CSF - Firewall Installation & Configuration
Posted by Madhusudan S, Last modified by Madhusudan S on 18 May 2015 04:29:55 PM
The CSF (ConfigServer) firewall is a Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers.
The CSF comes with the LFD (Login Failure Daemon), which would detect any malicious login attempts to the server made through any of these -
* courier imap and pop3
This is an additional feature to the packet filtering. With this Firewall installed, the need for manual intervention reduces. In case, of Brute Force attempts, multiple failed login attempts, high server load, etc. the LFD will send notification emails. These email notifications are being generated to keep you informed about system health and possible signs of brute force, (d)DoS attack or unauthorized processes running. While most of the actions will be done automatically by CSF/LFD, it still would be a good idea to check these emails for cases where, say, unauthorized logins are happening or things like unauthorized processes running on the system.
Steps to install the CSF firewall are as follows:
First of all, get the latest version of CSF from http://www.configserver.com/cp/csf.html (http://www.configserver.com/free/csf.tgz).
– cd /usr/local/src
Your CSF Firewall will be installed to /etc/csf and your allowed inbound/outbound port configuration has been adjusted to your current settings.
You are ready to take the firewall into productive mode. Open your configuration file in /etc/csf/csf.conf to make further adjustments and restart the firewall after for changes to take effect (/etc/init.d/csf restart).
Open your csf.conf again and change the value of TESTING=”1″ to 0. Once this is done, restart the firewall using the command “/etc/init.d/csf restart” or “csf -r”.
Managing CSF via Command Line Interface is very simple. For commands and information, type csf. Here are the few basic commands.
Allowing IP csf -a <ip_address>
Once the installation is done and before turning the testing mode off, you need to make sure that you have configured the firewall properly.
Cpanel = “20,21,22,25,26,53,80,110,143,443,465,993,995,2082,2083,2086,2087,2095,2096″
For “TCP_OUT” and add following Ports
Cpanel = “21,22,25,26,27,37,43,53,80,110,113,443,465,873,2089″
Cpanel = “20,21,53,953″
Cpanel = “20,21,53,113,123,873,953″
Configure SMTP for cPanel:
SMTP_BLOCK = “1″
SMTP_BLOCK = “1″
Likewise, you have to make sure that the CSF is correctly configured after installing it. If you have any custom ports, please don't forget to add those to csf conf as well.