Dear ConfigServer Firewall Community,
I hope this message finds you well. I am reaching out to propose a new feature that I believe would significantly enhance the security and usability of the ConfigServer Firewall (CSF), particularly regarding SSH login alerts.
I'd like to suggest an enhancement to the SSH login alert system. The idea is to implement a conditional alert mechanism that triggers email notifications only when an SSH login attempt is made from an IP address that has not been previously whitelisted in the firewall.
The primary benefit of this feature would be to reduce the clutter of login alert emails from automated scripts or systems that perform routine logins for maintenance or other tasks. Many of us utilize automation scripts that regularly access the server via SSH from known, trusted IP addresses. While we want to remain informed about potentially unauthorized access, receiving alerts for every login attempt can be overwhelming and may lead to important notifications being overlooked.
Proposed Functionality:
- An option in the CSF configuration to enable or disable conditional SSH login alerts.
- The ability to specify a whitelist of IP addresses or ranges that, when recognized, will not trigger an email alert upon SSH login.
- Alerts would only be sent when an SSH login is made from an IP address that is not on the whitelist, ensuring that administrators are notified of logins that could be unauthorized or require attention.
By implementing this feature, we can keep the system secure by being alerted to unusual login attempts while also keeping our inboxes free from alerts we know are routine and expected.
I believe this feature would be a valuable addition to the CSF suite, and I am sure many in the community would also appreciate it. I look forward to hearing your thoughts and any feedback on this suggestion.
Thank you for considering my proposal, and for your continuous efforts to improve the ConfigServer Firewall.
Best regards,
Rasul
Feature Request: Conditional SSH Login Alert for Non-Whitelisted IPs
Re: Feature Request: Conditional SSH Login Alert for Non-Whitelisted IPs
You can implement your own script to do that and a lot of other things; in your CSF check for the following:
Sergio
In BLOCK_REPORT write the path and name of your script.Block Reporting. lfd can run an external script when it performs and (sic) IP
address block following for example a login failure. The following setting
is to the full path of the external script which must be executable. See
readme.txt for format details.
Sergio