Installing (CSF) on CentOS 7

Installing Config Security Firewall (CSF) on CentOS 7 and Webmin

ConfigServer Security & Firewall (CSF) is a stateful packet inspection firewall (SPI), login/intrusion detection, and security application for Linux servers. It is a very popular security suite, but isn’t officially supported yet on CentOS 7.

CentOS 7 uses firewalld rather than iptables. A quick internet search will show that many faithful CentOS users find firewalld far too complicated for their needs and are reverting back to iptables. Iptables was the standard firewall for CentOS 5 and 6.

This guide shows you how to disable firewalld, install IP tables, CSF dependencies, and CSF.

Install CSF

Stop and disable firewalld.

   systemctl disable firewalld
   systemctl stop firewalld

Install iptables.

 yum -y install iptables-services

Create files needed by iptables.

  touch /etc/sysconfig/iptables
  touch /etc/sysconfig/iptables6

Start iptables.

  systemctl start iptables
  systemctl start ip6tables

Enable iptables at boot.

  systemctl enable iptables
  systemctl enable ip6tables

Install the CSF dependencies.

  yum -y install wget perl unzip net-tools perl-libwww-perl perl-LWP-Protocol-https perl-GDGraph -y

Download and launch the CSF installer.

  cd /opt
  wget https://download.configserver.com/csf.tgz
  tar -xzf csf.tgz
  cd csf
  sh install.sh

Remove the installation files.

 rm -rf /opt/csf
 rm /opt/csf.tgz 

(Optional) Webmin integration

If you use Webmin, then you can install the CSF Webmin module.

Login to Webmin and navigate to the following page.

Webmin > Webmin Configuration > Webmin Modules >

Click “From local file” and insert the following.

  /usr/local/csf/csfwebmin.tgz > 

Install the module & enjoy!

WordPress does not load outside my local network

Wordpress won't load outside my network

My WordPress website will not load outside my local network!

hp-proliant-dl380-g6-server

Server Specifications (HP PROLIANT DL380-G6 DUAL XEON)
CentOS 7
MySQL
PHP
Apache
Wordpress

All latest version but….
* You should stick to MySQL version 5.5.44 for now! (25-12-2015)

Solutions

1. Check your wp-config.php file that reside in the root of your WordPress directory

You have to look for this code section

/**#@+
* Authentication Unique Keys and Salts.
*
* Change these to different unique phrases!
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
*
* @since 2.6.0
*/
define(‘AUTH_KEY’,         ‘@z]6-zHz-}c:i?+Dq14vez%2be~V93_Ig{X9c-|O.t9Ab?^+k;-m)bZ=qNvZ1,x$’);
define(‘SECURE_AUTH_KEY’,  ‘ <;Sq]#!~a0xC|kqzVRuPG@DIJRnk:1FT(1qB[1v[bi/h >t@^/{ Lav24)BEO&[‘);
define(‘LOGGED_IN_KEY’,    ‘A+;~!`7,W ,wE>=Kn4.BzCbdx34O_JMkOI)b2%Ez$RzT)O:2[b|+19mrh)IAWOGo’);
define(‘NONCE_KEY’,        ‘s[L2u1&rpt8C)]bZqf7]`zof>fAswRg0y|qZZ)vcDX*/j-Ez[|PW}:eO-8AlHJ8k’);
define(‘AUTH_SALT’,        ‘KW8wra;81,>O:k4Z8(2+(YZEDX>K/vF@KdYeS0a*Mom)*<g6e+1lf -n@_w>bFyn’);
define(‘SECURE_AUTH_SALT’, ‘e5if.r^`P?KK;nkv<h[[FbH^w&5nc]>Dy(Dx#z3sYg(-9![{spcQMrVX8IlK:Xwx’);
define(‘LOGGED_IN_SALT’,   ‘F:|V^sHC+qO`=cselr|}&K<lS6:Tnd/A}&r8g<7?qj!AL1-8Q/pd(4;P3sKM=Q/Q’);
define(‘NONCE_SALT’,       ‘?-C_Ny0>E5Z;9Gj$&nJ{mr<8xkA{%FxyL~-K-f7>^WK$83C<hu;-J3-mt+J7>N{d’);

*This have to be added with your credential

define(‘WP_HOME’,’http://domain.xxx/wordpress’);
define(‘WP_SITEURL’,’http://domain.xxx/wordpress’);
/**#@-*/

2. From my personal experience and many try and fail I manually added this

define(‘WP_SITEURL’,’http://xxx.xxx.xxx.xxx/wordpress-directory’);
define(‘WP_HOME’,’http://xxx.xxx.xxx.xxx/wordpress-directory’);

  • Replace http://xxx.xxx.xxx.xxx/ with your IP or Domain name
  • Also make sure that your ISP is not blocking Port:80
  • Also notice that when your IP will change you will have to change it too!

Restart Apache

systemctl restart httpd.service

3. Make sure that the directory is Chown by Apache if you are using Webmin

>others>file manager>

go to …

/var/www/html/ + the name of your installed wordpress directory

Ex:
/var/www/html/wordpress/

And now select the (wordpress)

Go to tools/Chown Selected/

chown-apache-2

Chown your WordPress directory name to : apache:apache

chown-apache

* This will fix the plugin update problem and also the image upload to your posts or pages of wordpress

Et voilà!

Other details generated by CentOS 7 (SELinux)

*****  Plugin httpd_write_content (92.2 confidence) suggests   ***************

If you want to allow httpd to have write access on the wordpress directory
Then you need to change the label on '/var/www/html/wordpress'
Do
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/wordpress'
# restorecon -v '/var/www/html/wordpress'

*****  Plugin catchall_boolean (7.83 confidence) suggests   ******************

If you want to allow httpd to unified
Then you must tell SELinux about this by enabling the 'httpd_unified' boolean.
You can read 'None' man page for more details.
Do
setsebool -P httpd_unified 1

*****  Plugin catchall (1.41 confidence) suggests   **************************

If you believe that httpd should be allowed write access on the wordpress directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep httpd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp