RED SCARF Suite Panel is an admin panel that displays all the components of RED SCARF Suite installed on the server. It specifies if any services are in failed state, shows the available storage space and real time CPU, RAM and network ussage, lists the infected files detected by ClamAV during periodic scanning and offers a way to access with one click the customized login URLs of different web application installed on the server. It provides an overview of the software installed on the server and of the server’s health status.
To install RED SCARF Suite Panel, first download it from its official repository (), then create a new directory in /var/www :
cd /var/www
mkdir panel.example.com
Then upload all the files of RED SCARF Suite Panel in the /var/www/panel.example.com
directory and change ownership and permissions:
chown -R www-data:www-data panel.example.com
find /var/www/panel.example.com -type d -exec chmod 750 {} +
find /var/www/panel.example.com -type f -exec chmod 640 {} +
35.1. Obtain a Let’s Encrypt SSL Certificate
Next edit the /etc/nginx/sites-enabled/0-conf file:
nano /etc/nginx/sites-enabled/0-conf
At the bottom of the file add the following temporary server block which is necessary to obtain a Let’s Encrypt SSL certificate for panel.example.com:
server {
listen 80;
listen [::]:80;
server_name panel.example.com;
location /.well-known/acme-challenge {
root /var/www;
}
}
Restart Nginx:
systemctl restart nginx
Next edit your DNS settings. Add an A entry and an AAAA entry for panel.example.com. These entries are similar to the entries you already have for example.com. It’s just that instead of example.com you use panel.example.com.
Then you can install the Let’s Encrypt certificate for the panel.example.com subdomain. To do that run:
certbot certonly –agree-tos –webroot -w /var/www/ -d panel.example.com
35.2. Configure Nginx for RED SCARF Suite Panel
Then replace the temporary server block for panel.example.com set up earlier with the following blocks:
server {
listen 80;
listen [::]:80;
server_name panel.example.com;
return 301 https://panel.example.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name panel.example.com;
root /var/www/panel.example.com;
index index.php;
ssl_certificate /etc/letsencrypt/live/panel.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/panel.example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/panel.example.com/chain.pem;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_session_timeout 10h;
ssl_session_cache shared:SSL:40m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security “max-age=63072000” always;
add_header X-Content-Type-Options nosniff;
add_header X-Robots-Tag “noindex, nofollow, nosnippet, noarchive”;
location = /robots.txt {
allow all;
}
location /.well-known/acme-challenge {
root /var/www;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
}
access_log /var/log/sites/panel.example.com/access.log;
error_log /var/log/nginx/panel.example.com.error.log notice;
}
Replace example.com with the main domain hosted on your server.
Create the access log directory:
mkdir -p /var/log/sites/panel.example.com
Restart Nginx:
systemctl restart nginx
35.3. Configure logrotate to rotate RED SCARF Suite Panel logs
nano /etc/logrotate.d/nginx
Add the following section at the bottom of the file:
/var/log/sites/panel.example.com/access.log {
missingok
rotate 10
compress
delaycompress
notifempty
create 0640 www-data adm
size 2M
sharedscripts
prerotate
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
run-parts /etc/logrotate.d/httpd-prerotate; \
fi; \
endscript
postrotate
[ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid`
endscript
}
Replace example.com with the main domain hosted on your server.
35.4. Run the installation process
Create a MariaDB database (for example redscarfpanel), a user (for example redscarfuser) and a password using phpMyAdmin.
Then copy the panel-setup.php_sample file to panel-setup.php, to be able to install the application:
cd /var/www/panel.example.com
cp panel-setup.php_sample panel-setup.php
Next navigate to:
Here enter the database name, database user and database user password, then click ‘Next’.
In the second installation screen enter the credentials of the superadmin: username, password, email address. Then click ‘Submit’. The third screen will inform you that the installation is complete.
After the installation, the panel-setup.php file will become inaccessible. If you want to access it again in the browser and run the setup process again, you will have to manually edit the /var/www/panel.example.com/install-signup-check.php file, and change the $installcheck parameter from false to true.
35.5. Register as a user
Next, navigate to https://panel.example.com/panel-signup.php and register:
Enter your email address, username, password and role (superadmin), then click ‘SIGN UP’. Each user that reigisters can choose between the roles of superadmin and admin. The difference between ‘superadmin’ and ‘admin’ is that the ‘superadmin’ can see and access all the 4 sub menu entries in the ‘Settings’ section of the panel (‘Add Buttons’, ‘Edit Components List’, ‘Detections Directory’, ‘Change Password’), while the ‘admin’ can only see and access the ‘Change Password’ sub menu entry in the ‘Settings’ section. Usually, the person who installs the application is the only ‘superadmin’, so after (s)he registers, (s)he will inform all the other users to register as ‘admins’, and not as ‘superadmins’. Yet, there may be cases where more than one person has to have the full privileges of a ‘superadmin’. In this situation, the person that registers as the first ‘superadmin’ can inform other specific users to also register as ‘superadmins’.
After registration, the users will receive a confirmation email to the email address that they have provided. They should click the link in that email to confirm their email address, then they can log in to RED SCARF Suite Panel using the username and password set up at registration at:
After the registration of all the superadmins and admins, you should disable the ‘SIGN UP’ tab on the login form by editing the /var/www/panel.example.com/install-signup-check.php file and changing ‘$signupcheck = true;’ to ‘$signupcheck = false;’
35.6. Move the configuration file outside the web root
Since the /var/www/panel.example.com/panel-config.php file contains sensitive information, it’s recommended to move it outside the web root by running:
cp /var/www/panel.example.com/panel-config.php /srv/scripts/redscarfpanel.php
Then change ownership and permissions for the /srv/scripts/redscarfpanel.php file:
cd /srv/scripts
chown www-data:root /srv/scripts/redscarfpanel.php
chmod 400 /srv/scripts/redscarfpanel.php
Then replace the content of /var/www/panel.example.com/panel-config.php like this:
cd /var/www/panel.example.com
cat /dev/null > panel-config.php
nano panel-config.php
Enter the following content inside this file:
<?php include(‘/srv/scripts/redscarfpanel.php’); ?>
35.7. Configure Fail2ban to protect RED SCARF Suite Panel against brute-force attacks
Edit /etc/fail2ban/jail.local:
nano /etc/fail2ban/jail.local
Add the following block right before the [phpmyadmin] block:
[redscarfpanel]
enabled = true
filter = redscarfpanel
logpath = /var/log/sites/panel.example.com/access.log
port = 80,443
findtime = 3600
maxretry = 4
bantime = 604800
Replace example.com with the main domain hosted on your server. Then add a filter in the /etc/fail2ban/filter.d directory:
cd /etc/fail2ban/filter.d
nano redscarfpanel.conf
Add the following content inside this file:
[Definition]
failregex = ^<HOST> .* \”POST /panel-login.php HTTP/2.0\” 200 724 .*$
ignoreregex =
Reload Fail2ban:
systemctl reload fail2ban
35.8. Using RED SCARF Suite Panel
All the important data about the server is listed on the Dashboard. It shows if any services are in failed state, it lists the infected files detected by ClamAV during periodic scanning, it shows the available storage space and real time CPU, RAM and network ussage, it displays a list with all the components installed on the server and a list of buttons that the user can click to access the customized or standard log in URLs of all the applications with a log in web page, installed on the server.
In order to be able to use the quick access buttons, after installation, the superadmin has to enter the URLs of the log in pages of the applications that he wants quick access to, using the ‘Add Buttons’ page, under ‘Settings’.
The ‘Services Status’ section will also inform the user if the server needs to be restarted because some unattended security updates have been applied.
The panel allows changing the directory where the ClamAV stores the list of virus detections made by periodic scanning. Changing the password is also possible.
The list of suite components is adjustable, in the sense that if on a particular server, some of the components were not installed, or if some extra components were added to the standard suite, the list can be modified to exclude or include those components using the ‘Edit Components List’ page, under ‘Settings’.
35.9. Upgrading RED SCARF Suite Panel
First archive the /var/www/panel.example.com folder and include the date in the name of the archive:
cd /var/www
tar czf panel.example.com-2020-5-21.tar.gz panel.example.com
Store the archive in a safe place as backup.
Next, export the panel’s database using phpMyAdmin. Once logged in to phpMyAdmin click on the name of the database on the left panel, then click Export on the upper bar, then click ‘Go’. After you save the .sql file on your computer, rename it to include the date, then place it in a safe location, along with the archive created above.
Next, download the new version of RED SCARF Suite Panel from the official repository and upload it in the /var/www/panel.example.com folder, overwriting the old files with the new ones. Change ownership and permissions:
chown -R www-data:www-data /var/www/panel.example.com
find /var/www/panel.example.com -type d -exec chmod 750 {} +
find /var/www/panel.example.com -type f -exec chmod 640 {} +