The CSF (ConfigServer) firewall is a Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers.
The CSF comes with the LFD (Login Failure Daemon), which would detect any malicious login attempts to the server made through any of these -
* courier imap and pop3
* ssh
* non-ssl cpanel / whm / webmail
* pure-pftd
* password protected web pages (htpasswd)
* mod_security failures
This is an additional feature to the packet filtering. With this Firewall installed, the need for manual intervention reduces. In case, of Brute Force attempts, multiple failed login attempts, high server load, etc. the LFD will send notification emails. These email notifications are being generated to keep you informed about system health and possible signs of brute force, (d)DoS attack or unauthorized processes running. While most of the actions will be done automatically by CSF/LFD, it still would be a good idea to check these emails for cases where, say, unauthorized logins are happening or things like unauthorized processes running on the system.
Steps to install the CSF firewall are as follows:
Step 1
First of all, get the latest version of CSF from http://www.configserver.com/cp/csf.html (http://www.configserver.com/free/csf.tgz).
Step 2
Login as root, and run
– cd /usr/local/src
– wget http://www.configserver.com/free/csf.tgz
– gunzip csf.tgz
– tar xf csf.tar
– cd csf
Step 3
You are now in the CSF installation directory where you will find 3 installation scripts. One is for generic server use, the other 2 are pre-configured for use in either DirectAdmin or cPanel based dedicated servers. Make your choice and run one of the following commands;
– ./install.generic.sh
– ./install.directadmin.sh
– ./install.cpanel.sh [ Once installed you can manage the CSF settings from your WHM panel (Home > Plugin). ]
Your CSF Firewall will be installed to /etc/csf and your allowed inbound/outbound port configuration has been adjusted to your current settings.
Step 4
You are ready to take the firewall into productive mode. Open your configuration file in /etc/csf/csf.conf to make further adjustments and restart the firewall after for changes to take effect (/etc/init.d/csf restart).
Open your csf.conf again and change the value of TESTING=”1″ to 0. Once this is done, restart the firewall using the command “/etc/init.d/csf restart” or “csf -r”.
Managing CSF via Command Line Interface is very simple. For commands and information, type csf. Here are the few basic commands.
Allowing IP csf -a <ip_address>
Denying IP csf -d <ip_address>
Once the installation is done and before turning the testing mode off, you need to make sure that you have configured the firewall properly.
EG:
For “TCP_IN”
Cpanel = “20,21,22,25,26,53,80,110,143,443,465,993,995,2082,2083,2086,2087,2095,2096″
Plesk = “20,21,22,25,53,80,110,143,443,465,993,995,8443,8880″
For “TCP_OUT” and add following Ports
Cpanel = “21,22,25,26,27,37,43,53,80,110,113,443,465,873,2089″
Plesk = “20,21,22,25,53,37,43,80,113,443,465,873,5224,5443″
“UDP_IN“
Cpanel = “20,21,53,953″
Plesk = “20,21,37,53,873″
“UDP_OUT“
Cpanel = “20,21,53,113,123,873,953″
Plesk = “20,21,53,113,123,873,6277″
Configure SMTP for cPanel:
SMTP_BLOCK = “1″
SMTP_ALLOWLOCAL = “1″
SMTP_PORTS = “25,26″
SMTPAUTH_LOG = “/var/log/exim_mainlog”
For Plesk:
SMTP_BLOCK = “1″
SMTP_ALLOWLOCAL = “1″
SMTP_PORTS = “25,587″
SMTPAUTH_LOG = “/usr/local/psa/var/log/maillog”
Likewise, you have to make sure that the CSF is correctly configured after installing it. If you have any custom ports, please don't forget to add those to csf conf as well.
