CSF Cluster Setup
By hearing Cluster Setup, you may think it is a complex setup but a firewall cluster using the CSF firewall is a simple one and can be done with a few steps.
ConfigServer Firewall (CSF) is commonly used in the Linux web-hosting industry. CSF works based on Login Failure Daemon (lfd) process that runs all the time on the server and periodically scans the latest log file entries for login attempts against your server that continually fail within a short period of time. This daemon process responds quickly to such login failure attempts and blocks offending IP's. The blocked IPs will be added to blacklist and we can add legitimate IPs to the whitelist to prevent it being blocked by the firewall.
If you have a number of servers running which are running with CSF, each instance of it will be maintaining its own whitelists and blacklists. Instead of replicating this effort each time, wouldn’t it be easier if your servers could share this information among themselves? So if one of them detects a brute force attack originating from a certain IP address, the others don’t need to wait before they too are besieged. They can pass this information along to others to preempt attacks instead.
This is known as a CSF cluster. Groups of servers sharing whitelists and black lists. Setting it up is quite easy and only requires a few changes in the “csf.conf” file on each cluster member. Let's see how can configure it.
Configuring the Cluster Servers
CSF providing a comprehensive and flexible interface with many of control paneled servers like cPanel, Plesk, Directadmin, etc. First of all we need to take list of servers which are running with CSF, to configure the servers we will need to edit the CSF configuration file /etc/csf/csf.conf. We can edit the configuration settings from the interface for paneled servers, but in this blog we are discussing about the command line options to enable CSF clustering. We need to obtain the IP addresses of all servers that will be participating as cluster members.
Specifying the Clusters
Make sure to backup the current configuration file before doing any changes, so we can revert if there any fault happened. The configuration file changes needs to made with the help of a server admin otherwise it amy cause issues.
Add Server IP Addresses
In this step we need to edit the configuration file and add IP addresses of our servers in the CLUSTER_SENDTO = “” and CLUSTER_RECVFROM = “” sections.
perl -pi -w -e "s/CLUSTER_SENDTO = \"\"/CLUSTER_SENDTO = \"192.168.0.1,127.0.0.1\"/" /etc/csf/csf.conf
perl -pi -w -e "s/CLUSTER_RECVFROM = \"\"/CLUSTER_RECVFROM = \"192.168.0.1,127.0.0.1\"/" /etc/csf/csf.conf
We have now created a network using CSF where each of the listed IP addresses will be become members of the CSF cluster and be able to send and receive whitelists and blacklists.
Enable Cluster Block
We need to make sure the CLUSTER_BLOCK section is enabled on the configuration. To ensure it we can use use the below commands.
to check and confirm whether it's enabled or not:
grep -w '^CLUSTER_BLOCK' /etc/csf/csf.conf
If the CLUSTER_BLOCK returns a 0 (off) instead of 1 (on), you can use the following command to change it:
perl -pi -w -e "s/CLUSTER_BLOCK = \"0\"/CLUSTER_BLOCK = \"1\"/" /etc/csf/csf.conf
In this step we will set the Cluster port for cluster members to communicate with each other. By default the CLUSTER_PORT will be set to '7777' if you want to change it then need to update the port on every cluster members.
to check the current CLUSTER_PORT we can use this command:
grep -w '^CLUSTER_PORT' /etc/csf/csf.conf
to change the port number
perl -pi -w -e "s/CLUSTER_PORT = \"7777\"/CLUSTER_PORT = \”NEW-PORT-NUMBER\”/" /etc/csf/csf.conf
Secure with Cluster Key
The CLUSTER_KEY is a secret key which is responsible for ensuring all communications between our cluster members is encrypted. The key needs to be a minimum of 8 and a maximum of 56 characters long. The CSF team recommend a minimum length of 20 characters, however, we would recommend that the key is the maximum length of 56 characters.
to add the CLUSTER_KEY to the configuration use the below command
perl -pi -w -e "s/CLUSTER_KEY = \"\"/CLUSTER_KEY = \"CE5151A7BBD3C3BF2AEC1E3FB5CD787\"/" /etc/csf/csf.conf
The key mentioned in the above command is just an example, you can use your own random generated keys.
Restarting CSF/LFD and test with pinging
This is the final step of this configuration in which we need to restart the CSF and LFD to take effect the changes. Please make sure to repeat all the above steps on every cluster member servers We can use the below command to check all the cluster member servers are added fine and able to sync the data in between.
[root@server~]# csf --cping
Sent request to 192.168.0.1,replied: [PONG!]
Sent request to 192.168.0.2,replied: [PONG!]
Sent request to 192.168.0.3,replied: [PONG!]
Sent request to 192.168.0.4,replied: [PONG!]
Sent request to 192.168.0.5,replied: [PONG!]
Sent request to 192.168.0.6,replied: [PONG!]
Now we have completed the CSF clustering from now onwards the cluster member server will sync all whitelists and blacklists automatically
This kind of setups is needed for almost all companies who are having multiple Shared servers for customers. Using this they can make a common firewall for all customers.This is really good as hackers normally try to find loopholes for servers and if they are blocked in one server trying mischief with one server, that IP will get blocked in all the servers in the cluster, helping to stop that attack from the same IP
Make sure to perform this with the help of an experienced Linux administrator. If you need assistance in setting up this kind of cluster. you can check our cPanel Server management plans or Hourly Server management plan for one-time support.