Firewall

Login Failures and Port Scanning notices – Email alert setup for CSF

Arunlal A2 Comments
Post Views: 1,236

A wide range of settings are available in CSF configuration file. We have already discussed a lot of topics related with CSF. Here I am discussing about email alert setup for unauthorized Login Failures and Port Scanning. Click here for disable Lfd excessive resource usage alert details. In CSF predefined emails are stored under the location ‘/usr/local/csf/tpl/‘. Some sample email templates are,

root@test [/usr/local/csf/tpl]# ll
-rw------- 1 root root  124 Apr  2 13:59 accounttracking.txt
-rw------- 1 root root  181 Apr  2 13:59 alert.txt
-rw------- 1 root root  192 Apr  2 13:59 connectiontracking.txt
-rw------- 1 root root   76 Apr  2 13:59 consolealert.txt
-rw------- 1 root root  136 Apr  2 13:59 cpanelalert.txt
-rw------- 1 root root  129 Apr  2 13:59 exploitalert.txt
-rw------- 1 root root  151 Apr  2 13:59 filealert.txt
-rw------- 1 root root  132 Apr  2 13:59 forkbombalert.txt
-rw------- 1 root root  374 Apr  2 13:59 integrityalert.txt
-rw------- 1 root root 1042 Apr  2 13:59 loadalert.txt
...........
...........

As I discussed previously, the service “lfd” with csf will check log files periodically and block IP address if it found any multiple login failure or something like that.

1. How to enable/disable Login Failures email alert ?

You can manage its by changing the value of the directive LF_EMAIL_ALERT in CSF configuration file.
Open the CSF configuration file using your favorite editor and edit the value of LF_EMAIL_ALERT as pasted below.

root@test [~]# vi /etc/csf/csf.conf
----
LF_EMAIL_ALERT = 1/0
----

1 – To enable
0 – To disable

2. How to enable/disable Port Scanning email alert ?

Similarly use the directive PS_EMAIL_ALERT to manage Port scanning email alerts.

root@test [~]# vi /etc/csf/csf.conf
----
PS_EMAIL_ALERT = 1/0
----

1 – To enable
0 – To disable

Then restart the CSF

csf -r

That’s it 🙂

 

Related Links
CSF commands for Unix/Linux servers
How to find whether the IP address is blacklisted or not in CSF
Process tracking with the help of csf
Easy way to Enable/Disable CSF

,

Post navigation

Arunlal A

Senior System Developer at Zeta. Linux lover. Traveller. Let's connect! Whether you're a seasoned DevOps pro or just starting your journey, I'm always eager to engage with like-minded individuals. Follow my blog for regular updates, connect on social media, and let's embark on this DevOps adventure together! Happy coding and deploying!

2 thoughts on “Login Failures and Port Scanning notices – Email alert setup for CSF

  1. Hi, just read your blog and it seems very interesting, you could help me and tell me why csf not send notification emails, it was installed on a server with elastix. Thank you!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *