Configserver Security and Firewall

Posted on December 12th, 2013

Posted By | Comments

CSF is generally considered a more advanced firewall as there are more configuration options compared to other firewalls, while still being simple enough to install and configure that even novice administrators can use it. This article will give you a simple overview about how to install and configure CSF and its security plugin LFD (Login Failure Daemon).

note – CSF is easy to operate in comparison to ‘IPtabels’

 

Supported operating System

Supported and Tested Operating Systems
RedHat v7.3, v8.0, v9.0 *openSUSE v10, v11, v12
RedHat Enterprise v3 to v6 (32/64 bit) *Debian v3.1 – v7
CentOS v3 to v6 (32/64 bit) *Ubuntu v6.06 LTS to  v13.10
Fedora v1 to v18 (32/64 bit) *Mandriva 2009, 2010
*Gentoo *Slackware v12.2
CloudLinux (based on CentOS/RHEL)

(* may require custom regex patterns for some functions)

Supported and Tested Virtual Servers
**Virtuozzo **OpenVZ
VMware UML
Xen MS Virtual Server
VirtualBox KVM
(** requires correct iptables configuration on host server)Note: Any OS that is EOL will not be supported and newer versions of csf may no longer work as new functionality is added

 

 

Installation

Installation is quite straightforward:

rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

Next, test whether you have the required iptables modules:

perl /usr/local/csf/bin/csftest.pl

Don’t worry if you cannot run all the features, so long as the script doesn’t
report any FATAL errors

You should not run any other iptables firewall configuration script. For
example, if you previously used APF+BFD you can remove the combination (which
you will need to do if you have them installed otherwise they will conflict):

sh /usr/local/csf/bin/remove_apf_bfd.sh

That’s it. You can then configure csf and lfd by reading the documentation and
configuration files in /etc/csf/csf.conf and /etc/csf/readme.txt directly or
through the csf User Interface.

csf installation for cPanel and DirectAdmin is preconfigured to work on those
servers with all the standard ports open.

csf auto-configures your SSH port on installation where it’s running on a non-
standard port.

csf auto-whitelists your connected IP address where possible on installation.

You should ensure that kernel logging daemon (klogd) is enabled. Typically, VPS
servers running RedHat/CentOS v5 have this disabled and you should check
/etc/init.d/syslog and make sure that any klogd lines are not commented out. If
you change the file, remember to restart syslog.

See the csf.conf and readme.txt files for more information.

 

 

 

Uninstallation

Removing csf and lfd is even more simple:

cd /etc/csf
sh uninstall.sh

 

If you have any queries to ask, so please contact to the support staff and do not forget to like/share the article.



About -