PCI DSS Compliance: About ConfigServer Services for Linux

Welcome to easier server management

ConfigServer Services by Way to the Web Ltd provides an open source set of server monitoring and management tools for Linux based servers.  If you have a dedicated server running RedHat Enterprise, CentOS, or CloudLinux then these tools are a must have for easy server management. Whether you setup your server on your own, or purchased it from one of the many hosting companies - there is a lot of software installed on your server and much of it is related to security.  However, managing all of these pieces of software can become tedious.  Do you ever get frustrated sorting through all the modules on your cPanel?  Do you ever lost looking through hundreds of pages of settings and options in WHM (Web Host Manager)? If you manage a server, then you've been there... We all have!  ConfigServer is here to save you the headaches and mounting frustration.

Is your website safe from attackers? Are you vulnerable to hackers? Click the button below and get a FREE website security audit!

Also, if you're looking for other great information on website security check these articles from our blog!

• Use Chrome to ID non-secure Pages on your Website
• How to Fix WordPress upload issues when using Force SSL Admin
• 5 Reasons to use WordPress in your next Website Redesign

CONFIGSERVER Security & firewall

Likely the most useful tools that ConfigServer offers are the security plugins.  If you manage a Linux server, you more than likely have come acrossinstances when changes in the firewall are necessary.  However, adding IP blocks, port blocking, security reporting, and other common firewall tasks can be a pain to manage across the many tools and menus provided on most servers.  

Enter ConfigServer Firewall (CSF for short). CSF gives you an easy-to-use interface in which to manage your firewall.  It brings the various controls and settings across your server and places them into a neatly organized single page UI.  It's fully customizable as to the options that are available on the front page and provides many customizable features on the back end if a more advanced configuration is required.  CSF installs with a basic setup that includes a fairly standard set of security options, but also gives the server manager the ability to customize all areas of server security.  This is especially useful when setting up your server for PCI compliance which requires much more customization. On top of that, CSF comes with a very extensive readme on the different syntax and how to use the various features offered within the suite.

Advantages of CSF:

• Easy to install implement
• Easy to use and set up
• 100% open source and free, which is awesome!
• A very robust offering of customization for free software

Disadvantages of CSF:

• Designed for Linux, will not operate on Windows
• Requires a good knowledge base regarding Linux
• You must have root access to your server (usually only accomplished by owning a physical/virtual server)
• Not compatible with all server software versions (check CSF compatibility before installing)

setting up csf

If you have root access to your server, CSF is extremely easy to install and activate.  If you are interested in installing CSF on your server, here is a very nice guide that will help you get up and running. Make sure to read up and do your homework as you don't want to run into any issues in the event you're running a Linux build that isn't compatible.  Also, if you're paying for a dedicated server through a hosting provider it never hurts to get in contact with them and have a conversation about it.  You never know, they may even install it for you!

Once you get CSF installed, simply login to your Web Host Manager (WHM, and be sure to use your root user name and password), navigate to the 'Plugins' tab and you should now have another sub menu option for CS Security & Firewall.  The software will start de-activated but will guide you through starting the plugin and the various options and set-up methods.  Again, make sure you read the install instructions as well as the readme as it contains a lot of very useful information regarding the set-up.  Once you activate you're good to go!  I've found that using CSF for IP and port blocking is extremely easy, much easier than doing it without.  Plus, CSF gives you the ability to easily port block for specific IP addresses on your server which I've found to be extremely useful.  If you've used CSF, found it useful or not, please feel free to comment below on what you like/don't like about the plugin!

configserver modsecurity plugin

Attempting not to sound too repetitive I must re-iterate, the CS plugins seem to really be tailored towards making security management on Linux servers a lot easier and more flexible.  I cannot understate the advantages of having all of these features consolidated into one UI. CS ModSecurity is the embodiment of that concept.  If you manage a Linux based web server you've more than likely had your run-ins with ModSecurity.  If you manage a web server running Wordpress websites there is a 99.9% chance you've had more than a few instances involving ModSecurity especially if you have a firewall.  

ModSecurity is a very popular and widely used security platform on dedicated servers running Linux. It's a very extensive security suite that is very effective at keeping your server safe from hackers and other attacks that can put your websites, software, and other data at risk.  However, the mere nature of just how extensive ModSecurity can often be it's biggest drawback.  

ModSecurity contains thousands and thousands of rules and processes that govern what behavior is OK and not OK from those interacting with your server. Whether that's a user navigating your website, or running a piece of software in the cloud, ModSecurity is there policing and reporting on all this activity.  Most of the time, this is great! Automatic flagging of suspicious behavior and activity is a great feature, but sometimes ModSecurity can get in the way of normal server functions.  When this is the case, ConfigServer ModSecurity is your best friend (CSM for short).

CSM allows you to easily 'white list' (remove) certain rules when they are getting in the way.  Simply find the rule ID (easily found in server logs which can also be searched using CSF...) and enter it into the UI for the CSM plugin and boom, you're back up and running in no time.  I've found this especially useful when running Wordpress websites with plugins that don't play nice with ModSecurity.  Sometimes it's not the plugins but the actual Wordpress theme that you are using.  This can cause normal users of your site to become flagged and often blocked by your server automatically (that's bad!).  By easily removing a single rule you can still run ModSecurity and get all the benefits without any of the headache and that is awesome!

CSM is just as easy to install as CSF.  Just remember you need root access!

FREE AND EASY TO USE? YES PLEASE!

One of the best parts about CS services? They're free!  Completely and utterly free to use.  On top of that there are endless blogs, forums, and resources if you ever need help navigating the freeware and all of it's great features.   All in all, the CS software has really changed the way that I interact with our web server at Digital 1, and I don't think that I can count all of the hours I've saved by using it.  In this man's humble opinion, it is the best Linux based open source server software on the market - and I think you'll find that the internet agrees.

Need help with PCI compliance?

If you're looking to get started and work towards becoming PCI Complaince, click the link below and get our 'PCI Q + A'!  It's a nice place to start if you're looking to upgrade your website's security.