CFS
----
Download CFS: # wget https://download.configserver.com/csf.tgz
# systemctl restart {csf,lfd}
# systemctl enable {csf,lfd}
# systemctl is-active {csf,lfd}
# csf -v
1. Installation
1.1 Install Dependencies
Begin by installing the required dependencies for the CSF Firewall:
CentOS, RHEL 5 and 6
yum -y install wget vim perl perl-libwww-perl.noarch perl-Time-HiRes
Alternatively, libwww can be installed using CPAN:
perl -MCPAN -e 'install Bundle::LWP'
CentOS, RHEL 7
yum -y install wget perl unzip net-tools perl-libwww-perl perl-LWP-Protocol-https perl-GDGraph perl-Time-HiRes
CENTOS, RHEL 8
yum -y install wget perl unzip net-tools perl-libwww-perl perl-LWP-Protocol-https perl-GDGraph -y
Install PERL.
sudo dnf -y install @perl
Install the CSF Firewall using the automated script. Alternatively manual installation as described below is also possible.
curl -SL https://download.configserver.com/csf.tgz | tar -xzf -
Disabled Firewall
systemctl stop firewalld
systemctl disable firewalld
Start the Iptables Service:
systemctl start iptables
systemctl start ip6tables
systemctl enable iptables
systemctl enable ip6tables
Download CSF 12.6
https://drive.google.com/file/d/1ixjDN4IhuvBKh88LL8kdh2FuZQAu3PUa/view?usp=sharing
Config file
https://drive.google.com/file/d/1HPcQHhEKw3-KnzWILbD6eXdJEHE45s8R/view?usp=sharing
1.2 Install CSF Firewall
Download the CSF archive to the /tmp folder of your server by using wget, unpack the archive by issuing the TARcommand and finally install CSF by starting the ./install.sh setup script.
cd /tmp
wget https://download.configserver.com/csf.tgz
tar -zxvf csf.tgz
cd csf
./install.sh
# perl /usr/local/csf/bin/csftest.pl
The plugins for DirectAdmin or cPanel are installed automatically.
You can now remove the installation files:
rm -rf /tmp/csf rm /tmp/csf.tgz
1.3 Install Webmin Module (optional)
Install csf as above
Login to Webmin
Install the csf webmin module by navigating to:
Webmin > Webmin Configuration > Webmin Modules
Select "From local file" and enter: /usr/local/csf/csfwebmin.tgz
Install the module
Using the Command Line
Here are the some of the most common commands you will be using:
Manually Deny an IP address:
#csf -d IPADDRESS
Manually Allow an IP address:
#csf -a IPADDRESS
Reload all firewall rules:
# csf -r
Update CSF:
# csf -u
Start the CSF service:
# csf -e
disable CSF
# csf -x
Restart the CSF service:# CentOS 5 and 6
#service csf restart
CentOS 7
systemctl restart csf.service
systemctl restart lfd.service
Centos - 6
service csf restart
chkconfig csf on
service lfd restart
chkconfig lfd on
service csf restart
# perl /usr/local/csf/bin/csftest.pl
Use the switch ‘x‘ to disable CSF
csf -x
# systemctl disable csf.service
# systemctl restart csf.service
################################################################################################
How to Install and Configure CSF (Config Server Firewall) on CentOS 7
Step 1 - Installation of CFS dependencies
CSF is based on Perl, so you need to install Perl on our server first. You need wget to download the CSF installer and vim (or an editor of your choice) for editing the CSF configuration file. Install the packages with the yum command:
yum install wget vim perl-libwww-perl.noarch perl-Time-HiRes
Step 2 - Install CSF
Please go to the "/usr/src/" directory and download CSF with wget command.
cd /usr/src/
wget https://download.configserver.com/csf.tgz
Extract the tar.gz file and go to csf directory, then install it:
tar -xzf csf.tgz
cd csf
sh install .sh
You should get the information that CSF installation is completed at the end.
systemctl start csf
systemctl start lfd
systemctl enable csf
systemctl enable lfd
Now you should check that CSG really works on this server. Go to the "/usr/local/csf/bin/" directory, and run "csftest.pl".
cd /usr/local/csf/bin/
perl csftest.pl
If you see the test results as shown below, then CSF is running without problems on your server:
RESULT: csf should function on this server
Step 3 - Configure CSF on CentOS 7
Before stepping into the CSF configuration process, the first thing you must know is that "CentOS 7" has a default firewall application called "firewalld". You have to stop firewalld and remove it from the startup.
Stop the firewalld:
systemctl stop firewalld
Disable/Remove firewalld from the startup:
systemctl disable firewalld
Then go to the CSF Configuration directory "/etc/csf/" and edit the file "csf.conf" with the vim editor:
cd /etc/csf/
vim csf.conf
Change line 11 "TESTING " to "0" for applying the firewall configuration.
TESTING = "1"
626 LF_ALERT_TO = "u1@worldcm.net"
633 LF_ALERT_FROM = "csf@worldcm.net"
638 LF_ALERT_SMTP = "202.202.202.1" #set the following to a relaying SMTP server,
By default CSF allows incoming and outgoing traffic for the SSH standard port 22, if you use a different SSH port then please add your port to the configuration in line 139 "TCP_IN".
Now start CSF and LFD with systemctl command:
systemctl start csf
systemctl start lfd
And then enable the csf and lfd services to be started at boot time:
systemctl enable csf
systemctl enable lfd
Now you can see the list default rules of CSF with command:
csf -l
WARNING: RESTRICT_SYSLOG is disabled. See SECURITY WARNING in Firewall Configuration
# vi /etc/csf/csf.conf
search for “RESTRICT_SYSLOG”. It will be like RESTRICT_SYSLOG = “0”
Change it to RESTRICT_SYSLOG = “3”
Step 4 - Basic CSF Commands
1. Start the firewall (enable the firewall rules):
csf -s
2. Flush/Stop the firewall rules.
csf -f
3. Reload the firewall rules.
csf -f
4. Allow an IP and add it to csf.allow.
csf -a 192.168.1.109
Results:
Adding 192.168.1.109 to csf.allow and iptables ACCEPT...
ACCEPT all opt -- in !lo out * 192.168.1.109 -> 0.0.0.0/0
ACCEPT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.109
5. Remove and delete an IP from csf.allow.
csf -ar 192.168.1.109
Results:
Removing rule...
ACCEPT all opt -- in !lo out * 192.168.1.109 -> 0.0.0.0/0
ACCEPT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.109
6. Deny an IP and add to csf.deny:
csf -d 192.168.1.109
Results:
Adding 192.168.1.109 to csf.deny and iptables DROP...
DROP all opt -- in !lo out * 192.168.1.109 -> 0.0.0.0/0
LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.109
7. Remove and delete an IP from csf.deny.
csf -dr 192.168.1.109
Results:
Removing rule...
DROP all opt -- in !lo out * 192.168.1.109 -> 0.0.0.0/0
LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.109
8. Remove and Unblock all entries from csf.deny.
csf -df
Results:
DROP all opt -- in !lo out * 192.168.1.110 -> 0.0.0.0/0
LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.110
DROP all opt -- in !lo out * 192.168.1.111 -> 0.0.0.0/0
LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.1.111
csf: all entries removed from csf.deny
9. Search for a pattern match on iptables e.g : IP, CIDR, Port Number
csf -g 192.168.1.110
Step 5 - Advanced Configuration
Here are some tweaks about CSF, so you can configure as you need.
Back to the csf configuration directory, and edit the csf.conf configuration file:
cd /etc/csf/
vim csf.conf
1. Don't Block IP addresses that are in the csf.allow files.
By default lfd also will block an IP under csf.allow files, so if you want that an IP in csf.allow files never get blocked by lfd, then please go to the line 272 and change "IGNORE_ALLOW" to "1". This is useful wehn you have a static IP at home or in office and want to ensure that your IP never gets blocked by the firewall on your internet server.
IGNORE_ALLOW = "1"
2. Allow Incoming and Outgoing ICMP.
Go to the line 152 for incoming ping/ICMP:
ICMP_IN = "1"
And line 159 for outgoing ping ping/ICMP:
ICMP_OUT = "1"
3. Block Certain Countrys
CSF provide an option to allow and deny access by country using the CIDR (Country Code). Go to line 836 and add the country codes that shall be allowed and denied:
CC_DENY = "CN,UK,US"
CC_ALLOW = "ID,MY,DE"
4. Send the Su and SSH Login log by Email.
You can set an email address that is used by LFD to send an email about "SSH Login" events and users that run the "su"command, go to the line 1069 and change the value to "1".
LF_SSH_EMAIL_ALERT = "1"
...
LF_SU_EMAIL_ALERT = "1"
And then define the email address you want to use in line 588.
LF_ALERT_TO = "mymail@mydomain.tld"
# Enable syslog monitoring #
Set "SYSLOG_CHECK" to "1800"
Set "SMTP_BLOCK" to "1" in "SMTP Settings" section.
Set "LF_SCRIPT_LIMIT" to "250" to identify scripts sending out 250 emails messages in an hour.
Set "LF_SCRIPT_ALERT" to "1" to send an email alert to the system administrator when the limit
# Detect suspicious process #
Set "PT_DELETED" to "1" set = 0
SMTP_BLOCK = 1
SMTP_BLOCK = “0″
If SMTP_BLOCK is enabled but you want to allow local connections to port 25 on the server (e.g. for webmail or web scripts) then enable this option to allow outgoing SMTP connections to the loopback device
SMTP_ALLOWLOCAL = “1″
If SMTP_BLOCK is enabled but you want to allow local connections to port 25 on the server (e.g. for webmail or web scripts) then enable "
SMTP_ALLOWLOCAL" option to allow outgoing SMTP connections to the loopback device.
----
SMTP_ALLOWLOCAL=1
----
Step 5: Enable CSF Web UI
Use our following tutorial to enable web UI for CSF firewall on Linux system.
https://tecadmin.net/how-to-enable-csf-firewall-web-ui/
Step 6: Prevent DDOS Attacks
Configure CSF+LDF to prevent server from DDOS attacks. To enable it edit /etc/csf/csf.conf and update following settings.
Total number of connections allowed from single host. To disable this feature, set this to 0
CT_LIMIT = "20"
Connection Tracking interval in seconds.
CT_INTERVAL = "30"
Sent email alerts for each blocked ip.
CT_EMAIL_ALERT =1
Set this to 1 to block ips permanent.
CT_PERMANENT = 1
If you opt for temporary IP blocks for CT, then the following is the interval
in seconds that the IP will remained blocked
CT_BLOCK_TIME = 1800
If you only want to count specific ports (e.g. 22,23,80,443) then add the ports. else keep it empty to check all ports
CT_PORTS = "22,23,80,443"
If you want more tweaks, read the options in the "/etc/csf/csf.conf" configuration file.
Uninstalling CSF and LFD
If you want to remove CSF completely, then just use the following two commands.
cd /etc/csf
sh uninstall.sh
ConfigServer Security & Firewall installation on Webmin
October 2016 edited May 2017 in Performance and Security Tagged: WebminsecurityCentOS6firewallCSF
ConfigServer Security & Firewall (CSF) is a suite of scripts provides:
A straight-forward SPI iptables firewall script;
A daemon process that checks for Login Authentication;
A Control Panel configuration interface;
... and much more!
The tutorial was prepared with our "CentOS 6 + Webmin" template and is meant to work on our self-managed virtual private servers.
0. Preliminary requirements:
"CentOS 6 + Webmin" template installed on server;
"perl-libwww-perl" installed on the server (yum install perl-libwww-perl -y);
Fully updates server software (yum update).
1. CSF installation
Installation of CSF is quite straightforward:
cd /usr/src
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
2. CSF module installation in Webmin
CSF module installation is done through Webmin interface so first you should log in to you Webmin instance. By default the address is:
After successfully login you should select "Webmin" and "Webmin Configuration":
In "Webmin Configuration" select "Webmin Modules":
In "Webmin modules" select "From local files" and specify the path to module archive and isntall module.
/usr/local/csf/csfwebmin.tgz
NOTE: if you are using "Authentic Theme 18.10" you should remove "csf.min.js" file because of a bug:
rm /usr/libexec/webmin/authentic-theme/extensions/csf.min.js -f
3. CSF configuration
After successfully installation you can now configure your ConfigServer Security & Firewall. Select "System" and "ConfigServer Security & Firewall" in your Webmin instance:
You should now see that there is two notices that we need to take care of. So select "ConfigServer Firewall" and then select "Firewall Configuration":
First we will turn of testing mode:
And then we should restrict syslog/rsyslog access:
After these changes press the button "Change" at the bottom of the page and "Restart csf+lfd" afterwards.
That it, now you have fully working ConfigServer firewall. For more information regarding CSF please visit their Read me page.
-------