Installing and configuring ConfigServer Security & Firewall (CSF)
ConfigServer Security & Firewall (csf) is a Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers. It is a powerful firewall solution for various filed such a hosting.
It’s is a security tool that can protect your server against attacks, such as brute force, and improve server security. CSF support almost all Linux operating system and virtualization.
Installation and configuration are very easy. from the configuration file, we can easily understand each derivative or settings.
- Any Linux flavour
- Root privilage access.
Step 1 – Installation of CFS
Log into your server as root, and use following commands in the terminal.
cd /usr/local/src/ wget https://download.configserver.com/csf.tgz tar -xzf csf.tgz cd csf sh install.sh
- CSF Error: *WARNING* URLGET set to use LWP but perl module is not installed, reverting to HTTP::Tiny
- CSF Commands (Basic to advanced) With examples
You will see Installation Completed Message. Now you can remove downloaded csf package.
cd .. rm -rf csf
If you are getting like below message.
[root@localhost csf]# wget https://download.configserver.com/csf.tgz -bash: /usr/bin/wget: No such file or directory
Download and install wget package.
For rpm OS:
yum install wget
For Deb OS:
apt-get install wget
Step 2 – Configure CSF
Before starting to configure the CSF, the first thing you must know if you are installing csf in “CentOS 7” has a default firewall application called “firewalld”. You have to stop firewalld and remove it from the startup.
Stop the firewalld:
systemctl stop firewalld
Disable/Remove firewalld from the startup:
systemctl disable firewalld
Then go to the CSF Configuration directory “/etc/csf/” and edit the file “csf.conf” with your favourite editor:
cd /etc/csf/ nano csf.conf
By default csf in a Testing mode, we need to change this.
TESTING = "1"
TESTING = "0"
csf now allow in/out commonly used ports. To modify the in/out ports search TCP_IN, TCP_OUT, UDP_IN, UDP_OUT and you can modify according to your needs.
Now start CSF and LFD:
systemctl start csf systemctl start lfd
And then enable the csf and lfd services to be started at boot time:
systemctl enable csf systemctl enable lfd
Now you can see the list default rules of CSF with a command:
To enable csf :
To disble csf: