Archive

How To Install ClamAV On A CPanel Server

Steps To Install ClamAV On A CPanel Server

Here I’m explaining the steps to install ClamAV on a cPanel server. Before proceeding with this, first you need to make sure WHM plugin clamavconnector is not installed. Check WHM >> Manage plugins

1: If you would like to verify ClamAV’s digital signatures on the virus definition files as they are updated through freshclam, you need to install GMP first.

# /scripts/ensurerpm gmp gmp-devel bzip2-devel

2: Adding user and group for clamav

# useradd clamav
# groupadd clamav

Note: Don’t worry if the user and/or group already exists.

3: Create and chown clamav directory

# mkdir /usr/local/share/clamav
# chown clamav. /usr/local/share/clamav

4: Download the latest ClamAV from http://www.clamav.net/

# wget http://www.clamav.net/downloads/production/clamav-0.99.tar.gz
# tar -xvzf clamav-0.99.tar.gz
# cd clamav-0.99
# ./configure --disable-zlib-vcheck
# make
# make install

#mv -fv /usr/local/etc/freshclam.conf.sample /usr/local/etc/freshclam.conf

5: Comment out “Example” line in /usr/local/etc/freshclam.conf

[email protected] [/]# cat /usr/local/etc/freshclam.conf | grep -i example
## Example config file for freshclam
#Example


#mv -fv /usr/local/etc/clamd.conf.sample /usr/local/etc/clamd.conf

6: Comment out “Example” line in /usr/local/etc/clamd.conf

[email protected] [/]# cat /usr/local/etc/clamd.conf | grep -i example
## Example config file for the Clam AV daemon
#Example

7: Change the “LocalSocket” to /tmp/clamd in /usr/local/etc/clamd.conf

[email protected] [/]# grep LocalSocket /usr/local/etc/clamd.conf
LocalSocket /tmp/clamd.socket

8: Run ldconfig to create the necessary links and cache to the most recent shared libraries

# ldconfig

9: Run freshclam to download the latest definitions

# freshclam

10: Init script for CentOS/CloudLinux upto/including version 6.x

# curl https://download.configserver.com/clamd -o /etc/init.d/clamd
# chown root:root /etc/init.d/clamd
# chmod +x /etc/init.d/clamd
# chkconfig clamd on
# service clamd restart

11: Init script for CentOS/CloudLinux version 7.x

# rm -fv /etc/init.d/clamd
# curl https://download.configserver.com/clamd.service -o /usr/lib/systemd/system/clamd.service
# systemctl daemon-reload
# systemctl enable clamd.service
# systemctl restart clamd.service

12: Add service to /etc/chkserv.d/clamav

[email protected] [/]# cat  /etc/chkserv.d/clamav
service[clamav]=x,x,x,service clamd restart,clamd,root

13: Creating log files for ClamAV updates

# touch /var/log/clam-update.log
# chown clamav:clamav /var/log/clam-update.log

14: Add ClamAV to chkservd

[email protected] [/]# cat  /etc/chkserv.d/chkservd.conf | grep clamav
clamav:1

Config Server Firewall Commands For Unix and Linux Server

Config Server Firewall(CSF)commands. 

CSF is the firewall framework that is most widely used to protect Linux servers.

CSF has a wide variety of options for controlling the Linux firewall from the control panel and from the command line. The CSF installation includes cPanel, DirectAdmin and Webmin preconfigured settings and control panel UIs.

Usage and installation of CSF is quite simple.

Working principle of CSF

As with most iptables firewall setups, the concept with CSF is to block all and then let only those connections you want through. This is achieved by DROPPING all ties on all protocols in and out of the server in iptables. Then allow traffic from existing links in and out. Then open the ports separately for both TCP and UDP in and out.

The installation steps for CSF on the Linux server have already been addressed. Click here to install CSF on CentOS and customize it.

After you have successfully enabled CSF, you need to disable TESTING mode to function properly with CSF on your server.

[[email protected] #] vim /etc/csf/csf.conf
Then change the value of 'TESTING' from 1 to 0

CSF commands for managing server firewall.

STEP 1. Enable CSF and LFD if formerly disabled
csf -e 
Or 
csf --enable

STEP 2. Disable CSF and LDF Effectively

csf -x
Or
csf --disable

START 3. Restart firewall rules

csf -r 
Or 
csf --restart

STEP 4. Start the firewall rules

csf -s 
Or 
csf --start

STEP 5. Flush/Stop firewall rules (Note: lfd may restart csf)

csf -f 
Or 
csf --stop

STEP 6. List/Show the IPv4 iptables configuration

csf -l 
Or 
csf --status

STEP 7. List/Show the IPv6 ip6tables configuration

csf -l6 
Or 
csf --status6

You must have some ideas about the following configuration files for using some other csf commands.

csf.conf : Configuration file for controlling CSF.
csf.allow : Allowed IP’s and CIDR addresses list on the firewall.
csf.deny : Denied IP’s and CIDR addresses list on the firewall.
csf.ignore : Ignored IP’s and CIDR addresses list on the firewall.
csf.*ignore : The list of various ignore files of users, IP’s.

STEP 8. Allow an IP and add to /etc/csf/csf.allow

csf -a ip [comment] 
Or 
csf --add ip [comment]

You can add your comments in the square bracket. See the example below:

[[email protected] ~]# csf -a 6x.8xx.1x2.8x [My server]
Adding 6x.8xx.1x2.8x to csf.allow and iptables ACCEPT...
ACCEPT  all opt -- in !lo out *  6x.8xx.1x2.8x  -> 0.0.0.0/0
ACCEPT  all opt -- in * out !lo  0.0.0.0/0  -> 6x.8xx.1x2.8x
 

6x.8xx.1×2.8x – is the IP address and ‘My server’ inside the square bracket is the comment. You can check the /etc/csf/csf.allow file for more details:

[[email protected] ~]# grep 6x.8xx.1x2.8x /etc/csf/csf.allow
------
6x.8xx.1x2.8x # [My server] - Thu Dec 19 23:16:27 2013
------

STEP 9. Remove an IP from /etc/csf/csf.allow and delete rule

csf -ar 
Or 
csf --addrm ip

STEP 10. Deny an IP and add to /etc/csf/csf.deny

csf -d 
Or 
csf --deny ip [comment]

STEP 11. Unblock an IP and remove from /etc/csf/csf.deny

csf -dr 
Or 
csf --denyrm ip

STEP 12. Remove and unblock all entries in /etc/csf/csf.deny

csf -df 
Or 
csf --denyf

STEP 13. Search the iptables and ip6tables rules for a match (e.g. IP, CIDR, Port Number)

csf -g 
Or 
csf --grep ip

Example:

[[email protected] ~]# csf -g 6x.8xx.1x2.8x
Chain            num   pkts bytes target     prot opt in     out     source               destination
ALLOWIN          1        0     0 ACCEPT     all  --  !lo    *       6x.8xx.1x2.8x        0.0.0.0/0
ALLOWOUT         1        0     0 ACCEPT     all  --  *      !lo     0.0.0.0/0            6x.8xx.1x2.8x
Temporary allow or deny of IP:
The following csf commands are using to allow or deny an IP address temporary from our server.

STEP 14. Displays the current list of temporary allow and deny IP entries with their TTL and comment

csf -t 
Or 
csf --temp

STEP 15. Add an IP to the temp IP allow list (default:inout)

csf -ta ip ttl [-p port] [-d direction] [comment]
Or
csf --tempallow ip ttl [-p port] [-d direction] [comment]

Where ttl is the time to live in seconds(Default value: 3600)

Example:

[[email protected] ~]# csf -ta 66.8x.1xx.xx
ACCEPT  all opt -- in !lo out *  66.8x.1xx.xx  -> 0.0.0.0/0
ACCEPT  all opt -- in * out !lo  0.0.0.0/0  -> 66.8x.1xx.xx
csf: 66.8x.1xx.xx allowed on port * for 3600 seconds in and outbound

STEP 16. Add an IP to the temp IP ban list.

csf -td ip ttl [-p port] [-d direction] [comment]
Or
csf --tempdeny ip ttl [-p port] [-d direction] [comment]

Example:

[[email protected] ~]# csf -td 66.8x.1xx.xx
DROP  all opt -- in !lo out *  66.8x.1xx.xx  -> 0.0.0.0/0
csf: 66.8x.1xx.xx blocked on port * for 3600 seconds inbound

STEP 17. Remove an IP from the temporary IP ban or allow list

csf -tr 
Or 
csf --temprm ip

STEP 18. Flush all IPs from the temporary IP entries

csf -tf 
Or 
csf --tempf

STEP 19. General commands:

csf -v Or csf --version : Show csf version
csf -c Or csf --check : Check for updates to csf but do not upgrade
csf -u Or csf --update : Check for updates to csf and upgrade if available
csf -h Or csf --help : For help

links for further Knowledge:: #install nslookup#Migrating CPanel To DirectAdmin