Config Server Firewall / CSF the firewall application designed for Linux servers. CSF is a Login/Intrusion Detection that effective for applications like SSH, SMTP, IMAP, Pop3, the “su” command and many others.
The CSF use to recognize the user who uses to login into the server via SSH, will send an alert if they trying to utilize the “su” command to attain higher privileges on the server.
Another key function of CSF is that it will checks for login authentication failures on mail servers (Exim, IMAP, Dovecot, uw-imap, Kerio),Ftp servers (Pure-ftpd, vsftpd, Proftpd), cPanel server, OpenSSH servers and Plesk and the Cpanel to replace software like fail2ban.
For the hosting servers, the CSF is the best security solution that can easily be integrated into the user interface(UI)of WHM/cPanel, Plesk, Webmin and DirectAdmin.
From this blog, you will get an apparent view regarding the installation and configuration of CSF as a part of our server management plan. You can also take assistance from our technical team support 24/7 for further Migration and configuration
Steps to follow:
Install CSF Dependencies
You need to install the server to begin the CSF based Perl, it required to have Wget for downloading the CSF installer. Use the following commands in order to install the package and change the CSF configuration file.
yum install wget vim perl-libwww-perl.noarch perl-Time-HiRes
Navigate to the “/usr/src/” directory to download CSF using this wget command:
cd /usr/src/ wget https://download.configserver.com/csf.tgz
Extract the tar.gz file and head to the CSF directory. Then, install the tar.gz file:
tar -xzf csf.tgz cd csf sh install.sh
If everything goes well you will receive the message stating that the CSF installation completed.
Later you need to check whether the CSG actually works well on the required server.
Make a way to “/usr/local/csf/bin/” directory. Then, you’ll need to run “csftest.pl”, like so:
cd /usr/local/csf/bin/ perl csftest.pl
By this, you will get an apparent view that the CSF is working well without any issues, if it displays the following response.
RESULT: csf should function on this server
Configuration of CSF
Before configuring the CSF, the default CentOS 7’s firewall application (“firewalld”) should be shopped and must be removed from the startup
To stop it:
systemctl stop firewalld
To disable and remove firewalld from the startup:
systemctl disable firewalld
Next, head to the CSF Configuration directory “/etc/csf/” and change the file “csf.conf” using the vim editor:
cd /etc/csf/ vim csf.conf
In order to apply the CSF firewall configuration, you need to change line 11 “TESTING” to “0”.
TESTING = “0”
Enabling the CSF traffic that is incoming and outgoing by default SSH standard port 22. As per your required, you can add an alternative SSH port to the configuration in line 139 “TCP_IN”.
Use the following command to start the CSF and the LFD.
systemctl start csf systemctl start lfd Set up the csf and lfd services to start when booting: systemctl enable csf systemctl enable lfd
With the following command, you can see the CSF default list.
Basic CSF Commands
1. Enabling firewall rules (Starting the CSF firewall)
2. Flushing/stopping firewall rules.
3. Reloading firewall rules.
4. To allow an IP and add it to csf.allow.
csf -a 192.168.1.109
Adding 192.168.1.109 to csf.allow and iptables ACCEPT... ACCEPT all opt -- in !lo out * 192.168.1.109 -> 0.0.0.0/0 ACCEPT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.109 Removal and deletion of an IP from csf.allow. csf -ar 192.168.1.109
ACCEPT all opt -- in !lo out * 192.168.1.109 -> 0.0.0.0/0 ACCEPT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.109 6. Denial of an IP and then adding it to csf.deny: csf -d 192.168.1.109
Adding 192.168.1.109 to csf.deny and iptables DROP... DROP all opt -- in !lo out * 192.168.1.109 -> 0.0.0.0/0 LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.109 Removal and deletion of an IP from csf.deny. csf -dr 192.168.1.109
DROP all opt -- in !lo out * 192.168.1.109 -> 0.0.0.0/0 LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.109 Every entry from csf.deny will be removed and unblocked csf -df
DROP all opt -- in !lo out * 192.168.1.110 -> 0.0.0.0/0 LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.110 DROP all opt -- in !lo out * 192.168.1.111 -> 0.0.0.0/0 LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.111
csf: all entries removed from csf.deny
Searching for a pattern match on iptables (such as CIDR, IP, Port Number)
csf -g 192.168.1.110
For the configuration, go to the csf configuration directory and from there change the csf.conf configuration file
cd /etc/csf/ vim csf.conf
Non-blocking of IP addresses in csf.allow files:
The LFD block the IPs under csf.allow files as a default. Ensure that specific IP in csf.allow will never block by the LFD, then navigate to line 272 and edit “IGNORE_ALLOW” to “1”.
Ensure that the internet server or firewall will never block the IP address.
IGNORE_ALLOW = "1" Enabling outgoing and incoming ICMP Line 152 for incoming ping/ICMP: ICMP_IN = "1" And line 159 for the outgoing ping/ICMP ICMP_OUT = "1"
Block specific countries
Here you can deny and allow access to certain countries by using the country code( CIDR )
Use line 836 to add the code of a country that you wish to deny or allow.
CC_DENY = "CN,UK,US" CC_ALLOW = "ID,MY,DE"
Emailing the Su and SSH Login log
Next is setting the address where the LFD is used to send the alert emails about “SSH login” by running the following “su” command.
To do this, find line 1069 and edit the value to “1”:
LF_SSH_EMAIL_ALERT = "1" … LF_SU_EMAIL_ALERT = "1"
Input the email address in order to use this line 588:
LF_ALERT_TO = "[email protected]"
Have a glance that the option in “/etc/csf/csf.conf” configuration files for further changes.
In short, Config Server Firewall / CSF the firewall application designed for Linux servers. By installing and configuring the CSF that will secure the management with much more efficiency.