CSF cluster setup

CSF Cluster Setup for Hosting Companies

CSF Cluster Setup

By hearing Cluster Setup, you may think it is a complex setup but a firewall cluster using the CSF firewall is a simple one and can be done with a few steps. 

ConfigServer Firewall (CSF) is commonly used in the Linux web-hosting industry. CSF works based on Login Failure Daemon (lfd) process that runs all the time on the server and periodically scans the latest log file entries for login attempts against your server that continually fail within a short period of time. This daemon process responds quickly to such login failure attempts and blocks offending IP's. The blocked IPs will be added to blacklist and we can add legitimate IPs to the whitelist to prevent it being blocked by the firewall.
If you have a number of servers running which are running with CSF, each instance of it will be maintaining its own whitelists and blacklists. Instead of replicating this effort each time, wouldn’t it be easier if your servers could share this information among themselves? So if one of them detects a brute force attack originating from a certain IP address, the others don’t need to wait before they too are besieged. They can pass this information along 
to others to preempt attacks instead.
This is known as a CSF cluster. Groups of servers sharing whitelists and black lists. Setting it up is quite easy and only requires a few changes in the “csf.conf” file on each cluster member. Let's see how can configure it.

Configuring the Cluster Servers 

CSF providing a comprehensive and flexible interface with many of control paneled servers like cPanel, Plesk, Directadmin, etc. First of all we need to take list of servers which are running with CSF, to configure the servers we will need to edit the CSF configuration file /etc/csf/csf.conf. We can edit the configuration settings from the interface for paneled servers, but in this blog we are discussing about the command line options to enable CSF clustering. We need to obtain the IP addresses of all servers that will be participating as cluster members.

Specifying the Clusters

Make sure to backup the current configuration file before doing any changes, so we can revert if there any fault happened. The configuration file changes needs to made with the help of a server admin otherwise it amy cause 
issues.

 Add Server IP Addresses

In this step we need to edit the configuration file and add IP addresses of our servers in the CLUSTER_SENDTO = “” and CLUSTER_RECVFROM = “” sections.

perl -pi -w -e "s/CLUSTER_SENDTO = \"\"/CLUSTER_SENDTO = \"192.168.0.1,127.0.0.1\"/" /etc/csf/csf.conf
perl -pi -w -e "s/CLUSTER_RECVFROM = \"\"/CLUSTER_RECVFROM = \"192.168.0.1,127.0.0.1\"/" /etc/csf/csf.conf

We have now created a network using CSF where each of the listed IP addresses will be become members of the CSF cluster and be able to send and receive whitelists and blacklists.

Enable Cluster Block

We need to make sure the CLUSTER_BLOCK section is enabled on the configuration. To ensure it we can use use the below commands.
to check and confirm whether it's enabled or not:

grep -w '^CLUSTER_BLOCK' /etc/csf/csf.conf

If the CLUSTER_BLOCK returns a 0 (off) instead of 1 (on), you can use the following command to change it:

perl -pi -w -e "s/CLUSTER_BLOCK = \"0\"/CLUSTER_BLOCK = \"1\"/" /etc/csf/csf.conf

 Set Port
In this step we will set the Cluster port for cluster members to communicate with each other. By default the CLUSTER_PORT will be set to '7777' if you want to change it then need to update the port on every cluster 
members.
to check the current CLUSTER_PORT we can use this command:

grep -w '^CLUSTER_PORT' /etc/csf/csf.conf

to change the port number

perl -pi -w -e "s/CLUSTER_PORT = \"7777\"/CLUSTER_PORT = \”NEW-PORT-NUMBER\”/" /etc/csf/csf.conf

Secure with Cluster Key
The CLUSTER_KEY is a secret key which is responsible for ensuring all communications between our cluster members is encrypted. The key needs to be a minimum of 8 and a maximum of 56 characters long. The CSF team recommend a minimum length of 20 characters, however, we would recommend that the key is the maximum length of 56 characters.
to add the CLUSTER_KEY to the configuration use the below command

perl -pi -w -e "s/CLUSTER_KEY = \"\"/CLUSTER_KEY = \"CE5151A7BBD3C3BF2AEC1E3FB5CD787\"/" /etc/csf/csf.conf

The key mentioned in the above command is just an example, you can use your own random generated keys.
Restarting CSF/LFD and test with pinging
This is the final step of this configuration in which we need to restart the CSF and LFD to take effect the changes.

Please make sure to repeat all the above steps on every cluster member servers

We can use the below command to check all the cluster member servers are added fine and able to sync the data in between.

csf —cping

Results:
[root@server~]# csf --cping
Sent request to 192.168.0.1,replied: [PONG!]
Sent request to 192.168.0.2,replied: [PONG!]
Sent request to 192.168.0.3,replied: [PONG!]
Sent request to 192.168.0.4,replied: [PONG!]
Sent request to 192.168.0.5,replied: [PONG!]
Sent request to 192.168.0.6,replied: [PONG!]

Now we have completed the CSF clustering from now onwards the cluster member server will sync all whitelists and blacklists automatically

This kind of setups is needed for almost all companies who are having multiple Shared servers for customers. Using this they can make a common firewall for all customers.This is really good as hackers normally try to find loopholes for servers and if they are blocked in one server trying mischief with one server, that IP will get blocked in all the servers in the cluster, helping to stop that attack from the same IP 

Make sure to perform this with the help of an experienced Linux administrator. If you need assistance in setting up this kind of cluster. you can check our cPanel Server management plans or Hourly Server management plan for one-time support.

Facebook Comments