35. Install RED SCARF Suite Panel

by Double Bastion - Updated March 8, 2022

RED SCARF Suite Panel is an admin panel that displays all the components of RED SCARF Suite installed on the server. It specifies if any services are in failed state, shows the available storage space and real time CPU, RAM and network ussage, lists the infected files detected by ClamAV during periodic scanning and offers a way to access with one click the customized login URLs of different web application installed on the server. It provides an overview of the software installed on the server and of the server’s health status.

To install RED SCARF Suite Panel, first download it from its official repository (), then create a new directory in /var/www :

cd /var/www

mkdir panel.example.com

Then upload all the files of RED SCARF Suite Panel in the /var/www/panel.example.com directory and change ownership and permissions:

chown -R www-data:www-data panel.example.com
find /var/www/panel.example.com -type d -exec chmod 750 {} +
find /var/www/panel.example.com -type f -exec chmod 640 {} +

35.1. Obtain a Let’s Encrypt SSL Certificate

Next edit the /etc/nginx/sites-enabled/0-conf file:

nano /etc/nginx/sites-enabled/0-conf

At the bottom of the file add the following temporary server block which is necessary to obtain a Let’s Encrypt SSL certificate for panel.example.com:

server {

listen 80;

listen [::]:80;

server_name panel.example.com;

location /.well-known/acme-challenge {

root /var/www;



Restart Nginx:

systemctl restart nginx

Next edit your DNS settings. Add an A entry and an AAAA entry for panel.example.com. These entries are similar to the entries you already have for example.com. It’s just that instead of example.com you use panel.example.com.

Then you can install the Let’s Encrypt certificate for the panel.example.com subdomain. To do that run:

certbot certonly –agree-tos –webroot -w /var/www/ -d panel.example.com

35.2. Configure Nginx for RED SCARF Suite Panel

Then replace the temporary server block for panel.example.com set up earlier with the following blocks:

server {

listen 80;

listen [::]:80;

server_name panel.example.com;

return 301 https://panel.example.com$request_uri;


server {

listen 443 ssl http2;

listen [::]:443 ssl http2;

server_name panel.example.com;

root /var/www/panel.example.com;

index index.php;

ssl_certificate /etc/letsencrypt/live/panel.example.com/fullchain.pem;

ssl_certificate_key /etc/letsencrypt/live/panel.example.com/privkey.pem;

ssl_trusted_certificate /etc/letsencrypt/live/panel.example.com/chain.pem;

ssl_dhparam /etc/nginx/ssl/dhparam.pem;

ssl_session_timeout 10h;

ssl_session_cache shared:SSL:40m;

ssl_protocols TLSv1.2 TLSv1.3;

ssl_prefer_server_ciphers on;


ssl_stapling on;

ssl_stapling_verify on;

add_header Strict-Transport-Security “max-age=63072000” always;

add_header X-Content-Type-Options nosniff;

add_header X-Robots-Tag “noindex, nofollow, nosnippet, noarchive”;

location = /robots.txt {

allow all;


location /.well-known/acme-challenge {

root /var/www;


location / {

try_files $uri $uri/ /index.php?$args;


location ~ \.php$ {

try_files $uri =404;

fastcgi_split_path_info ^(.+\.php)(/.+)$;

include fastcgi_params;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

fastcgi_param HTTPS on;

fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;


access_log /var/log/sites/panel.example.com/access.log;

error_log /var/log/nginx/panel.example.com.error.log notice;


Replace example.com with the main domain hosted on your server.

Create the access log directory:

mkdir -p /var/log/sites/panel.example.com

Restart Nginx:

systemctl restart nginx

35.3. Configure logrotate to rotate RED SCARF Suite Panel logs

nano /etc/logrotate.d/nginx

Add the following section at the bottom of the file:

/var/log/sites/panel.example.com/access.log {


rotate 10




create 0640 www-data adm

size 2M



if [ -d /etc/logrotate.d/httpd-prerotate ]; then \

run-parts /etc/logrotate.d/httpd-prerotate; \

fi; \



[ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid`



Replace example.com with the main domain hosted on your server.

35.4. Run the installation process

Create a MariaDB database (for example redscarfpanel), a user (for example redscarfuser) and a password using phpMyAdmin.

Then copy the panel-setup.php_sample file to panel-setup.php, to be able to install the application:

cd /var/www/panel.example.com

cp panel-setup.php_sample panel-setup.php

Next navigate to:


Here enter the database name, database user and database user password, then click ‘Next’.

In the second installation screen enter the credentials of the superadmin: username, password, email address. Then click ‘Submit’. The third screen will inform you that the installation is complete.

After the installation, the panel-setup.php file will become inaccessible. If you want to access it again in the browser and run the setup process again, you will have to manually edit the /var/www/panel.example.com/install-signup-check.php file, and change the $installcheck parameter from false to true.

35.5. Register as a user

Next, navigate to https://panel.example.com/panel-signup.php and register:

Enter your email address, username, password and role (superadmin), then click ‘SIGN UP’. Each user that reigisters can choose between the roles of superadmin and admin. The difference between ‘superadmin’ and ‘admin’ is that the ‘superadmin’ can see and access all the 4 sub menu entries in the ‘Settings’ section of the panel (‘Add Buttons’, ‘Edit Components List’, ‘Detections Directory’, ‘Change Password’), while the ‘admin’ can only see and access the ‘Change Password’ sub menu entry in the ‘Settings’ section. Usually, the person who installs the application is the only ‘superadmin’, so after (s)he registers, (s)he will inform all the other users to register as ‘admins’, and not as ‘superadmins’. Yet, there may be cases where more than one person has to have the full privileges of a ‘superadmin’. In this situation, the person that registers as the first ‘superadmin’ can inform other specific users to also register as ‘superadmins’.

After registration, the users will receive a confirmation email to the email address that they have provided. They should click the link in that email to confirm their email address, then they can log in to RED SCARF Suite Panel using the username and password set up at registration at:


After the registration of all the superadmins and admins, you should disable the ‘SIGN UP’ tab on the login form by editing the /var/www/panel.example.com/install-signup-check.php file and changing ‘$signupcheck = true;’ to ‘$signupcheck = false;’

35.6. Move the configuration file outside the web root

Since the /var/www/panel.example.com/panel-config.php file contains sensitive information, it’s recommended to move it outside the web root by running:

cp /var/www/panel.example.com/panel-config.php /srv/scripts/redscarfpanel.php

Then change ownership and permissions for the /srv/scripts/redscarfpanel.php file:

cd /srv/scripts

chown www-data:root /srv/scripts/redscarfpanel.php

chmod 400 /srv/scripts/redscarfpanel.php

Then replace the content of /var/www/panel.example.com/panel-config.php like this:

cd /var/www/panel.example.com

cat /dev/null > panel-config.php

nano panel-config.php

Enter the following content inside this file:

<?php include(‘/srv/scripts/redscarfpanel.php’); ?>

35.7. Configure Fail2ban to protect RED SCARF Suite Panel against brute-force attacks

Edit /etc/fail2ban/jail.local:

nano /etc/fail2ban/jail.local

Add the following block right before the [phpmyadmin] block:


enabled = true

filter = redscarfpanel

logpath = /var/log/sites/panel.example.com/access.log

port = 80,443

findtime = 3600

maxretry = 4

bantime = 604800

Replace example.com with the main domain hosted on your server. Then add a filter in the /etc/fail2ban/filter.d directory:

cd /etc/fail2ban/filter.d

nano redscarfpanel.conf

Add the following content inside this file:


failregex = ^<HOST> .* \”POST /panel-login.php HTTP/2.0\” 200 724 .*$

ignoreregex =

Reload Fail2ban:

systemctl reload fail2ban

35.8. Using RED SCARF Suite Panel

All the important data about the server is listed on the Dashboard. It shows if any services are in failed state, it lists the infected files detected by ClamAV during periodic scanning, it shows the available storage space and real time CPU, RAM and network ussage, it displays a list with all the components installed on the server and a list of buttons that the user can click to access the customized or standard log in URLs of all the applications with a log in web page, installed on the server.

In order to be able to use the quick access buttons, after installation, the superadmin has to enter the URLs of the log in pages of the applications that he wants quick access to, using the ‘Add Buttons’ page, under ‘Settings’.

The ‘Services Status’ section will also inform the user if the server needs to be restarted because some unattended security updates have been applied.

The panel allows changing the directory where the ClamAV stores the list of virus detections made by periodic scanning. Changing the password is also possible.

The list of suite components is adjustable, in the sense that if on a particular server, some of the components were not installed, or if some extra components were added to the standard suite, the list can be modified to exclude or include those components using the ‘Edit Components List’ page, under ‘Settings’.

35.9. Upgrading RED SCARF Suite Panel

First archive the /var/www/panel.example.com folder and include the date in the name of the archive:

cd /var/www

tar czf panel.example.com-2020-5-21.tar.gz panel.example.com

Store the archive in a safe place as backup.

Next, export the panel’s database using phpMyAdmin. Once logged in to phpMyAdmin click on the name of the database on the left panel, then click Export on the upper bar, then click ‘Go’. After you save the .sql file on your computer, rename it to include the date, then place it in a safe location, along with the archive created above.

Next, download the new version of RED SCARF Suite Panel from the official repository and upload it in the /var/www/panel.example.com folder, overwriting the old files with the new ones. Change ownership and permissions:

chown -R www-data:www-data /var/www/panel.example.com
find /var/www/panel.example.com -type d -exec chmod 750 {} +
find /var/www/panel.example.com -type f -exec chmod 640 {} +
You can send your questions and comments to: