How To Install and Configure CSF (Config Server Security & Firewall) on Linux

Written by
Rahul K.
Linux Tutorials, Security 2 Comments

CSF (ConfigServer Filewall) is an iptables firewall. Its installation is very simple and straightforward. CSF supports most of common used Linux operting systems like Red Hat Enterprise Linux, CentOS, CloudLinux, Fedora, openSUSE, Debian, Ubuntu & Slackware. Read more about CSF. Follow the below steps to install CSF firewall in your Linux operating system and do some configuration.

LFD stands for Login Failure Daemon. Its an process that actively monitors the log file for user login entries and send the alerts to admin on basis of configured rules. read more about CSF.

csf-security-diagram

This article will help you to install CSF on Linux system with very easy steps.

Step 1: Download CSF Source Archive

Download latest CSF archive source code from its official site and extract on your Linux box. Then extract source code.

# cd /opt
# wget http://download.configserver.com/csf.tgz
# tar xzf csf.tgz

Step 2: Install CSF

CSF provides and bash script to easily install it on any operating system. This script automatically detect your operating system and install CSF accordingly. Run install.sh script.

# cd /opt/csf
# sh install.sh

Step 3: Test iptables modules

Run the csftest.pl perl script to verify if all the required iptables modules are installed on your system to make is proper working.

# perl /usr/local/csf/bin/csftest.pl

Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK

RESULT: csf should function on this server

Step 4: Enable and Restart CSF

After successfully installing CSF on your system, You need to change following setting in csf.conf to enable CSF.

# vim /etc/csf/csf.conf

TESTING=0

Now restart CSF firewall to reload new changes using following command.

# cd /etc/csf
# csf -r

Prevent DDOS Attacks

Configure CSF+LDF to prevent server from DDOS attacks. To enable it edit /etc/csf/csf.conf and update following settings.

  • Total number of connections allowed from single host. To disable this feature, set this to 0 
    CT_LIMIT = "20"
  • Connection Tracking interval in seconds. 
    CT_INTERVAL = "30"
  • Sent email alerts for each blocked ip. 
    CT_EMAIL_ALERT =1
  • Set this to 1 to block ips permanent. 
    CT_PERMANENT = 1
  • If you opt for temporary IP blocks for CT, then the following is the interval
    in seconds that the IP will remained blocked

    CT_BLOCK_TIME = 1800
  • If you only want to count specific ports (e.g. 22,23,80,443) then add the ports. else keep it empty to check all ports 
    CT_PORTS = "22,23,80,443"

    • Rahul K.
    Rahul K.
    Connect on Facebook Connect on Twitter Connect on Google+

    I, Rahul Kumar is the founder and chief editor of TecAdmin.net. I am Red Hat Certified Engineer (RHCE) and working as IT professional since 2009.

    Related Posts

    2 Comments

    1. Paran patel Reply to Paran
      November 25, 2013 at 6:05 pm

      Nice tutorial….. after installing csf I have added some custom rules using iptables command but rules flushed after csf restart…. plz help me to how can I add rules….

    Leave a Reply

    All rights reserved. © 2017 TecAdmin.net. This site uses cookies. By using this website you agree our term and services
    Hosted @DigitalOcean