1

Install ConfigServer Security & Firewall in Linux

One of the most popular and extremely highly reliable Firewall exists on the internet is called CSF(ConfigServer Security & Firewall). This can be easily integrated with Webmin control panel. but in this article we will only discuss on how to configure CSF firewall in Red Hat 6.3/6.2/6.1/6/5.8, CentOS 6.3/6.2/6.1/6/5.8 and Fedora 17,16,15,14,13,12. In our up-coming article we will provide you a way to integrate CSF with Webmin panel.

What is CSF?

CSF (ConfigServer Security & Firewall) is an open source stateful and much advanced firewall and security application for Linux servers with much more configuration options as compared to any other firewalls. To know more about features go to http://www.configserver.com/cp/csf.html.

Step 1: Installing Required CSF Modules

Install required Perl modules for CSF script, otherwise you will see an error like libwww not being installed.

# yum install perl-libwww-perl

Step 2: Downloading CSF

It’s very good idea to use /tmp directory when downloading or installing any new software’s. Use Wgetcommand to download the CSF script.

# cd /tmp # wget http://www.configserver.com/free/csf.tgz

Step 3: Removing Existing Firewall

Remove if you are using any other iptables firewall scripts like APF (Advanced Policy Firewall) or BFD(Brute Force Detection), because you should not run both the firewall scripts on same server otherwise they will conflict with each other horribly. So, to prevent such conflicts you must remove both the combination APF+BFD by running un-install script provided by CSF module.

# sh /tmp/csf/remove_apf_bfd.sh

Step 4: Installing CSF

Once the download completes, extract the all the files using Tar command and change to newly createdCSF directory. Then run the installer script to install it.

# cd /tmp # tar -xzf csf.tgz # cd csf # sh install.sh

Step 5: Configuring CSF

The above script will install and starts CSF in a “Testing” mode. Which means it doesn’t fully protect your server from anything. To disable “Testing” mode you need to configure your CSF for TCP_IN,TCP_OUT, UDP_IN and UDP_OUT options that best suits your requirements. Open the file called/etc/csf/csf.conf and make following changes.

# Allow incoming TCP ports TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"  # Allow outgoing TCP ports TCP_OUT = "20,21,22,25,53,80,110,113,443"  # Allow incoming UDP ports UDP_IN = "20,21,53"  # Allow outgoing UDP ports # To allow outgoing traceroute add 33434:33523 to this list UDP_OUT = "20,21,53,113,123"

Once you happy with your CSF configuration, you can disable “Testing” mode by changing variableTESTING = “1” to TESTING = “0”. But before changing it, I highly recommend you to read complete CSF readme file at http://configserver.com/free/csf/readme.txt.

TESTING = "0"

Step 6: Starting CSF

Now it’s ready to start the csf daemon and enable csf to start at reboot time.

# chkconfig --level 235 csf on # service csf restart

Step 7: CSF Configuration Options and Usage

These following options are used to modify and control csf configuration. All the configuration files ofcsf are located under /etc/csf directory. If you modify any of the following files you will need to restart the csf daemon to take changes.

• • csf.conf : The main configuration file for controlling CSF.

  • csf.allow : The list of allowed IP’s and CIDR addresses on the firewall.

  • csf.deny : The list of denied IP’s and CIDR addresses on the firewall.

  • csf.ignore : The list of ignored IP’s and CIDR addresses on the firewall.

  • csf.*ignore : The list of various ignore files of users, IP’s.

Step 8: CSF Commands and Options

Some of the common command line options to add or deny IP addresses. option -d is used to deny an IP address, option -a is used to allow an IP address and option -r is used to reload all rules.

# csf -d IPADDRESS  # csf -a IPADDRESS  # csf -r

If in-case, you have forgotten csf commands, just type csf on the terminal you will get the list of all the options.

# csf

That’s it, finally you have managed to installed and configured your firewall successfully. If you’re facing any trouble while installing just post your queries using our comment section below, we will love to solve all your queries.

Step 9: Remove CSF Firewall

If you would like to remove CSF firewall completely, just run the following script located under/etc/csf/uninstall.sh directory.

# /etc/csf/uninstall.sh

The above command will erase CSF firewall completely with all the files and folders.

ERROR

You can also set it from csf configuration file.

1) Open the csf configuration file.

 # vi /etc/cfs/csf.conf

2) search for “RESTRICT_SYSLOG”. It will be like

RESTRICT_SYSLOG = “0”

3) Change it to

RESTRICT_SYSLOG = “3”

4) Restart csf.

# /etc/init.d/csf restart

Also, when I look at /etc/csf/csf.syslogusers, it states - "Add any accounts that log through syslog that are not listed that you need". It then goes on to list a bunch of accounts -

# OS application users:

daemon

dbus

haldaemon

messagebus

mysql

named

nfsnobody

ntp

polkitd

root

rpc

rpcuser

smmsp

statd

# cPanel application users:

cpanel

cpses

dovecot

dovenull

mailman

mailnull

# DirectAdmin application users:

dovecot

mail

# Other users: