UI…

ref: How to install CSF on Hestiacp web ui [config firewall] | Guest Blog Posting

hestia-csf

Just run this below command as ROOT user from your linux terminal. (Tested with Hestia v1.7.3 * Ubuntu 20.x)

wget https://raw.githubusercontent.com/vvcares/hestia/master/hestia_csf_install.sh && bash hestia_csf_install.sh

The above command will do as below:

Download the script from vvcares-github repo
It will check if there is an existing CSF installation in ‘/etc/csf/’.
If exists, it will proceed to Step#5
If not exist, it will install fresh/new CSF firewall
It will automatically add the hestiacp backend port into ‘CSF.CONF > TCP_IN’
Create an additional folder called ‘csf folder’ inside ‘/usr/local/hestia/web/list/’
Add the CSF link button into your ‘hestiacp panel > in main admin dashboard only’ & Exit.

It is important to note that CSF should not be your only line of defense for securing your server. You should also follow best practices for server security, such as keeping your server software up-to-date, using strong passwords, and limiting access to only necessary users and services.

sujit · May 20, 2023, 4:15am

Due to strong reasons behind there what?

I haven’t explored CSF since few years. Is there anything a user should be concerned about before trying CSF?

MAN5 · May 20, 2023, 6:35pm

CSF has lot of unique settings can filter/blocking etc.,
commercial server, Im using this combo for few years.

If the team supports for CSF, there will be tons of questions will arise & have to spend time for troubleshooting for a 3rd party’s application.

DSystem · April 15, 2024, 2:08am

Hello! Can you update the Blog link?

The Github link is also broken.

MAN5 · April 15, 2024, 3:03am

Hi, its working well.
I tried just now both to VVCARES.COM & GITHUB. Both are working well…

DSystem · April 15, 2024, 3:49pm

Oops. The Github link is ok. I copied the wrong link here.

The Blog does not have a broken link. It’s Cloudflare blocking access.

Your script is perfect!!! It worked here with Debian 11 and hesciaCP v1.8.11

Do you disable fail2ban to use CSF