How to Install and Configure CSF

Config Server Firewall / CSF the firewall application designed for Linux servers. CSF is a Login/Intrusion Detection that effective for applications like SSH, SMTP, IMAP, Pop3, the “su” command and many others.

The CSF use to recognize the user who uses to login into the server via SSH, will send an alert if they trying to utilize the “su” command to attain higher privileges on the server.

 Another key function of CSF is that it will checks for login authentication failures on mail servers (Exim, IMAP, Dovecot, uw-imap, Kerio),Ftp servers (Pure-ftpd, vsftpd, Proftpd), cPanel server, OpenSSH servers and Plesk and the Cpanel to replace software like fail2ban.

For the hosting servers, the CSF is the best security solution that can easily be integrated into the user interface(UI)of WHM/cPanel, Plesk, Webmin and DirectAdmin.

From this blog, you will get an apparent view regarding the installation and configuration of CSF as a part of our server management plan. You can also take assistance from our technical team support 24/7 for further Migration and configuration

Steps to follow:

Step 1

 Install CSF Dependencies

You need to install the server to begin the CSF based Perl, it required to have Wget for downloading the CSF installer. Use the following commands in order to install the package and change the CSF configuration file.

yum install wget vim perl-libwww-perl.noarch perl-Time-HiRes

Step 2 

CSF Installation

Navigate to the “/usr/src/” directory to download CSF using this wget command:

cd /usr/src/
wget https://download.configserver.com/csf.tgz

Extract the tar.gz file and head to the CSF directory. Then, install the tar.gz file:

tar -xzf csf.tgz
cd csf
sh install.sh

If everything goes well you will receive the message stating that the CSF installation completed.

Later you need to check whether the CSG actually works well on the required server.  

Make a way to “/usr/local/csf/bin/” directory. Then, you’ll need to run “csftest.pl”, like so:

cd /usr/local/csf/bin/
perl csftest.pl

By this, you will get an apparent view that the CSF is working well without any issues, if it displays the following response.

RESULT: csf should function on this server

Step 3 

Configuration of CSF

Before configuring the CSF, the default CentOS 7’s firewall application (“firewalld”) should be shopped and must be removed from the startup

To stop it:

systemctl stop firewalld

To disable and remove firewalld from the startup:

systemctl disable firewalld

Next, head to the CSF Configuration directory “/etc/csf/” and change the file “csf.conf” using the vim editor:

cd /etc/csf/
vim csf.conf

In order to apply the CSF firewall configuration, you need to change line 11 “TESTING” to “0”.

TESTING = “0”

Enabling the CSF traffic that is incoming and outgoing by default SSH standard port 22. As per your required, you can add an alternative SSH port to the configuration in line 139 “TCP_IN”.

Use the following command to start the CSF and the LFD.

systemctl start csf
systemctl start lfd
Set up the csf and lfd services to start when booting:
systemctl enable csf
systemctl enable lfd

With the following command, you can see the CSF default list.

csf -l

Step 4

 Basic CSF Commands

1. Enabling firewall rules (Starting the CSF firewall) 

csf -s

2. Flushing/stopping firewall rules.

csf -f

3. Reloading firewall rules.

csf -r

4. To allow an IP and add it to csf.allow.

csf -a 192.168.1.109

Results:

Adding 192.168.1.109 to csf.allow and iptables ACCEPT...
ACCEPT all opt -- in !lo out * 192.168.1.109 -> 0.0.0.0/0
ACCEPT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.109
Removal and deletion of an IP from csf.allow.
csf -ar 192.168.1.109

 Results:

Removing rule…

ACCEPT all opt -- in !lo out * 192.168.1.109 -> 0.0.0.0/0
ACCEPT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.109
6. Denial of an IP and then adding it to csf.deny:
csf -d 192.168.1.109

Results:

Adding 192.168.1.109 to csf.deny and iptables DROP...
DROP all opt -- in !lo out * 192.168.1.109 -> 0.0.0.0/0
LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.109
Removal and deletion of an IP from csf.deny.
csf -dr 192.168.1.109

Results:

Removing rule…

DROP all opt -- in !lo out * 192.168.1.109 -> 0.0.0.0/0
LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.109
Every entry from csf.deny will be removed and unblocked
csf -df

Results:

DROP all opt -- in !lo out * 192.168.1.110 -> 0.0.0.0/0
LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.110
DROP all opt -- in !lo out * 192.168.1.111 -> 0.0.0.0/0
LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.111

csf: all entries removed from csf.deny

Searching for a pattern match on iptables (such as CIDR, IP, Port Number)

csf -g 192.168.1.110

Step 5

Advanced Configuration

For the configuration, go to the csf configuration directory and from there change the csf.conf configuration file

cd /etc/csf/
vim csf.conf

Non-blocking of IP addresses in csf.allow files:

The LFD block the IPs under csf.allow files as a default. Ensure that specific IP in csf.allow will never block by the LFD, then navigate to line 272 and edit “IGNORE_ALLOW” to “1”.

Ensure that the internet server or firewall will never block the IP address.  

IGNORE_ALLOW = "1"
Enabling outgoing and incoming ICMP
Line 152 for incoming ping/ICMP:
ICMP_IN = "1"
And line 159 for the outgoing ping/ICMP
ICMP_OUT = "1"

Block specific countries

Here you can deny and allow access to certain countries by using the country code( CIDR )

Use line 836 to add the code of a country that you wish to deny or allow.  

CC_DENY = "CN,UK,US"
CC_ALLOW = "ID,MY,DE"

Emailing the Su and SSH Login log

Next is setting the address where the LFD is used to send the alert emails about “SSH login” by running the following “su” command.

To do this, find line 1069 and edit the value to “1”:

LF_SSH_EMAIL_ALERT = "1"
…
LF_SU_EMAIL_ALERT = "1"

Input the email address in order to use this line 588:

LF_ALERT_TO = "[email protected]"

Have a glance that the option in “/etc/csf/csf.conf” configuration files for further changes.

Conclusion

In short, Config Server Firewall / CSF the firewall application designed for Linux servers. By installing and configuring the CSF that will secure the management with much more efficiency.  

Liked!! Share the post.

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

FREE SERVER AUDITING

Get Auditing Report of Your Server for FREE!!

GET THIS ISSUE FIXED !!

$30/month

Server Management