RED SCARF Suite Panel is an admin panel that displays all components of RED SCARF Suite installed on the server, specifies if any service is in a failed state, shows available storage space and real time CPU, RAM and network usage, lists infected files detected by ClamAV during periodic scanning, and provides a way to access with one click the customized login URL of any website or web application installed on the server. Its main purpose is to provide a general view of the server’s capabilities and health status and to facilitate access to different login pages.
To install RED SCARF Suite Panel, first download it from its official repository, then create a new directory in /var/www:
cd /var/www
mkdir panel.example.comNext, upload all the files of RED SCARF Suite Panel to the /var/www/panel.example.com directory and change ownership and permissions:
chown -R www-data:www-data panel.example.com
find /var/www/panel.example.com -type d -exec chmod 750 {} +
find /var/www/panel.example.com -type f -exec chmod 640 {} +35.1. Obtain a Let’s Encrypt SSL Certificate
Next, edit the /etc/nginx/sites-enabled/0-conf file:
nano /etc/nginx/sites-enabled/0-confAt the bottom of the file add the following temporary server block, needed to obtain a Let’s Encrypt SSL certificate for panel.example.com:
server {
listen 80;
listen [::]:80;
server_name panel.example.com;
location /.well-known/acme-challenge {
root /var/www;
}
}Restart Nginx:
systemctl restart nginxNext, edit your DNS settings. Add an A entry and an AAAA entry for panel.example.com. These entries are similar to the entries you already have for example.com. It’s just that instead of example.com you use panel.example.com.
Then, to install the Let’s Encrypt certificate for panel.example.com, run:
certbot certonly --agree-tos --webroot -w /var/www/ -d panel.example.com35.2. Configure Nginx for RED SCARF Suite Panel
Replace the temporary server block for panel.example.com set up earlier with the following blocks:
server {
listen 80;
listen [::]:80;
server_name panel.example.com;
return 301 https://panel.example.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name panel.example.com;
root /var/www/panel.example.com;
index index.php;
ssl_certificate /etc/letsencrypt/live/panel.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/panel.example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/panel.example.com/chain.pem;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_session_timeout 10h;
ssl_session_cache shared:SSL:40m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=63072000" always;
add_header X-Content-Type-Options nosniff;
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
location = /robots.txt {
allow all;
}
location /.well-known/acme-challenge {
root /var/www;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
}
access_log /var/log/sites/panel.example.com/access.log;
error_log /var/log/nginx/panel.example.com.error.log notice;
}Replace example.com with the main domain hosted on your server.
Create the access log directory:
mkdir -p /var/log/sites/panel.example.comRestart Nginx:
systemctl restart nginx35.3. Configure logrotate to rotate RED SCARF Suite Panel logs
Edit the /etc/logrotate.d/nginx file:
nano /etc/logrotate.d/nginxAdd the following section at the bottom of the file:
/var/log/sites/panel.example.com/access.log {
missingok
rotate 10
compress
delaycompress
notifempty
create 0640 www-data adm
size 2M
sharedscripts
prerotate
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
run-parts /etc/logrotate.d/httpd-prerotate; \
fi; \
endscript
postrotate
[ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid`
endscript
}Replace example.com with the main domain hosted on your server.
35.4. Run the web-based installation
Create a MariaDB database (for example redscarfpanel), a user (for example rdscrfpaneluser) and a password, using phpMyAdmin.
Copy the panel-setup.php_sample file to panel-setup.php, to be able to install the application:
cd /var/www/panel.example.comcp panel-setup.php_sample panel-setup.phpNavigate to:
https://panel.example.com/panel-setup.php
In the first installation screen enter the database name, database user, database user password and click ‘Next’.
In the second screen enter the credentials of the superadmin: username, password, email address. Then click ‘Submit’. The third screen will inform you that the installation is complete.
After installation, the panel-setup.php file will become inaccessible. If you want to access it again in the browser and run the setup process again, you will have to manually edit the /var/www/panel.example.com/install-signup-check.php file, and change the $installcheck parameter from false to true.
35.5. Register as a user
Next, navigate to https://panel.example.com/panel-signup.php and register:
Enter your email address, username, password and role (superadmin), then click ‘SIGN UP’. Each user that registers can choose between the roles of superadmin and admin. The difference between ‘superadmin’ and ‘admin’ is that the ‘superadmin’ can see and access all the 4 sub menu entries in the ‘Settings’ section of the panel (‘Add Buttons’, ‘Edit Components List’, ‘Detections Directory’, ‘Change Password’), while the ‘admin’ can only see and access the ‘Change Password’ sub menu entry in the ‘Settings’ section. Usually, the person who installs the application is the only ‘superadmin’, so, after (s)he registers, (s)he will inform all the other users to register as ‘admins’. Yet, there may be cases where more than one person has to have the full privileges of a ‘superadmin’. In this situation, the person that registers as the first ‘superadmin’ can inform other specific users to also register as ‘superadmins’.
After registration, the users will receive a confirmation email to the email address that they have provided. They should click the link in that email to confirm their email address, then, they can access https://panel.example.com, to log in to RED SCARF Suite Panel using the username and password set up at registration:
After the registration of all the superadmins and admins, you should disable the ‘SIGN UP’ tab on the login page by editing the /var/www/panel.example.com/install-signup-check.php file and changing $signupcheck = true; to $signupcheck = false;
35.6. Move the configuration file outside the web root
Since the /var/www/panel.example.com/panel-config.php file contains sensitive information, it’s recommended to move it outside the web root by running:
cp /var/www/panel.example.com/panel-config.php /srv/scripts/redscarfpanel.phpThen, change ownership and permissions for /srv/scripts/redscarfpanel.php:
cd /srv/scripts
chown www-data:root /srv/scripts/redscarfpanel.php
chmod 400 /srv/scripts/redscarfpanel.phpReplace the content of /var/www/panel.example.com/panel-config.php like this:
cd /var/www/panel.example.comcat /dev/null > panel-config.phpnano panel-config.phpEnter the following content inside this file:
<?php include('/srv/scripts/redscarfpanel.php'); ?>35.7. Configure Fail2ban to protect RED SCARF Suite Panel against brute-force attacks
Edit /etc/fail2ban/jail.local:
nano /etc/fail2ban/jail.localAdd the following block right above the [phpmyadmin] block:
[redscarfpanel]
enabled = true
filter = redscarfpanel
logpath = /var/log/sites/panel.example.com/access.log
port = 80,443
findtime = 3600
maxretry = 4
bantime = 604800Replace example.com with the main domain hosted on your server. Next, add a filter in the /etc/fail2ban/filter.d directory:
cd /etc/fail2ban/filter.d
nano redscarfpanel.confAdd the following content inside this file:
[Definition]
failregex = ^<HOST> .* \"POST /panel-login.php HTTP/2.0\" 200 724 .*$
ignoreregex = Reload Fail2ban:
systemctl reload fail2ban35.8. Using RED SCARF Suite Panel
All the important information about the server is listed on the Dashboard. It shows if any services are in failed state, it lists the infected files detected by ClamAV during periodic scanning, it shows the available storage space and real time CPU, RAM and network ussage, it displays a list with all the components installed on the server and a list of buttons that the user can click to access the customized or standard log in URLs of all the applications with a log in page, installed on the server.
To be able to use the quick access buttons, after installation, the superadmin has to save the URLs of the log in pages for the applications that he wants quick access to, by clicking on ‘Add Buttons’, under ‘Settings’, on the left panel.
The ‘Services Status’ section will inform the user if the server needs to be restarted because some unattended security updates have been applied. On the left panel, under ‘Settings’, you can click ‘Detections Directory’ to specify the directory where the ClamAV stores the list of virus detections made by periodic scanning, and you can click ‘Change Password’ to change your password.
The list of suite components is adjustable, in the sense that if on a particular server, some of the components haven’t been installed, or if some extra components have been added to the standard suite, the list can be modified to exclude or include those components using the ‘Edit Components List’ option, under ‘Settings’.
35.9. Upgrading RED SCARF Suite Panel
First archive the /var/www/panel.example.com folder and include the date in the name of the archive:
cd /var/www
tar czf panel.example.com-2024-09-21.tar.gz panel.example.comStore the archive in a safe place as a backup.
Next, export the panel’s database using phpMyAdmin. Once logged in to phpMyAdmin click on the name of the database on the left panel, then click Export on the upper bar, then click ‘Go’. After you save the .sql file on your computer, rename it to include the date, then place it in a safe location, along with the archive created earlier.
Then download the new version of RED SCARF Suite Panel from the official repository and upload it to the /var/www/panel.example.com folder, overwriting the old files with the new ones. Change ownership and permissions:
chown -R www-data:www-data /var/www/panel.example.com
find /var/www/panel.example.com -type d -exec chmod 750 {} +
find /var/www/panel.example.com -type f -exec chmod 640 {} +