Posted inUncategorized

Installing and Configuring CSF in Linux

In this article you can learn how to install and configure ConfigServer Security & Firewall (also known as CSF for short), a full-blown security suite for Linux.

Installing and Configuring CSF in Linux

To begin, please note that Perl and libwww is a prerequisite to install CSF on any of the supported distributions (RHEL and CentOS, openSUSE, Debian, and Ubuntu).

# yum install perl-libwww-perl
# apt install libwww-perl

Step 1 – Download CSF

# cd /usr/src
# wget https://download.configserver.com/csf.tgz

Step 2 – Extract the CSF tarball

# tar xzf csf.tgz
# cd csf

Step 3 – Run the CSF Installation Script

This part of the process will check that all dependencies are installed, create the necessary directory structures and files for the web interface, detect currently open ports, and remind you to restart the csf and lfd daemons after you’re done with the initial configuration.

# sh install.sh
# perl /usr/local/csf/bin/csftest.pl

Step 4: Disable Firewall and Configure CSF

# systemctl stop firewalld
# systemctl disable firewalld

Change TESTING = “1” to TESTING = “0” (otherwise, the lfd daemon will fail to start) and list allowed incoming and outgoing ports as a comma-separated list (TCP_IN and TCP_OUT, respectively) in /etc/csf/csf.conf as shown in the below output:

Once you are happy with the configuration, save the changes and return to the command line.

Step 5 – Restart and Test CSF

# systemctl restart {csf,lfd}
# systemctl enable {csf,lfd}
# systemctl is-active {csf,lfd}
# csf -v

CSF Configuration Options and Usage

These following options are used to modify and control csf configuration. All the configuration files of csf are located under /etc/csf directory. If you modify any of the following files you will need to restart the csf daemon to take changes.

  • csf.conf : The main configuration file for controlling CSF.
  • csf.allow : The list of allowed IP’s and CIDR addresses on the firewall.
  • csf.deny : The list of denied IP’s and CIDR addresses on the firewall.
  • csf.ignore : The list of ignored IP’s and CIDR addresses on the firewall.
  • csf.*ignore : The list of various ignore files of users, IP’s.

Remove CSF Firewall

If you would like to remove CSF firewall completely, just run the following script located under /etc/csf/uninstall.sh directory.

# /etc/csf/uninstall.sh

The above command will erase CSF firewall completely with all the files and folders.

Hope you like the above blog article