Configuring cPFence

The default configuration of cPFence is highly recommended for the majority of use cases. Upon initial scanning of your installation, cPFence will automatically apply the recommended settings based on your server specifications. However, if you require customization of cPFence to suit your specific needs, please refer to the following guidelines.

Configuration File Location


The cPFence configuration file is located at:

/opt/cpfence/config.conf



Applying Changes


IMPORTANT: After making any changes to the configuration file, you must restart cPFence to apply the updates. Use the following command:

cpfence --restart



Alternatively, you can use the command line for changes. Use `cpfence --help` for more information.

---

Configuration Parameters

License Key


Enter your license key to activate cPFence.

licensekey="cPFence-XXXXXXXXXXXXXXXX"



DDoS Protection Limits


You can change the number of connections allowed per IP for the cPFence DDoS Protection module by changing this
To totally disable the DDos Protection simply add a huge number ( e.g., 5000 )
To apply the changes you must restart cPFence by running the command "cpfence --restart"
A value around 100 or 120 is recommended (If exception is needed you can run "cpfence --add-whitelist-ip <IP>" to permanently skip DDos protection for this ip)

CONNECTIONS_LIMIT="100"



Daily Rootkit Scans


Enable or disable Daily scan to detect and remove rootkits, infected hidden processes, kernel modules, and system entries, safeguarding your system from cyber threats. Highly recommended.

ROOTKIT_DAILY="on"


IPDB Protection


Toggle cPFence IPDB protection. Possible options on / off , Default is on

CPF_IPDB="on"


Malware Real-Time Protection


Toggle real-time protection against malware. Possible options on / off , Default is on

CPF_MRTP="on"


Proactive Scan


Proactive scan is an option to determine how fast to detect malware. Possible options on / off.
"On" is the recommended default setting for all systems with the paid version (not available in the free version).


PROACTIVE_SCAN="on"

Auto Quarantine


Auto Quarantine automatically isolates detected threats. Default: off. Recommended: on.
It's advised to run a scan without quarantine first using 'cpfence --full-scan' to review and whitelist safe files.

AUTO_QUARANTINE="off"
EMAILS_QUARANTINE="off"

Email Spam Portection

Enables or disables spam protection, allowing cPFence to treat spam as a threat and quarantine it. Default: off.

EMAIL_SPAM_PROTECTION="off"

 

WAF Module


Enable or Disable OLS/LS latest cPFence WAF Module on OpenliteSpeed/LiteSpeed Servers. Possible options on / off , Default is on if OLS/LS is detected.
Enhance Updates won't disable the cPFence WAF OLS module. cPFence ensures the module remains active and keeps whitelisting rules synchronized.

OLS_WAF="on"



Owl Monitoring System


Owl monitoring system with no CPU/RAM footprint. Highly recommended. Possible options on / off , Default is on

CPFENCE_OWL="on"

The cPFence Owl - Blacklisted Users

This feature allows you to manage and optimize MySQL server resources by automatically terminating long-running queries from specified users. This is particularly useful for preventing poorly coded scripts or queries from monopolizing server resources. You can blacklist specific MySQL usernames or entire accounts by adding them to the BLACKLISTED_USERS variable in the configuration file. Additionally, you can set a maximum execution duration (MAX_EXECUTION_DURATION), defining how long a query can run before it is terminated. This feature helps maintain optimal server performance and prevents resource hogging by misbehaving scripts.

Example Configurations :

==============================================================================
# cPFence Owl - Blacklisted Users
# ==============================================================================
# This section configures the MySQL query termination functions within
# the cPFence Owl module. The functions are designed to terminate long-running
# MySQL queries for users specified in the blacklist, helping to prevent
# poorly coded scripts and queries from monopolizing MySQL server resources.
#
# To identify the current MySQL usernames on your server, execute the following command as root:
# mysql -e "SELECT user, COUNT(*) AS login_count FROM mysql.user GROUP BY user ORDER BY login_count DESC;"
#
# Add the usernames to the BLACKLISTED_USERS variable below, separated by |, e.g., BLACKLISTED_USERS="username1|username2"
# You can either add a specific database username to blacklist a single database,
# or use the account username to blacklist all databases associated with that account.
# Specify the maximum allowed duration (in seconds) for a query or script to be considered "long":
BLACKLISTED_USERS="Username1_|Username2_|Username3_"
MAX_EXECUTION_DURATION="30"

Country Blocking and Whitelisting


To manage country blocking and whitelisting, it's recommended to use the command line:

- Block a country:

 

cpfence --blacklist-country <ISOCODE>



- Whitelist a country:

cpfence --whitelist-country <ISOCODE>



Check ISO codes at: ISO Country Codes.


If you prefer to manually set blocked and whitelisted countries in the configuration file (Useful for mass deploying cPFence configuration on several servers at once ) You can simply add the required whitelisted or blacklisted countries and then restart cPFence :

Example Configuration :

# BLOCKED COUNTRIES : ( DO NOT DELETE THIS LINE! - Your blocked countries should go below this line )
BLOCKED_COUNTRY=cn
BLOCKED_COUNTRY=ru

# WHITELISTED COUNTRIES : ( DO NOT DELETE THIS LINE! - Your whitelisted countries should go below this line )
WHITELISTED_COUNTRY=us
WHITELISTED_COUNTRY=fr



To apply changes, restart cPFence:

cpfence --restart



Warning : Whitelisted countries will skip all IPDB/DDoS protections.

 

Email Notifications


Configure email notifications for system alerts.


- Specify the recipient email address for notifications.

EMAIL_RECIPIENT="[email protected]"



- Set the CPU load average threshold to trigger notification emails.
The default is 80% of the current detected CPU load, automatically set on cPFence initial installation.

CPULoadAverageThreshold="3"

 

- Set the threshold percentages for memory, disk usage, and disk I/O to trigger notification emails.
It is recommended to use the default value of 80%.

 

MEMORY_THRESHOLD="80"
DISK_USAGE_THRESHOLD="80"
DISK_IO_THRESHOLD="80"



- Define the duration in seconds that the resource usage must remain consistently high before sending notification emails.
The default value is 300 seconds (5 minutes).

time_diff_wait="300"



- Define the interval in seconds between sending subsequent notification emails.
The default value is 3600 seconds (1 hour). This prevents excessive notification emails.

email_send_interval="3600"



---

Tip: You can use the cPFence CLI to easily manage configurations , please use the command for more info :

cpfence --help



  • Configuring, configuration, cpfence configuration
  • 3 משתמשים שמצאו מאמר זה מועיל
?האם התשובה שקיבלתם הייתה מועילה

מאמרים קשורים

How to Manage cPFence License?

When cPFence is initially installed, the license should be added automatically. If you encounter...

What is the Recommended cPFence Settings for Email, Backup, and DNS Servers?

If you're running DNS, backup, or email servers, optimizing cPFence settings can help ensure...

Installation Guide & Quick Start

cPFence installation is a straightforward process : Requirements - Ensure your server is...