Installing and configuring ConfigServer Security & Firewall (CSF)

installing and configuring configserver security firewall csf
Spread the love

ConfigServer Security & Firewall (csf) is a Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers. It is a powerful firewall solution for various filed such a hosting.

It’s is a security tool that can protect your server against attacks, such as brute force, and improve server security. CSF support almost all Linux operating system and virtualization.

Installation and configuration are very easy. from the configuration file, we can easily understand each derivative or settings.

Prerequisites

  • Any Linux flavour
  • Root privilage access.

Step 1 – Installation of CFS

Log into your server as root, and use following commands in the terminal.

cd /usr/local/src/
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

Useful Links:

  1. CSF Error: *WARNING* URLGET set to use LWP but perl module is not installed, reverting to HTTP::Tiny
  2. CSF Commands (Basic to advanced) With examples

You will see Installation Completed Message. Now you can remove downloaded csf package.

cd ..
rm -rf csf

If you are getting like below message.

[root@localhost csf]# wget https://download.configserver.com/csf.tgz
-bash: /usr/bin/wget: No such file or directory

Download and install wget package.

For rpm OS:

yum install wget

For Deb OS:

apt-get install wget

Step 2 – Configure CSF

Before starting to configure the CSF, the first thing you must know if you are installing csf in “CentOS 7” has a default firewall application called “firewalld”. You have to stop firewalld and remove it from the startup.

Stop the firewalld:

systemctl stop firewalld

Disable/Remove firewalld from the startup:

systemctl disable firewalld

Then go to the CSF Configuration directory “/etc/csf/” and edit the file “csf.conf” with your favourite editor:

cd /etc/csf/
nano csf.conf

By default csf in a Testing mode, we need to change this.

TESTING = "1"
to
TESTING = "0"

csf now allow in/out commonly used ports. To modify the in/out ports search TCP_IN, TCP_OUT, UDP_IN, UDP_OUT and you can modify according to your needs.

Now start CSF and LFD:

systemctl start csf
systemctl start lfd

And then enable the csf and lfd services to be started at boot time:

systemctl enable csf
systemctl enable lfd

Now you can see the list default rules of CSF with a command:

csf -l

To enable csf :

csf -e

To disble csf:

csf -x

Spread the love

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *