Introduction
CSF is a Stateful Packet Inspection (SPI) firewall that acts as a strong line of defense that provides security, prevents malicious attempts to access server ports, scans log files, monitors unsuccessful suspicious login attempts and suggests corrective actions.
CSF Extensions: LFD & Login Tracking
CSF has been exclusively designed to provide security to your Linux server or Virtual Private Server (VPS). CSF comes with an additional Login Failure Daemon (LFD) process that scans the log file entries periodically after every (X) second, looking for suspicious multiple failed login attempts within a certain time slot. The daemon process reacts and blocks such as unauthorized IP’s. Another key feature is the “Login Tracking”, an extension of LFD, restricts the number of SSH, SMTP, POP3 and IMAP connections per IP per hour per Account.
CSF Installation
A front end UI based platform is available for both CSF and LFD, and are both accessible by the root account through cPanel, WebAdmin, and DirectAdmin. The ConfigServer offers a free Web Host Manager (WHM) plugin CSF, allowing the modifications and updates of iptable rules within WHM.
Step 1: Login and run the commands
Execute the following commands after you login as a root user to SSH.
cd /usr/src rm -fv csf.tgz wget http://www.configserver.com/free/csf.tgz tar -xzf csf.tgz cd csf sh install.sh
Step 2: Remove or disable previous APF+BFD script
Keep in mind that the previous existence of any other iptables firewall configuration script such as APF+BFD should be removed or at least disabled. APF is a frontend for the iptables application. Using APF, the user can avoid using iptables syntaxes needed to open and close ports. Else, the CSF installation attempt would fail with numerous conflicts.
Disable: sh /usr/local/csf/bin/disable_apf_bfd.sh Remove: sh /usr/local/csf/bin/remove_apf_bfd.sh
Feel free to configure the csf and lfd by reading the configuration and related documentation files present at:
/etc/csf/readme.txt /etc/csf/csf.conf
cPanel Configuration
For cPanel and DirectAdmin users, CSF is already preconfigured to work with cPanel ports open. When running on a non-standard port, CSF auto-configures your SSH port on installation. The default cPanel and WHM come bundled with a lot of services active and ports open. It is up to the discretion of the server administrator or the hosting companies to uninstall such services frees the system resources and reduce vulnerabilities through attacks.
Step 4: Testing Firewall effectiveness
To test your Firewall effectiveness, set the TESTING = 1. This blocks you from your own server. Change it back to TESTING = 0 when you are satisfied.
The above table shows the default cPanel port firewall combination. The TCP_IN/TCP_OUT/UDP_IN/ UDP_OUT is the list of ports that need to be open so that the server can operate. For example, if you changed the default SSH port, it is necessary to add it here. Also, while installing new software or games make sure you add the necessary ports in these lists.
Conclusion
Congratulations, you have successfully installed ConfigServer & Firewall.
Leave a Reply