We use cookies to improve our services and provide a better experience. By continuing to use this site, you agree with our Cookies Policy.

Tutorials
More than 400 step-by-step articles to guide you through online project development.
HomeTutorialsOperating SystemsLinuxAdministration

How to Install CSF on Linux?

CSF (ConfigServer Security and Firewall) is a free firewall software designed to provide better security for Linux based server. CSF configures your server to lock down public access to services and allows only particular connections, such as user login to FTP, e-mail, control panel and etc.

CSF also has a daemon process called login failure daemon, or LFD, which runs all the time and periodically (every X seconds) scans the latest logfile entries for login attempts against your server that continually fail within a short period of time.

CSF Features

As we already know, the ConfigServer Security and Firewall software help you to provide better protection for your server, but what does it exactly provide for you? Here is the list of applications that are supported:

  • Courier imap, Dovecot, uw-imap, Kerio openSSH
  • cPanel, WHM, Webmail (cPanel servers only)
  • Pure-ftpd, vsftpd, Proftpd
  • Password protected web pages (htpasswd)
  • Mod_security failures (v1 and v2)
  • Suhosin failures
  • Exim SMTP AUTH
  • Custom login failures with separate log file and regular expression matching
  • ConfigServer Security and Firewall (CSF) Installation
Follow These Steps to Install CSF on Linux

http://www.configserver.com/free/csf.tgz

After you have downloaded .tgz file, it needs to be extracted:

tar -xzf csf.tgz

CSF has been extracted into CSF directory, you have to change the directory and install it:

cdcsf/
sh install.sh

The firewall software is now installed on your server, but we need to check if required iptables modules are available, by running csftest.pl file:

[root@4C3qJfVSKKTt csf]# perl /usr/local/csf/bin/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK
RESULT: csf should function on this server

As you can see from the output, CSF software should work on your server.

To disable Test Mode, you need to edit csf.conf file:

nano /etc/csf/csf.conf

Sampleoutput:

###############################################################################
# SECTION:Initial Settings
###############################################################################
# Testing flag - enables a CRON job that clears ip tables in case of
# configuration problems when you start csf. This should be enabled until you
# are sure that the firewall works - i.e. in case you get locked out of your
# server! Then do remember to set it to 0 and restart csf when you're sure
# everything is OK. Stopping csf will remove the line from /etc/crontab
#
# lfd will not start while this is enabled
TESTING = "0"

Change value next testing field to “0” and save the file. Your firewall is now installed and enabled, the following ports opened by default:

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995"# Allow incoming UDP ports
UDP_IN = "20,21,53"# Allow outgoing UDP ports
# To allow outgoing trace route add 33434:33523 to this list
UDP_OUT = "20,21,53,113,123"

If you have made any changes in configuration file, you need to restart CSF:

/etc/init.d/csf restart

That’s all – your server is protected!

As you have successfully installed and enabled CSF and it’s a login failure daemon on your server, you need to get familiar with basic CSF commands:
Block IP – csf–d IP_ADDRESS
Whitelist IP – csf –a IP_ADDRESS
Remove IP from block list – csf –dr IP_ADDRESS
Remove IP from whitelist – csf –ar IP_ADDRESS
Restart csf rules – csf -r

Note: Do not forget to restart CSF after changing rules.
You can check full list of available commands via SSH command line, just type csf:

[root@4C3qJfVSKKTt csf]# csf

ConfigServer Security & Firewall (http://www.configserver.com/cp/csf/)
csf: v4.17
(c)2006, Way to the Web Limited (http://www.waytotheweb.com)

Usage: /usr/sbin/csf [option] [value]

Option Meaning
-h, –help Show this message
-l, –status List/Show iptables configuration
-s, –start Start firewall rules
-f, –stop Flush/Stop firewall rules
-r, –restart Restart firewall rules
-a, –add ip Add an IP address to be whitelisted to /etc/csf.allow
-d, –deny ip Add an IP address to be blocked to /etc/csf.deny
-dr, –denyrmip Remove and unblock an IP address in /etc/csf.deny
-c, –check Checks for updates to csf+lfd but does not perform an upgrade
-g, –grepip Search the iptables rules for an IP match (incl. CIDR)
-t, –temp Displays the current list of temporary IP bans and their TTL
-tr, –temprmip Removes an IP address from the temporary IP ban list
-td, –tempdenyipttl [-p port] [-d direction]
Add an IP address to the temporary IP ban list. ttl is how
long to block for in seconds. Optional port. An optional
direction of block can be one of in, out or inout. Default
is in
-tf, –tempf Flush all IP addresses from the temporary IP ban list
-u, –update Checks for updates to csf+lfd and performs an upgrade if
available
-x, –disable Disablecsf and lfd
-e, –enable Enablecsf and lfd if previously disabled
-v, –version Show csf version

Rate this Tutorial:
No Comments

Other (3)

Popular Keywords