Tech Support Notes
introduction
1. Topic 01: Firewalls
- 1.1. CSF
- 1.2. APF
- 1.3. IPtables
- 1.4. UFW
- 1.5. Windows Firewall
2. Topic 02: Package Management
- 2.1. Yum
- 2.2. rpm
- 2.3. rpm2cpio
- 2.4. Apt
- 2.5. dpkg
3. Topic 03: Networking
- 3.1. mtr/traceroute
- 3.2. pathping
- 3.3. ipv6
- 3.4. nmap
- 3.5. telnet/netcat
- 3.6. netstat/ss
- 3.7. Bandwidth and Speed Testing
- 3.8. Assigning IP's
4. Topic 04: DNS
- 4.1. Dns overview
- 4.2. dig
- 4.3. host
5. Topic 5: Configuration Files
- 5.1. ssh
- 5.2. apache
- 5.3. samba
- 5.4. bind/named
- 5.5. exim
- 5.6. postfix
- 5.7. vsftpd
6. Topic 6: Mysql
- 6.1. to sort
7. Topic 7: Apache
- 7.1. to sort
8. Topic 8: Memory
- 8.1. free / vmstat
9. Topic 9: Process Tracking
- 9.1. ps
- 9.2. lsof
- 9.3. windows
10. Topic 10: Partitions/Filesystems
- 10.1. Basic Layout
- 10.2. creating / modifying
- 10.3. fdisk / parted
- 10.4. fstab / mount
- 10.5. labels / uuid
- 10.6. LVM Part One
- 10.7. LVM Part Two
11. Topic 11: Devices/shares
- 11.1. samba / nfs / nas
- 11.2. iscsi
12. Topic 12: Space and drive usage
- 12.1. du / df / inodes
- 12.2. iostat
- 12.3. smartctl
13. Topic 13: Logging
- 13.1. logging configuration
- 13.2. general system logs
- 13.3. plesk logs
- 13.4. cpanel logs
14. Topic 14: Finding Exploits
- 14.1. maldet
- 14.2. rootkit hunter
- 14.3. windows
15. Topic 15: Email
- 15.1. general troubleshooting
- 15.2. exim
- 15.3. qmail
- 15.4. postfix
- 15.5. spam
16. Topic 16: Find
- 16.1. find examples
17. Topic 17: Rescue Layer/Live Environment
- 17.1. mounting filesystem / chroot
- 17.2. cloning
18. Topic 18: Permissions/users/groups
- 18.1. permissions
- 18.2. users
- 18.3. groups
19. Topic 19: Cpanel
- 19.1. general
- 19.2. Moving Mysql
20. Topic 20: Plesk
- 20.1. general
21. Topic 21: Windows
- 21.1. windows to sort
- 21.2. hyper-v
22. Topic 22: Freebsd
- 22.1. installing packages
- 22.2. networking
- 22.3. drive management
23. Topic 23: Dumping ground
- 23.1. sed / awk
- 23.2. gdb
- 23.3. curl / wget
- 23.4. compress / uncompress
- 23.5. rsync / scp
- 23.6. Random commands

Tech Support Notes

CSF

Config Server Firewall aka CSF is a dynamic Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers.

To install CSF run the following commands:

rm -fv csf.tgz  
wget http://www.configserver.com/free/csf.tgz  
tar -xzf csf.tgz  
cd csf  
sh install.sh

Check for icmp blocks/allows in csf

csf -l | egrep -i 'ICMP'

To deny an IP

csf -d IPADDRESS

To allow an IP

csf -a IPADDRESS

To unblock an ip and remove from the deny list

csf -dr IPADDRESS

To reload the rules

csf -r

More commands:

Option              Meaning
-h, --help          Show this message
-l, --status        List/Show iptables configuration
-l6, --status6      List/Show ip6tables configuration
-s, --start         Start firewall rules
-f, --stop          Flush/Stop firewall rules (Note: lfd may restart csf)
-r, --restart       Restart firewall rules
-q, --startq        Quick restart (csf restarted by lfd)
-sf, --startf       Force CLI restart regardless of LFDSTART setting
-a, --add ip        Allow an IP and add to /etc/csf.allow
-ar, --addrm ip     Remove an IP from /etc/csf.allow and delete rule
-d, --deny ip       Deny an IP and add to /etc/csf.deny
-dr, --denyrm ip    Unblock an IP and remove from /etc/csf.deny
-df, --denyf        Remove and unblock all entries in /etc/csf.deny
-g, --grep ip       Search the iptables rules for an IP match (incl. CIDR)
-t, --temp          Displays the current list of temp IP entries and their TTL
-tr, --temprm ip    Remove an IPs from the temp IP ban and allow list
-td, --tempdeny ip ttl [-p port] [-d direction]
                    Add an IP to the temp IP ban list. ttl is how long to
                    blocks for (default:seconds, can use one suffix of h/m/d).
                    Optional port. Optional direction of block can be one of:
                    in, out or inout (default:in)
-ta, --tempallow ip ttl [-p port] [-d direction]
                    Add an IP to the temp IP allow list (default:inout)
-tf, --tempf        Flush all IPs from the temp IP entries
-cp, --cping        PING all members in an lfd Cluster
-cd, --cdeny ip     Deny an IP in a Cluster and add to /etc/csf.deny
-ca, --callow ip    Allow an IP in a Cluster and add to /etc/csf.allow
-cr, --crm ip       Unblock an IP in a Cluster and remove from /etc/csf.deny
-cc, --cconfig [name] [value]
                    Change configuration option [name] to [value] in a Cluster
-cf, --cfile [file] Send [file] in a Cluster to /etc/csf/
-crs, --crestart    Cluster restart csf and lfd
-w, --watch ip      Log SYN packets for an IP across iptables chains
-m, --mail [addr]   Display Server Check in HTML or email to [addr] if present
-lr, --logrun       Initiate Log Scanner report via lfd
-c, --check         Check for updates to csf but do not upgrade
-u, --update        Check for updates to csf and upgrade if available
-uf                 Force an update of csf
-x, --disable       Disable csf and lfd
-e, --enable        Enable csf and lfd if previously disabled
-v, --version       Show csf version