How to setup Email alert for CSF ?

Steps to setup Email alert for CSF

  1. Bhawani Singh
    Login Failure Daemon:

    Login Failure Daemon is a process in ConfigServer Security and Firewall. It is a firewall Configuration script for Linux servers which checks for login attempts periodically against the server in the latest log file entries. It protects against attacks comes in form of password and cryptography attack. It just attempts to block the IP address which is believed to attack the server.

    What is CSF and how to set up E-Mail Alerts for CSF?

    CSF is the best alternative option for firewall. When compared to other firewalls, CSF provides more configuration options. It is basically easy for installation. APF and CSF are the most famous options for Software Firewalls.

    Config server Firewall and Login Failure Daemon features like unauthenticated file reporting, system monitoring, intrusion detection and port scanning detection.

    There is a way to either enable or disable login failures through email alert. The simple way to enable or disable the login failures email alert is to change the value of directive LF-EMAIL-ALERT in CSF configuration file.

    Open the CSF Configuration file using the editor of your own choice and change the value of LF-EMAIL-ALERT.

    There are 2 values and they are,

    1 – To Enable

    0 -To Disable

    How to Enable or Disable Port Scanning E-Mail Alert?

    Command Line is as follows,

    Code:
    # vi /etc/csf/csf.conf
    Code:
    PS-EMAIL-ALERT =1/0
    2 Values:

    1 - To Enable

    2 - To Disable

    The Most Common Commands:
    • CSF –d IPADDRESS
    • CSF –a IPADDRESS
    • CSF –r
    CSF –d IPADDRESS:

    It ends an IP.

    CSF –a IPADDRESS:

    It allows an IP.

    CSF –r:

    It reloads all rules.

    What is Login Failure?

    The LF-EMAIL-ALERT is the most common attribute to enable or disable login failures. You can change the value of the directive LF-EMAIL-ALERT in the CSF Configuration File. This sends email alert to the users. User has to open the configuration file by using any editor to edit the value of LF-EMAIL-ALERT.

    Command Lines:

    Code:
    # vi/etc/csf/csf.conf
    ----

    Code:
    LF_EMAIL-ALERT =1/0
    ---

    How to Send E-Mail Alert for Port Scanning?

    As same as for login failures, use the command line to send alert for port scanning.

    Code:
    # vi /etc/csf/csf.conf
    ---

    Code:
    PS-EMAIL-ALERT=1/0
    ---

    PS defines the Port Scanning.

    After executing the command, please remember to restart the CSF so as to make changes in it.

    Command to Restart CSF:

    Code:
    Csf-r
    Is It Important to Receive E-Mail Alerts for LFD and PORT Scanning?

    Yes, it is very important to receive E-Mail alerts for these both situations. When you noticed that the IP is blocked or IP is not accepted, you should receive email alerts automatically about such circumstances. It is important to check with the CSF settings. If the CSF has value of 1, then you will receive email alerts or else, it won’t send you alert. Port scanning needs to be successfully done or else and to make it successfully, set the value of Port Scanning to 1 in CSF Settings.