Faruque Ahmed : MCP, MCSA, MCSE, MCTS, MCIT, CCNA, OCA, OCP, GCP

Amla-CSF

Configure CSF on Alma Linux 9

LL

[root@mail ~]# dnf update -y && dnf upgrade -y # dnf install epel-release -y
[root@mail ~]# dnf install iptables perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch perl-GDGraph wget tar perl-Math-BigInt -y# systemctl stop firewalld# systemctl disable firewalld

cd /tmp wget https://download.configserver.com/csf.tgz tar -zxvf csf.tgzcd csf
# ./install.sh# perl /usr/local/csf/bin/csftest.pl

# rm -rf /tmp/csf rm /tmp/csf.tgz

# Install Webmin Module (optional)

1. Install csf as above
2. Login to Webmin
3. Install the csf webmin module by navigating to:
4. Webmin > Webmin Configuration > Webmin Modules
5. Select "From local file" and enter: /usr/local/csf/csfwebmin.tgz
6. Install the module

cp /etc/csf/csf.conf /etc/csf/csf.conf.ORG cp /etc/csf/csf.allow /etc/csf/csf.allow.ORG cp /etc/csf/csf.deny /etc/csf/csf.deny.ORG cp /usr/local/csf/bin/regex.custom.pm /usr/local/csf/bin/regex.custom.pm.ORG

[root@mail ~]# vi /etc/csf/csf.conf
TESTING = "0"

systemctl start csf.service && systemctl enable csf.service systemctl restart csf && systemctl restart lfd systemctl enable csf && systemctl enable lfd

# systemctl restart {csf,lfd}

# systemctl enable {csf,lfd}

# systemctl is-active {csf,lfd}

# csf -v

Step 1: Update Operating System

Update your AlmaLinux 9 operating system to make sure all existing packages are up to date:

# dnf update

Also, install:

# dnf install wget nano tar

Step 2: Disable firewalld and any other iptables firewall

Run the following command below to sto p and disable the firewalld service:

# systemctl stop firewalld

# systemctl disable firewalld

Step 3: Install Required Perl Modules for CSF

Install the following Perl modules required by CSF.

# dnf install perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch perl-GDGraph

If some modules are not available in the default repository install the epel repository using the following command:

# dnf install epel-release

Then try to install the modules again.

Step 4: Download CSF

By default, CSF is not available in the AlmaLinux standard repository, so you will need to download it from their official website.

# wget https://download.configserver.com/csf.tgz

Once downloaded, extract file with the following command:

# tar xzf csf.tgz

Change the directory to the extracted directory:

# cd csf

Install the CSF by running the installation script:

# sh install.sh

Then you can check the iptables mode using below command.

# perl /usr/local/csf/bin/csftest.pl

You should see the following output:

Testing ip_tables/iptable_filter…OKTesting ipt_LOG…OKTesting ipt_multiport/xt_multiport…OKTesting ipt_REJECT…OKTesting ipt_state/xt_state…OKTesting ipt_limit/xt_limit…OKTesting ipt_recent…OKTesting xt_connlimit…OKTesting ipt_owner/xt_owner…OKTesting iptable_nat/ipt_REDIRECT…OKTesting iptable_nat/ipt_DNAT…OK

RESULT: csf should function on this server

Step 5: Configuring the CSF

CSF runs in TEST mode by default. To disable it, you need to edit the /etc/csf/csf.conf file.

# nano /etc/csf/csf.conf

Locate the line TESTING = 1 and change the value to 0 or else LFD daemon fail to start.

TESTING = "0"

Locate the line RESTRICT_SYSLOG = 0 and change its value to 3. This means only members of the RESTRICT_SYSLOG_GROUP can access the syslog/rsyslog files.

RESTRICT_SYSLOG = "3"

Also, you can allow incoming and outgoing port as per your requirement:

# Allow incoming TCP portsTCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"
# Allow outgoing TCP ports

TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995"

Once your done all the configuration, restart and enable CSF:

# systemctl restart csf && systemctl restart lfd# systemctl enable csf && systemctl enable lfd

# systemctl status csf && systemctl status lfd

Uninstall CSF and LFD on AlmaLinux

Run the following script to remove CSF and LFD from your system.

# sh /etc/csf/uninstall.sh

List of Important CSF Configuration Files

Below are the important configuration files that control the most of the rules in the CSF.

csf.conf – the main configuration file, it has helpful comments explaining what each option does
csf.allow – a list of IP’s and CIDR addresses that should always be allowed through the firewall
csf.deny – a list of IP’s and CIDR addresses that should never be allowed through the firewall
csf.ignore – a list of IP’s and CIDR addresses that lfd should ignore and not not block if detected
csf.*ignore – various ignore files that list files, users, IP’s that lfd should ignore. See each file for their specific purpose and tax

If you manually modify these files, you will need to restart csf and then lfd them to take effect.

Enable CSF GUI

By default, it is disabled in the CSF default configuration file, so you will need to enable it first. For enabling CSF GUI you need to setup Integrated User Interface section in csf.conf configuration file.

Open the CSF main configuration file with the following command:

# nano /etc/csf/csf.conf

Change the following lines:

################################################################################ SECTION:Integrated User Interface###############################################################################
# 1 to enable, 0 to disable web ui UI = "1"
# Set port for web UI. The default port is 6666. UI_PORT = "8888"
# Leave blank to bind to all IP addresses on the server UI_IP = ""
# Set username for authetnication UI_USER = "admin"
# Set a strong password for authetnication

UI_PASS = "Test@12345"

Next you need to allow the IP from where you are going to access CSF GUI. You can either allow the entire subnet or you can also choose to allow some specific IP Address like below.

# echo "YOUR_PUBLIC_IP_ADDRESS" >> /etc/csf/ui/ui.allow

Then restart the CSF and LFD service to apply the changes.

# systemctl restart csf

# systemctl restart lfd

Step 7: Access CSF Web Interface

Page updated

Google Sites

Report abuse