ConfigServer & Security Firewall (CSF) is an open-source advanced firewall for Linux systems that provides many useful features such as login protection, exploit checks, ping of death protection and more, in addition to the usual firewall features. Also, it easily integrates with popular web control panels such as cPanel, Webmin, Vesta CP, CyberPanel, DirectAdmin. It also works on a wide range of Linux systems. In this article, we will learn how to install CSF in CentOS & Ubuntu.
How to Install CSF in CentOS & Ubuntu
Please note, Perl and libwww packages are required to install CSF in any Linux system. These are available by default on all Linux systems so no action is required generally. But if you get an error asking you to install dependencies, then you can fix them with the following commands.
# yum install perl-libwww-perl # apt install libwww-perl
1. Download CSF
Open terminal and run the following command to download the CSF package using wget command.
# cd /usr/src # wget https://download.configserver.com/csf.tgz
2. Extract CSF Tarball
Run the following command to extract CSF tarball.
# tar xzf csf.tgz # cd csf
3. Run CSF Installation Script
The extracted folder contains an installation script that automatically checks if all dependencies are installed, creates required directory structures, detects open ports, and display message to restart csf and lfd when installation is complete.
# sh install.sh # perl /usr/local/csf/bin/csftest.pl
Here is the typical output you will see.
Testing ip_tables/iptable_filter...OK Testing ipt_LOG...OK Testing ipt_multiport/xt_multiport...OK Testing ipt_REJECT...OK Testing ipt_state/xt_state...OK Testing ipt_limit/xt_limit...OK Testing ipt_recent...OK Testing xt_connlimit...OK Testing ipt_owner/xt_owner...OK Testing iptable_nat/ipt_REDIRECT...OK Testing iptable_nat/ipt_DNAT...OK RESULT: csf should function on this server
4. Disable Firewall and Configure CSF
In order to configure CSF, you need to disable firewalld. You can do this using the following commands.
# systemctl stop firewalld # systemctl disable firewalld
Next, open the configuration file of CSF in text editor.
$ vi /etc/csf/csf.conf
You will see the following kind of output. Change TESTING=”1″ to TESTING=”0″, mention open ports for incoming & outgoing connections as a list of comma-separated values for TCP_IN and TCP_OUT variables.
# Testing flag - enables a CRON job that clears iptables incase of # configuration problems when you start csf. This should be enabled until you # are sure that the firewall works - i.e. incase you get locked out of your # server! Then do remember to set it to 0 and restart csf when you're sure # everything is OK. Stopping csf will remove the line from /etc/crontab # # lfd will not start while this is enabled TESTING = "0" # Allow incoming TCP ports TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995" # Allow outgoing TCP ports TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995"
5. Restart & Test CSF
Run the following commands to restart & test CSF.
# systemctl restart {csf,lfd}
# systemctl enable {csf,lfd}
# systemctl is-active {csf,lfd}
# csf -v
6. Setup Firewall Rules
You can view the CSF rules with the following command.
# csf -l
Alternatively, you can stop or reload your firewall with the following commands.
# csf -f # stop csf # csf -r # reload csf
Now let us look at certain common use cases for CSF configuration. Here is the command to allow incoming connection from specific IP address.
# csf -a ip_address
Here is an example to allow incoming connections from IP address 54.43.32.21.
# csf -a 54.43.32.21
Here is the command to deny incoming connection from specific IP address.
# csf -d ip_address
Here is an example to deny incoming connections from IP address 54.43.32.21.
# csf -d 54.43.32.21
If you want to remove the above firewall rules, you can do so using -r option, in addition to -a or -d option you had used to define the rules earlier.
# csf -ar 54.43.32.21 # csf -dr 54.43.32.21
CSF also allows you to limit the number of connections to each port as per your requirement. For example to allow only 2 connections to port 22 and 10 connections to port 80, open CSF configuration file /etc/csf/csf.conf in text editor and add the following line to define CONNLIMIT variable.
CONNLIMIT = "22;2,80;10"
Save and close the file. Reload CSF to apply changes. You can also enable email alerts for intrusion attempts in firewall. For this purpose, open configuration file in text editor.
$ vi /etc/csf/csf.conf
Add the following lines to it. Basically, you need to set the value of variables containing ‘EMAIL_ALERT’ to “1”.
LF_SSH_EMAIL_ALERT = "1" LF_SU_EMAIL_ALERT = "1"
The above setting will send email alerts whenever successfully logs into your system via SSH, or switches account using su command.
Also, define the email address to which the alert needs to be sent, in LF_ALERT_TO variable.
LF_ALERT_TO = "admin@example.com"
There are several configuration files available for different types of customization.
csf.conf : The main configuration file for controlling CSF. csf.allow : The list of allowed IP’s and CIDR addresses on the firewall. csf.deny : The list of denied IP’s and CIDR addresses on the firewall. csf.ignore : The list of ignored IP’s and CIDR addresses on the firewall. csf.*ignore : The list of various ignore files of users, IP’s.
7. Uninstall CSF Firewall
You can also remove the CSF firewall using its uninstall script.
# /etc/csf/uninstall.sh
The above command will delete CSF completely with all files and folders.
In this article, we have learnt how to install and configure CSF firewall rules in CentOS and Ubuntu Linux.
Also read:
How to Install Visual Studio Code in Ubuntu
How to Evaluate Expression in Shell
What Does ${} and $() mean in Shell Script
How to Run C Program in Linux
How to Delete Write Protected File in Linux