Join the community today
Become a Member

CSF CSF to send email notification ?

Discussion in 'Other Centmin Mod Installed software' started by arlon, Jul 2, 2016.

  1. arlon

    arlon Member

    73
    5
    8
    Feb 20, 2016
    Ratings:
    +10
    Local Time:
    10:04 PM
    1.10.1
    10.0
    how to make CSF sending email notification when ssh login, ip blocked, etc?
    because i have new vps installed cpanel and csf sending email when ssh login, brute force, ip blocked
     
  2. eva2000

    eva2000 Administrator Staff Member

    28,923
    6,565
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,742
    Local Time:
    1:04 AM
    Nginx 1.13.x
    MariaDB 5.5
    see CSF Firewall - CentminMod.com LEMP Nginx web stack for CentOS

    Getting Started Guide step 18 for Managing Root User Emails via /root/.forward file or via /etc/csf/csf.conf CSF config file reporting settings for LF_ALERT_TO and LF_ALERT_FROM
    Code (Text):
    ###############################################################################
    # SECTION:Reporting Settings
    ###############################################################################
    # By default, lfd will send alert emails using the relevant alert template to
    # the To: address configured within that template. Setting the following
    # option will override the configured To: field in all lfd alert emails
    #
    # Leave this option empty to use the To: field setting in each alert template
    LF_ALERT_TO = ""
    
    # By default, lfd will send alert emails using the relevant alert template from
    # the From: address configured within that template. Setting the following
    # option will override the configured From: field in all lfd alert emails
    #
    # Leave this option empty to use the From: field setting in each alert template
    LF_ALERT_FROM = ""

    then restart csf firewall
    Code (Text):
    csf -r


    fyi, default csf alert temples in /etc/csf/alerts send to root user
    Code (Text):
     cat /etc/csf/alerts/alert.txt   
    From: root
    To: root
    Subject: lfd on [hostname]: blocked [ip]
    
    Time:     [time]
    IP:       [ip]
    Failures: [ipcount]
    Interval: [iptick] seconds
    Blocked:  [block]
    
    Log entries:
    
    [text]

    Code (Text):
    ls -lhAh /etc/csf/alerts/
    total 132K
    -rw------- 1 root root  124 May  9  2014 accounttracking.txt
    -rw------- 1 root root  181 May  9  2014 alert.txt
    -rw------- 1 root root  192 May  9  2014 connectiontracking.txt
    -rw------- 1 root root   76 May  9  2014 consolealert.txt
    -rw------- 1 root root  136 May  9  2014 cpanelalert.txt
    -rw------- 1 root root  129 May  9  2014 exploitalert.txt
    -rw------- 1 root root  151 May  9  2014 filealert.txt
    -rw------- 1 root root  132 May  9  2014 forkbombalert.txt
    -rw------- 1 root root  374 May  9  2014 integrityalert.txt
    -rw------- 1 root root 1.1K May  9  2014 loadalert.txt
    -rw------- 1 root root 1.2K Nov  8  2015 loadalert.txt.new
    -rw------- 1 root root  103 May  9  2014 logalert.txt
    -rw------- 1 root root  101 May  9  2014 logfloodalert.txt
    -rw------- 1 root root  191 May  9  2014 netblock.txt
    -rw------- 1 root root  209 May  9  2014 permblock.txt
    -rw------- 1 root root  129 May  9  2014 portknocking.txt
    -rw------- 1 root root  175 May  9  2014 portscan.txt
    -rw------- 1 root root  391 May  9  2014 processtracking.txt
    -rw------- 1 root root   97 May  9  2014 queuealert.txt
    -rw------- 1 root root  196 May  9  2014 relayalert.txt
    -rw------- 1 root root  260 May  9  2014 resalert.txt
    -rw------- 1 root root  181 May  9  2014 reselleralert.txt
    -rw------- 1 root root  200 May  9  2014 scriptalert.txt
    -rw------- 1 root root  176 May  9  2014 sshalert.txt
    -rw------- 1 root root  159 May  9  2014 sualert.txt
    -rw------- 1 root root  194 May  9  2014 syslogalert.txt
    -rw------- 1 root root  298 May  9  2014 tracking.txt
    -rw------- 1 root root  129 May  9  2014 uialert.txt
    -rw------- 1 root root  150 May  9  2014 uidscan.txt
    -rw------- 1 root root  192 May  9  2014 usertracking.txt
    -rw------- 1 root root  129 May  9  2014 watchalert.txt
    -rw------- 1 root root  146 May  9  2014 webminalert.txt
    -rw------- 1 root root 1.2K Jun 28  2015 x-arf.txt