ServerPilot compatibility test
Zoltan Toma

ServerPilot compatibility test

Lots of our users are interested in using BitNinja with ServerPilot and our team was also very curious how much compatible they are. Therefore, I have tested it and today I show you the results. :)


Test details

Tested operating systems: Ubuntu LTS 14.04, Ubuntu LTS 16.04

The goal of this test is to check if BitNinja modules are compatible with ServerPilot and it's configurations. I used ServerPilot’s manual installer on two Ubuntu Vagrant boxes and two SoftLayer hosted Ubuntu servers. ServerPilot should be installed on a fresh installed/created server, meaning no Apache, PHP, MySQL, Nginx, etc. installed (though BitNinja, htop, mc ... not hosting related apps could be present).

ServerPilot installs PHP, MySQL, Nginx, Apache, PHP-FPM,(LAMP/LEMP stack) security updates, and a basic firewall which drops everything except allowed packages. More information can be found the ServerPilot's installation guide.

ServerPilot's Firewall uses DROP policy in filter table and it adds some of its own rules. When it activates it's appending its rules at the end of the chains. IpFilter inserting its rules in the beginning of the chains that it uses. This way it doesn't matter which one is started first.

When ServerPilot’s Firewall deactivates, it restores ACCEPT policy and removes its own rule and leaves any other rules alone.

It's really a basic firewall but it's more than nothing, this is why ServerPilot recommends HeatShield, a sister company of ServerPilot, which allows more flexible firewall customization. This is why HeatShield was also included in the test.

The result of the test:

BitNinja

ServerPilot (with and without Firewall)
HeatShield
Both
System

OK

OK

OK

DataProvider

OK

OK

OK

IpFilter

OK

OK

OK

CaptchaHttp

OK

OK

OK

CaptchaSmtp

OK

OK

OK

PortHoneypot

OK

OK

OK

AntiFlood

OK

OK

OK

Shogun

OK

OK

OK

DosDetection

OK

OK

OK

MalwareDetection

OK (need configuration though)

OK

OK

SenseLog

OK (log detection route needed)

OK

OK

SenseWebHoneypot

OK

OK

OK

WAF/WAF 2.0

OK

FAIL

FAIL

OutboundWAF

OK

FAIL

FAIL

 

Explanation:

ServerPilot:

ServerPilot is not limiting the outgoing connection, this is why System, DataProvider, Shogun(incident sending) are working and they can communicate with the API servers. IpFilter inserts its rules to the beginning of the chains, this is why modules that require ports to open to function (CaptchaHttp, CaptchaSmtp, PortHoneypot, SenseWebHoneypot, WAF, OutboundWAF), could work.

DosDetection watches netstat records to operate, it's not affected by ServerPilot.

SenseLog has failed for the time being because it hasn’t got any log detector for ServerPilot, and ServerPilot’s log directory is /srv/users/(System username default is serverpilot)/log/(app name). App means a deployed web site on the server. On our documentation site, you can find more info how you can add the path.

MalwareDetection works, but it has to be configured for watching /srv/users/(System username default is serverpilot)/apps/(app name) too. 

HeatShield:

HeatShield is an easy-to-use online remote firewall rule manager something like UncomplicatedFirewall for Ubuntu desktop use.

The free HeatShield uses almost the same setting as ServerPilot’s FireWall, but it flushes the Filter table if any changes were made. It doesn’t limit outgoing connections, so it allows communication with the API server.


Conclusion

All BitNinja modules are compatible with ServerPilot and most of them compatible with HeatShield as well. So, you don't have to worry, you can use both of them with BitNinja without any doubt.
Would you like to test it?


Share your ideas with us about this article

Previous posts

Old botnets aren’t harmless - the presence of Cutwail botnet nowadays
Server operator faces many different types of attacks every day. Brute force, spam, CMS hacks and SQL injections are the most common - and the majority of them are automated botnet attacks. I think none of us can estimate how many servers and PCs are being unprotected against even the most simple botnets. But it’s not necessary to be a victim of an easily defendable attack. But even being careful, one thing you can fail about server security is underestimating the risk of old vulnerabilities and botnets. Thinking they’re doing no harm anymore, since they have been exposed and tracked d...
Hot new feature - Goodbye CAPTCHA! Hello Browser Integrity Check!
How would you imagine a world where annoying CAPTCHAs are not the first line when it comes to identification of botnets and human visitors? Here at BitNinja we thought big and made it come true. Let us show you a security solution where the visitors with suspicious incidents in their past don't have to type anything, moreover, they don't have to click anywhere either. It sounds too good to be true, isn't it? Some of our users (you know, big players who) run into this issue when their end-users - who would like to surf on sites - were afraid of filling CAPTCHAs. We couldn...