CSF stands for ConfigServer Security and Firewall is one the most useful Open Source security application for linux operating systems that is used as a Packet Inspection Firewall, Login and Intrusion detection for the linux servers. Using CSF helps to protect servers against many security attacks such as brute force attacking. It comes with a service called (LFD) Login Failure Daemon that prevents unauthorized access to network daemons by watches your user activity for excessive login failures that we want to restrict access by IP address to helps in preventing access to compromise networks daemons. So, whenever there comes a large number of wrong attempts from a specific IP, then that IP will immediately be temporarily blocked from all services on the server.
The ConfigServer Security & Firewall come with lot of features to provide SSH login notifications, excessive connection blocking , mod_security failures, suspicious process reporting and many others.
CSF can be installed on any Linux distribution, bu in this tutorial we are going to install and configure it using CentOS 7.1 .
Login to your Centos 7 server with root user and make sure that you are connected to the Internet to update your system with latest updates and for installing the required dependent packages for CSF.
After login, run the below command for system update.
# yum update
Then to install the perl modules that are required for setting up csf on Centos 7 run the below command.
# yum -y install perl perl-libwww-perl perl-LWP-Protocol-https perl-GDGraph wget unzip net-tools
2) Download CSF Installation Package
To download the ConfigServer Security & Firewall package, run the below command in the /usr/src/ directory as shown.
# wget https://download.configserver.com/csf.tgz
After downloading the archived package run the following command to extract this within the same directory.
# tar -xzf csf.tgz
Now change the directory to the extracted folder and use the list command to view its inside configuration and installation scripts as shown.
3) Installing ConfigServer Security Firewall
To start installation of CSF on CentOS 7, we will run the installation script that is present within the same directory as shown above.
Let's run the below command as shown.
# sh install.sh
The installation script will check for its basic perl modules and root access, then creates a number directories and compile different configurations files and libraries during its installation process as shown below.
*** USE_CONNTRACK Enabled
*** IPV6 Enabled
*** IPV6_SPI set to 1
TCP ports currently listening for incoming connections:
UDP ports currently listening for incoming connections:
Note: The port details above are for information only, csf hasn't been auto-configured.
Don't forget to:
1. Configure the following options in the csf configuration to suite your server: TCP_*, UDP_*
2. Restart csf and lfd
3. Set TESTING to 0 once you're happy with the firewall, lfd will not run until you do so
Adding current SSH session IP address to the csf whitelist in csf.allow:
Adding 172.xx.xx.xx to csf.allow only while in TESTING mode (not iptables ACCEPT)
*WARNING* TESTING mode is enabled - do not forget to disable it in the configuration
‘lfd.service’ -> ‘/usr/lib/systemd/system/lfd.service’
‘csf.service’ -> ‘/usr/lib/systemd/system/csf.service’
ln -s '/usr/lib/systemd/system/csf.service' '/etc/systemd/system/multi-user.target.wants/csf.service'
ln -s '/usr/lib/systemd/system/lfd.service' '/etc/systemd/system/multi-user.target.wants/lfd.service'
‘/etc/csf/csfwebmin.tgz’ -> ‘/usr/local/csf/csfwebmin.tgz’
We can see that before the installation process completes, csf auto-configures the already listening ports including the SSH port on installation and then auto-whitelists the connected IP address where possible on installation.
4) Testing CSF IPTable Modules
Once the installation process is complete, run the below command to test the status of required iptables modules.
# perl /usr/local/csf/bin/csftest.pl
5) CSF Configuration & Usage
To configure the CSF Firewall On CentOS 7 and other Red Hat Enterprise Linux (RHEL) based distributions, the default configuration file can be found in location of "/etc/csf/"
The configuration files include the following number of files as shown in the image.
To enable the fully functional CSF firewall configure the default csf configuration file with following parameters.
[[email protected] csf]# vim csf.conf
TESTING = "0"
Now we will specify an email address to report errors from the Login Failure Daemon by making the following configuration changes.
After making configuration changes we have to reload the csf services by using the below command so that the configuration changes can take effect.
# csf -r
If you want to check the status of csf service then run the below command.
# service csf status
Run the following command for complete overview of all command line options that you use can with csf.
# csf --help
In this article we learned about installation, configuration and usage of ConfigServer Security and Firewall, which is one of the most widely used open source tool freely available for installing on linux platforms. Using this tool we can secure our servers from many threats by using its simple configurations and commands. Its installation process is very simple and its easy to use that's why many organizations prefer to use this tool. We can also use and manage it from graphical user interface which can be accessed after installing the webmin tool by using its available plug-ins.