How to Install and Configuring CSF

ConfigServer Firewall, also known as CSF, is a firewall configuration script created to provide better security for your server while giving you an advanced, easy to use interface for managing firewall settings.

Also here is complete guide to secure Linux Server.

In this article we will go through the steps on installing and configuring CSF.

Summary

This article contains information about:

• How to install CSF
• How to configure it
• How to use CSF as a firewall and intrusion detection system

In order to start with this tutorial you’re going to need a reliable Linux VPS provider. With our SSD based Linux VPS you won

Let’s get started!

Perl and libwww is a prerequisite to install CSF.

# yum install perl-libwww-perl

# apt install libwww-perl

Step 1 – Download CSF

# cd /usr/src

# wget https://download.configserver.com/csf.tgz

Step 2 – Extract the CSF tarball

# tar xzf csf.tgz

# cd csf

Step 3 – Run the CSF Installation Script

• Check all dependencies are installed
• Create the necessary directory structures
• Detect currently open ports
• restart the csf and lfd daemons after initial configuration

# sh install.sh

# perl /usr/local/csf/bin/csftest.pl

Output of the above command is as follows:

Testing ip_tables/iptable_filter...OK

Testing ipt_LOG...OK

Testing ipt_multiport/xt_multiport...OK

Testing ipt_REJECT...OK

Testing ipt_state/xt_state...OK

Testing ipt_limit/xt_limit...OK

Testing ipt_recent...OK

Testing xt_connlimit...OK

Testing ipt_owner/xt_owner...OK

Testing iptable_nat/ipt_REDIRECT...OK

Testing iptable_nat/ipt_DNAT...OK

RESULT: csf should function on this server

Step 4: Disable Firewall and Configure CSF

Disable firewalld if running and configure CSF

# systemctl stop firewalld

# systemctl disable firewalld

Change TESTING = "1" to TESTING = "0"

List allowed incoming and outgoing ports as a comma-separated list

/etc/csf/csf.conf as shown in output:

# Testing flag - enables a CRON job that clears iptables incase of

# configuration problems when you start csf. This should be enabled until you

# are sure that the firewall works - i.e. incase you get locked out of your

# server! Then do remember to set it to 0 and restart csf when you're sure

# everything is OK. Stopping csf will remove the line from /etc/crontab

#

# lfd will not start while this is enabled

TESTING = "0"

# Allow incoming TCP ports

TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"

# Allow outgoing TCP ports

TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995"

Save the changes and return to the command line.

Step 5 – Restart and Test CSF

# systemctl restart {csf,lfd}

# systemctl enable {csf,lfd}

# systemctl is-active {csf,lfd}

# csf -v

Setting up CSF and Intrusion Detection Rules

Inspect the current firewall rules as follows:

# csf -l

You can also stop them or reload them with:

# csf -f

# csf -r

Check after making changes and restarting csf and lfd.

Example 1 – Allowing and Forbidding IP Addresses

To allow incoming connections from 192.168.0.10.

# csf -a 192.168.0.10

You can deny connections originating from 192.168.0.11.

# csf -d 192.168.0.11

Remove each of the above rules.

# csf -ar 192.168.0.10

# csf -dr 192.168.0.11

The output will be as follow:

Use of -ar or -dr above removes existing allow and deny rules:

Example 2 – Limiting Incoming Connections by Source

• Open /etc/csf/csf.conf
• Search for CONNLIMIT
• Specify multiple ports
• connections pairs separated by commas

CONNLIMIT = "22;2,80;10"

Example 3 – Sending Alerts via Email

• Look for EMAIL_ALERT
• Search in /etc/csf/csf.conf
• Set to "1" to receive

LF_SSH_EMAIL_ALERT = "1"

LF_SU_EMAIL_ALERT = "1"

CSF Configuration Options and Usage

• Modify and control csf configuration
• Configuration files of csf are located under /etc/csf directory
• Restart the csf daemon to make changes

csf.conf : The main configuration file for controlling CSF

csf.allow : The list of allowed IP’s and CIDR addresses on the firewall

csf.deny : The list of denied IP’s and CIDR addresses on the firewall

csf.ignore : The list of ignored IP’s and CIDR addresses on the firewall

csf.*ignore : The list of various ignore files of users, IP’s

Remove CSF Firewall

Run the following script located under /etc/csf/uninstall.sh directory.

# /etc/csf/uninstall.sh

It will erase the CSF firewall completely with all the files and folders.

Final Thoughts!

Congratulations on making it to the end! Let us know in the comments below if this tutorial worked, and if you liked it then you can share it among your friends.