Faruque Ahmed : MCP, MCSA, MCSE, MCTS, MCIT, CCNA, OCA, OCP, GCP
Configure CSF on Alma Linux 9
LL# rm -rf /tmp/csf rm /tmp/csf.tgz
Install csf as above
Login to Webmin
Install the csf webmin module by navigating to:
Webmin > Webmin Configuration > Webmin Modules
Select "From local file" and enter: /usr/local/csf/csfwebmin.tgz
Install the module
# systemctl restart {csf,lfd}
# systemctl enable {csf,lfd}
# systemctl is-active {csf,lfd}
# csf -v
Update your AlmaLinux 9 operating system to make sure all existing packages are up to date:
# dnf update
Also, install:
# dnf install wget nano tar
Run the following command below to sto p and disable the firewalld service:
# systemctl stop firewalld# systemctl disable firewalld
Install the following Perl modules required by CSF.
# dnf install perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch perl-GDGraph
If some modules are not available in the default repository install the epel repository using the following command:
# dnf install epel-release
Then try to install the modules again.
By default, CSF is not available in the AlmaLinux standard repository, so you will need to download it from their official website.
# wget https://download.configserver.com/csf.tgz
Once downloaded, extract file with the following command:
# tar xzf csf.tgz
Change the directory to the extracted directory:
# cd csf
Install the CSF by running the installation script:
# sh install.sh
Then you can check the iptables mode using below command.
# perl /usr/local/csf/bin/csftest.pl
You should see the following output:
Testing ip_tables/iptable_filter…OKTesting ipt_LOG…OKTesting ipt_multiport/xt_multiport…OKTesting ipt_REJECT…OKTesting ipt_state/xt_state…OKTesting ipt_limit/xt_limit…OKTesting ipt_recent…OKTesting xt_connlimit…OKTesting ipt_owner/xt_owner…OKTesting iptable_nat/ipt_REDIRECT…OKTesting iptable_nat/ipt_DNAT…OKRESULT: csf should function on this server
CSF runs in TEST mode by default. To disable it, you need to edit the /etc/csf/csf.conf file.
# nano /etc/csf/csf.conf
Locate the line TESTING = 1 and change the value to 0 or else LFD daemon fail to start.
TESTING = "0"
Locate the line RESTRICT_SYSLOG = 0 and change its value to 3. This means only members of the RESTRICT_SYSLOG_GROUP can access the syslog/rsyslog files.
RESTRICT_SYSLOG = "3"
Also, you can allow incoming and outgoing port as per your requirement:
# Allow incoming TCP portsTCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995"
Once your done all the configuration, restart and enable CSF:
# systemctl restart csf && systemctl restart lfd# systemctl enable csf && systemctl enable lfd# systemctl status csf && systemctl status lfd
Run the following script to remove CSF and LFD from your system.
# sh /etc/csf/uninstall.sh
Below are the important configuration files that control the most of the rules in the CSF.
csf.conf – the main configuration file, it has helpful comments explaining what each option does
csf.allow – a list of IP’s and CIDR addresses that should always be allowed through the firewall
csf.deny – a list of IP’s and CIDR addresses that should never be allowed through the firewall
csf.ignore – a list of IP’s and CIDR addresses that lfd should ignore and not not block if detected
csf.*ignore – various ignore files that list files, users, IP’s that lfd should ignore. See each file for their specific purpose and tax
If you manually modify these files, you will need to restart csf and then lfd them to take effect.
By default, it is disabled in the CSF default configuration file, so you will need to enable it first. For enabling CSF GUI you need to setup Integrated User Interface section in csf.conf configuration file.
Open the CSF main configuration file with the following command:
# nano /etc/csf/csf.conf
Change the following lines:
################################################################################ SECTION:Integrated User Interface###############################################################################UI_PASS = "Test@12345"
Next you need to allow the IP from where you are going to access CSF GUI. You can either allow the entire subnet or you can also choose to allow some specific IP Address like below.
# echo "YOUR_PUBLIC_IP_ADDRESS" >> /etc/csf/ui/ui.allow
Then restart the CSF and LFD service to apply the changes.
# systemctl restart csf# systemctl restart lfd