Login Failures and Port Scanning notices – Email alert setup for CSF

A wide range of settings are available in CSF configuration file. We have already discussed a lot of topics related with CSF. Here I am discussing about email alert setup for unauthorized Login Failures and Port Scanning. Click here for disable Lfd excessive resource usage alert details. In CSF predefined emails are stored under the location ‘/usr/local/csf/tpl/‘. Some sample email templates are,

[email protected] [/usr/local/csf/tpl]# ll
-rw------- 1 root root  124 Apr  2 13:59 accounttracking.txt
-rw------- 1 root root  181 Apr  2 13:59 alert.txt
-rw------- 1 root root  192 Apr  2 13:59 connectiontracking.txt
-rw------- 1 root root   76 Apr  2 13:59 consolealert.txt
-rw------- 1 root root  136 Apr  2 13:59 cpanelalert.txt
-rw------- 1 root root  129 Apr  2 13:59 exploitalert.txt
-rw------- 1 root root  151 Apr  2 13:59 filealert.txt
-rw------- 1 root root  132 Apr  2 13:59 forkbombalert.txt
-rw------- 1 root root  374 Apr  2 13:59 integrityalert.txt
-rw------- 1 root root 1042 Apr  2 13:59 loadalert.txt
...........
...........

As I discussed previously, the service “lfd” with csf will check log files periodically and block IP address if it found any multiple login failure or something like that.

1. How to enable/disable Login Failures email alert ?

You can manage its by changing the value of the directive LF_EMAIL_ALERT in CSF configuration file.
Open the CSF configuration file using your favorite editor and edit the value of LF_EMAIL_ALERT as pasted below.

[email protected] [~]# vi /etc/csf/csf.conf
----
LF_EMAIL_ALERT = 1/0
----

1 – To enable
0 – To disable

2. How to enable/disable Port Scanning email alert ?

Similarly use the directive PS_EMAIL_ALERT to manage Port scanning email alerts.

[email protected] [~]# vi /etc/csf/csf.conf
----
PS_EMAIL_ALERT = 1/0
----

1 – To enable
0 – To disable

Then restart the CSF

csf -r

That’s it 🙂

 

Related Links
CSF commands for Unix/Linux servers
How to find whether the IP address is blacklisted or not in CSF
Process tracking with the help of csf
Easy way to Enable/Disable CSF

Arunlal Ashok

Linux Server Administrator. I'm dealing with Linux servers since 2012. I started this blog to share and discuss my ideas with the world. Check My Profile!! in uPwork (oDesk) and let me know if you need any assistance. Thanks!!

You may also like...

2 Responses

  1. José says:

    Hi, just read your blog and it seems very interesting, you could help me and tell me why csf not send notification emails, it was installed on a server with elastix. Thank you!

Leave a Reply

Your email address will not be published. Required fields are marked *