CSF +an additional 15 characters, rolleyes


#1

I’m prompted to post about CSF because of the post about fail2ban.
In the last two weeks I’ve built 3 Ubuntu 14.04 servers for folks, I’m really, really, really, waiting on nethserver 7.

I’m using Webmin and for convenience, I have been testing CSF http://configserver.com/cp/csf.html on them.

Anyone have any experience with or an opinion on this script?
Do any of the devs think it might be worthwhile to consider the building of an or even the inclusion of this LFD in nethserver?


Fail2ban in NethServer
(Artem Fedai) #2

whey don’t U use fail2ban ?


(Stéphane de Labrusse) #3

why do you want to use csf on nethserver instead of a stock centos server…I really don’t understand people who want to destroy their system :slight_smile: of course it is your personal and definitive choice.

If you can explain why you want to have two server-manager in the same server…does your car has two steering wheels ?


(Stefano) #4

I agree

webmin should be avoided, as any other kind of web configurator… if any feature is missing in NS webgui, we should work to add it…

and we really should remember that NS is not a plain/bare centos install and before destroying it installing anything everybody should at least understand how does it work behind the scene.

as always, my 2c


#5

So nobody likes the LFD.

Alrighty then.


(Stéphane de Labrusse) #6

:smile:

That’s not the question if I do like this kind of server-manager, you have plenty of others like this one and surely it is the direction where Linux distro will go . Look at cockpit with redhat.

However I don’t trust a server-manager able to manage all distros, I deeply believe in the Unix proverb

Do one thing, but do it well

With serious now I just would say, choose one, and try to stick on this one.


#7

LFD is not a server manager.

Webmin is a server manager.

LFD nor csf require webmin,

All of the automobiles I have do have 2 steering wheels, one in the right front corner and one in the left front corner.
All of my motorcycles though, do have but one steering wheel.

But, if the grip is exceeded in the drive, usually rear, wheel, or wheels, then, technically, those become steering wheels as well, which I actually use more often than not.


(Artem Fedai) #8

adopt it for Your self and U NethServer installation , so many people so many minds ! I need asterisk i’ve compiled it from source , great thanks to contributors for so Lightweight WEB managed server for dummy admins, coz Zentyal became crazy !


(Stefano) #9

@fasttech, please remember that english is not the first language for many of us :wink:

I read the “readme” file of LFD… I’m not a guru, but I think it will be hard to include it in NS

anyway… feel free to try yourself and come back here with some ideas… script, howto etc.

thank you


#10

I’m going to go ahead and point something else out.
I have fledgling familiarity with nethserver.
I installed my first, test, install of nethserver, as a standalone server with a single nic.
I installed the available firewall module.
It was completely blank, no rules, no services, nada, nothing.
Even Zentyal creates fw rules on the initial install and as changes and services are added or changed, so there’s no need to build from scratch.

What good is a server manager that requires the end user to build from scratch?
If you have to do most of the work at the cli, then who needs a pretty and useless gui?

Therefore if I have to build everything from scratch in the nethserver ui, why not use a premade script that saves me the time of building everything from scratch?

And I’m not going to do this, if you guys want to be offensive and insulting, I’ve better things to do, places to be and when you come out with v7 I’ll look into whether it’s useful or not and use it or not as I see fit, but I sure won’t waste time here on these forums.

Later.


(Stefano) #11

I guess we aren’t understanding each other and I’m sure that nobody here is trying to insult anyone

in any case, I apologize (as I told you, I’m not an english mothertongue)

this is a community… NS has some features and it’s based on some ideas… everybody can come here and propose… feel free to contribute and partecipate

ciao


(Stéphane de Labrusse) #12

Be quiet…and sorry but i’m french…maybe my wording was not appropriated.

However you should keep in mind that nethserver 7 won’t come from a magic hat.

That need work…tears…and pain…you have nothing for free in this real world.

Ps…sorry again but you asked for my opinion in your first post.


(Artem Fedai) #13

i think that U have never Install Zentyal 4 :slight_smile: It’s awful , after it i have to begin searching somth User Frendly!


(Alessio Fattorini) #14

Unfortunately not, do you have tried to install on NethServer? What is the goal?
At the moment add a tool that manage configuration file is pretty difficult to NethServer because they could be overwritten by NethGUI, so unfortunately you can’t have both :smile:

I don’t know Zentyal pretty well, if you have suggestions to improve firewall module please open a new topic and explain us what and why. Is it too empty for you? What do you suggest?
Sorry, I don’t see any previous suggestion about this “premade script” could you be more clear?

Please @fasttech @stephdl @zamboni we have rules, take a look and be nice :wink:
You may wish to respond to something by disagreeing with it. That’s fine. But, remember to criticize ideas, not people


@fasttech these guys have apologized, shake their hands and go ahead with our discussion
Have a good night!


#15

As I said in my first post… I have built some headless ubuntu servers using webmin and am trying the csf script in them. I like the lfd conponent of the csf script and was simply asking what anyone thought of the lfd part.

Regarding fw in nethserver… as I said, I have fleeting familiarity with the single nic install.
You seem to have 2 different fw packages and the one available for the single nic install is completely empty of any objects, services or rules, a blank sheet of paper, I have my own opinion about that state of affairs but who cares what I think?

That being the case, who cares if I install csf, how could there be any conflict if I don’t install the nethserver single nic fw package or if it is installed and a nethserver single nic install fw does nothing?

I don’t even see anything in the nethserver documentation about the single nic fw but I’m sure I’m just blind.

Understand, I use dedicated gateway products so all my office server installs, regardless of distro, are single nic installs.


#16

I would also point out that I would consider installing webmin with nethserver on the same machine pointless.


#17

Regardless of my opinon about Zentyal, I do indeed have a couple of Zentyal 4 installs running, in addition to the dozen odd installs of older versions of Zentyal I have currently in use.


#18

Wow, this was bothering me so I fired up my test install of nethserver and looked at the Gateway pages, they are indeed empty of objects, etc, but seem to match up with the documentation. So I uninstalled the firewall to see what was available for install and the nethserver-firewall-base is it.
I swear that when I first installed this there were two options, base and something else but the something else was grayed out and unavailable, I assumed because it was a single nic install,… was shorewall an install option at one point in the past couple of months or have I lost my mind?


(Artem Fedai) #19

Documentation has a path for changing shorewall template as U wish, and make some services from bash with opened ports from public or private net! but firewall section must be improved ! Coz we have no ability to add network or ip , separated through Web !


#20

So, after further review with a fresh install we’ve got;

security - trusted networks, and one finds the local network, netmask and green; eth0… objects basically, already filled in ,
yet with the fw installed there’s gateway - fw objects - IP ranges and Zones and they’re empty…

and…

security - Network services, has httpd-admin, ntp and ssh listed right there, services, all filled in, with access to green and red, basically… rules.
yet with the fw installed there’s gateway - fw objects - services with an empty table…and there’s not a rule that correlates with what’s in network services…

So I can go to security - Network services and set httpd-admin to, I assume, set the httpd daemon config to only allow access from green… but to do the same with the fw I have to create all aspects of the objects, services and rules, zones, etc, when they’re already created in another module on the nethserver manager.

So, I’m not crazy, but this is… at least a little.