1. CSF concept:
CSF (ConfigServer & Firewall) is a set of applications that work on Linux as a firewall that is released for free to increase the security of the server (VPS & Dedicated). CSF works based on iptables and ldf process to scan log files for signs of unusual attacks.
CSF will help your server:
- Anti-DoS
- Anti Scan Port
- Anti BruteFore Attack on ftp server, web server, mail server, directadmin, cPanel…
- Anti-Syn Flood
- Anti Ping Flood
- Allows to block access from a certain country by specifying the IOS standard Country Code
- IPv6 support
- Allows you to redirect requests from blocked IPs to an html file to notify users that their IP is locked.
- Detect unauthorized logins of SSH, SMTP services….
- And many more features, you can find out for yourself [here] http://www.configserver.com/cp/csf.html
CSF can be integrated into the user interfaces (UI) of WHM/cPanel, DirectAdmin, Webmin (I will write in another article)
2. Installing and Configuring CSF on Centos7
Step 1: Yum the library packages && download the installation file
1 2 3 4 5 6 7 8 | yum install wget perl-libwww-perl.noarch perl-Time-HiRes -y cd /usr/src/ wget https://download.configserver.com/csf.tgz tar -xzf csf.tgz cd csf sh install.sh |
Note: Since CSF is based on Perl, we need to install the Perl library on the server first.
Step 2: Check if CSF is working
1 2 3 | cd /usr/local/csf/bin/ perl csftest.p |
If you get the following message, it means that CSF is working without any problems.
1 2 | RESULT: csf should function on this server |
Step 3: Configure CSF on Centos 7 Before going into CSF configuration on Centos 7, you must know that Centos 7 operating system has a default firewall application firewalld. You have to stop firewalld and remove it from boot by OS
1 2 3 | systemctl stop firewalld systemctl disable firewalld |
Then edit the file /etc/csf/csf.conf
1 2 3 | cd /etc/csf/ vi csf.conf |
You need to edit the TESTING configuration from 1 to 0, then go to line 139 and check the TCP_IN entry to see if your SSH port is available, by default when installing CSF, the SSH port is automatically opened, even if you have change port.
1 2 | TESTING = "0" |
You configure TCP_IN, TCP_OUT, UDP_IN and UDP_OUT for the ports that suit your needs.
1 2 3 4 5 6 7 8 9 10 11 12 13 | # Allow incoming TCP ports TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995" # Allow outgoing TCP ports TCP_OUT = "20,21,22,25,53,80,110,113,443" # Allow incoming UDP ports UDP_IN = "20,21,53" # Allow outgoing UDP ports # To allow outgoing traceroute add 33434:33523 to this list UDP_OUT = "20,21,53,113,123" |
Now restart CSF and LFD
1 2 3 | systemctl start csf systemctl start lfd |
Enable csf and lfd services to be started with Centos
1 2 3 | systemctl enable csf systemctl enable lfd |
Now you can view all CSF rules with the following command
1 2 | csf -l |
So we have finished installing and configuring CSF on Centos 7
3. CSF configuration files
- csf.conf: Main configuration file for managing CSF
- csf.allow: List of IP addresses allowed through the firewall
- csf.deny: List of IP addresses denied through the firewall
- csf.ignore: List of IP addresses allowed through the firewall and not blocked if there is a problem
4. Some commonly used commands
Command | Function |
---|---|
csf -s | Run firewall |
csf -f | Stop – Flush firewall |
csf -r | Reload CSF (especially after configuration changes, settings) |
csf -l | Show iptables rules (IP4) |
csf -p | Check open ports |
csf –lfd | With the parameter [stop |
csf -a IPADDRESS | Allowing an IP to access, it adds to the /etc/csf/csf.allow list, the IPs listed in this list default through the Firewall, but it is still checked by LFD. For example, add IP 123.123.123.123, then type csf -a 123.123.123.123 |
csf -d IPADDRESS | Prohibit an IP from accessing it, it adds to the list /etc/csf/csf.deny, for example csf -d 123.123.123.123 |
csf -df IPADDRESS | Remove an IP from the block list csf -df 123.123.123.123 |
csf -t | Display a list of ips that are allowed and temporarily blocked (ips go out of the list after a period of time) |
csf -ar IPADDRESS | Remove allowed IP address |
csf -g IPADDRESS | Check if IP address is blocked |
csf -x | Turn off CSF |
csf -e | Open CSF |