One of the most commonly using Firewall application on Linux servers. Config Server Security & Firewall is abbreviated as CSF. CSF helps to configure server firewall easily and simply. Here CryBit is going to explain how to install CSF and configure this on your Linux servers. Installation steps are simple and easy to execute.
Installation Steps
Step I : SSH to your server and do the following steps as root user.
Step II : Download CSF package.
cd /usr/src
rm -fv csf.tgz
wget https://download.configserver.com/csf.tgz
Step III : Extract the tar file and install.
tar -xzf csf.tgz
cd csf
sh install.sh
You will get an output like below pasted if that was a successful installation.
---------------------------- ---------------------------- Created symlink from /etc/systemd/system/multi-user.target.wants/lfd.service to /usr/lib/systemd/system/lfd.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service. ‘/etc/csf/csfwebmin.tgz’ -> ‘/usr/local/csf/csfwebmin.tgz’ Installation Completed
Step IV : Remove already installed firewall.
You should not run any other iptables firewall configuration script. Execute the following command to remove already installed firewall like APF (Advanced Policy Firewall) or BFD (Brute Force Detection) from the server.
sh /usr/local/csf/bin/remove_apf_bfd.sh
Step V : Then, check whether your server have required IP tables modules by using the following command.
perl /usr/local/csf/bin/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK
RESULT: csf should function on this server
Step VI : Configure CSF
Once the installation process is completed we need to enable the csf to work it properly. ‘csf -e'[csf -x for disabling csf] command is using to enable csf on server.
# csf -e
Starting lfd:[ OK ]
csf and lfd have been enabled
*WARNING* TESTING mode is enabled - do not forget to disable it in the configuration
The ‘csf -e’ output sounds, the csf is configured in testing mode on your server. You need to edit the conf file for enabling it.
vim /etc/csf/csf.conf
Then change the value of 'TESTING' from 1 to 0
Important configuration options
All configuration options are located under the directory “/etc/csf” . Some useful and important configuration files are listed below.
csf.conf : Configuration file for controlling CSF. csf.allow : Allowed IP’s and CIDR addresses list on the firewall. csf.deny : Denied IP’s and CIDR addresses list on the firewall. csf.ignore : Ignored IP’s and CIDR addresses list on the firewall. csf.*ignore : The list of various ignore files of users, IP’s.
Uninstallation
Uninstallation is pretty simple, see the steps pasted below:
cd /etc/csf
sh uninstall.sh
That’s it!!
Related posts:
1, Easy way to uninstall CSF from server
2, CSF commands for Unix/Linux servers
3, How to block countries from server by using csf
4, Process tracking with the help of csf
5, Easy way to Enable/Disable CSF
How do you set the email address CSF alerts go to please?
There is an option in CSF configuration file to set the email address for alerts. Please do follow the steps below:
—
1. ssh to server as root.
2. Open CSF conf file.
vi /etc/csf/csf.conf
LF_ALERT_TO = “[email protected]”
—
Replace the [email protected] with your email address.
Thanks.