CSF is an application-based firewall for iptables provided for Linux servers. CSF has many features and can support web-based management tools like CWP, cPanel/WHM, DirectAdmin and Webmin. CSF is easy to install and use on the server, it makes security management easier for sysadmins.
To add more power to this, it comes with a Login Failure Daemon (LFD) script that runs all the time to scan for failed attempts to login to the server to detect bruteforce-attacks. There are an array of extensive checks that lfd can perform to help alert the server administrator of changes to the server, potential problems and possible compromises.
LFD also blocks IPs if a huge number of failed logins are appearing from that IP. The block is temporary. It also allows the admin to view the blocked IP by enabling an email alert service.
Some of the features include:
Login Tracking
Process Tracking
Directory Watching
Advanced Allow/Deny features
Block Reporting
Port Flood Protection ....etc
Before going through the configuration process of CSF you'll have to stop and disable the default firewalld services of CentOS 7 server and to do so run following command:
The first step involves removing any previous version of csf that might have been downloaded and then downloading the latest version. To perform these use the following two commands:
RESULT: csf should function on this server
3.Remove other firewalls
It is important to remove older firewalls or any other firewalls setup to protect the server.So use the following command to detect and remove them if they exist.
Prepare CSF for production Server:
Now Open CSF Configuration file "/etc/csf/csf.conf" with your favourite editor:
Don't Block IP addresses that are in the csf.allow files.
By default lfd also will block an IP under csf.allow files, so if you want that an IP in csf.allow files never get blocked by lfd, then please go to the line 310 and change "IGNORE_ALLOW" to "1". This is useful when you have a static IP at home or in office and want to ensure that your IP never gets blocked by the firewall on your internet server.
You can set an email address that is used by LFD to send an email about "SSH Login" events and users that run the "su" command, Find the following sysntax and change the value to "1".
If you want to remove CSF completely, then just use the following two commands.
For Debian 11:
To add more power to this, it comes with a Login Failure Daemon (LFD) script that runs all the time to scan for failed attempts to login to the server to detect bruteforce-attacks. There are an array of extensive checks that lfd can perform to help alert the server administrator of changes to the server, potential problems and possible compromises.
LFD also blocks IPs if a huge number of failed logins are appearing from that IP. The block is temporary. It also allows the admin to view the blocked IP by enabling an email alert service.
Some of the features include:
Login Tracking
Process Tracking
Directory Watching
Advanced Allow/Deny features
Block Reporting
Port Flood Protection ....etc
Before going through the configuration process of CSF you'll have to stop and disable the default firewalld services of CentOS 7 server and to do so run following command:
# systemctl stop firewalld
# systemctl disable firewalld
# systemctl mask firewalld
# systemctl stop fail2ban
# systemctl disable fail2ban
# systemctl mask fail2ban# yum -y install iptables-services# touch /etc/sysconfig/iptables
# touch /etc/sysconfig/iptables6# systemctl start iptables
# systemctl start ip6tables# systemctl enable iptables
# systemctl enable ip6tables# yum list installed perl
# yum install perl# yum install perl-libwww-perl.noarch perl-Time-HiRes perl-libwww-perl perl-LWP-Protocol-https perl-GDGraph -yThe first step involves removing any previous version of csf that might have been downloaded and then downloading the latest version. To perform these use the following two commands:
# cd /usr/local/src
# rm -fv csf.tgz
# wget http://www.configserver.com/free/csf.tgz# tar -xzf csf.tgz
# cd csf# sh install.sh# cd /usr/local/csf/bin/
# perl csftest.plRESULT: csf should function on this server
It is important to remove older firewalls or any other firewalls setup to protect the server.So use the following command to detect and remove them if they exist.
# sh /usr/local/csf/bin/remove_apf_bfd.sh
Now Open CSF Configuration file "/etc/csf/csf.conf" with your favourite editor:
# vi /etc/csf/csf.confTESTING = "0"
By default lfd also will block an IP under csf.allow files, so if you want that an IP in csf.allow files never get blocked by lfd, then please go to the line 310 and change "IGNORE_ALLOW" to "1". This is useful when you have a static IP at home or in office and want to ensure that your IP never gets blocked by the firewall on your internet server.
IGNORE_ALLOW = "1"You can set an email address that is used by LFD to send an email about "SSH Login" events and users that run the "su" command, Find the following sysntax and change the value to "1".
LF_SSH_EMAIL_ALERT = "1"
...
LF_SU_EMAIL_ALERT = "1"
...
LF_ALERT_TO = "mymail@mydomain.tld"# systemctl start csf
# systemctl start lfd# systemctl enable csf
# systemctl enable lfdIf you want to remove CSF completely, then just use the following two commands.
# cd /etc/csf
# sh uninstall.shbash install.sh
https://www.howtoforge.com/how-to-install-config-server-firewall-csf-on-debian-11/
https://community.time4vps.com/discussion/274/csf-install-configserver-security-amp-firewall-application
https://vitux.com/how-to-install-config-server-firewall-csf-on-debian/
Comments
Post a Comment
You are always welcome to comment here, but your remarks should be relevant to the conversation. To keep the exchanges focused and engaging, we reserve the right to remove off-topic comments, or self-promoting URLs and vacuous messages.
We will try to reply to your queries as soon as time allows.
Regards,
Admin