Skip to main content

CWP: How to Install CSF on CentOS 7

CSF is an application-based firewall for iptables provided for Linux servers. CSF has many features and can support web-based management tools like CWP, cPanel/WHM, DirectAdmin and Webmin. CSF is easy to install and use on the server, it makes security management easier for sysadmins.

To add more power to this, it comes with a Login Failure Daemon (LFD) script that runs all the time to scan for failed attempts to login to the server to detect bruteforce-attacks. There are an array of extensive checks that lfd can perform to help alert the server administrator of changes to the server, potential problems and possible compromises.
LFD also blocks IPs if a huge number of failed logins are appearing from that IP. The block is temporary. It also allows the admin to view the blocked IP by enabling an email alert service.

Some of the features include:
Login Tracking
Process Tracking
Directory Watching
Advanced Allow/Deny features
Block Reporting
Port Flood Protection ....etc

Before going through the configuration process of CSF you'll have to stop and disable the default firewalld services of CentOS 7 server and to do so run following command:
# systemctl stop firewalld 
# systemctl disable firewalld
# systemctl mask firewalld

# systemctl stop fail2ban
# systemctl disable fail2ban
# systemctl mask fail2ban
1.Install iptables.
# yum -y install iptables-services
Create necessary files which are needed by ip-tables.
# touch /etc/sysconfig/iptables
# touch /etc/sysconfig/iptables6
You can now safely start iptables service using sytemctl command:
# systemctl start iptables
# systemctl start ip6tables
To make sure iptables service always runs each time your server reboot, then do this:
# systemctl enable iptables
# systemctl enable ip6tables
The CSF package relies on Perl for some of its functionality. So first we need to make sure that Perl is installed by running the following command:
# yum list installed perl
If it’s not installed, then you can install it by typing:
# yum install perl
Install the CSF dependencies
# yum install perl-libwww-perl.noarch perl-Time-HiRes  perl-libwww-perl perl-LWP-Protocol-https perl-GDGraph -y
2.Downloading and Installing
The first step involves removing any previous version of csf that might have been downloaded and then downloading the latest version. To perform these use the following two commands:
# cd /usr/local/src
# rm -fv csf.tgz
# wget http://www.configserver.com/free/csf.tgz
Now we extract the tar file in the home directory and move into the csf directory.
# tar -xzf csf.tgz
# cd csf
Install CSF using the following command:
# sh install.sh
Now you should check that CSG really works on this server. Go to the "/usr/local/csf/bin/" directory, and run "csftest.pl".
# cd /usr/local/csf/bin/
# perl csftest.pl
If you see the test results as shown below, then CSF is running without problems on your server:
RESULT: csf should function on this server
3.Remove other firewalls
It is important to remove older firewalls or any other firewalls setup to protect the server.So use the following command to detect and remove them if they exist.
# sh /usr/local/csf/bin/remove_apf_bfd.sh
I didn't have it pre-installed , so the output of the command in my system looked like the image below:
Prepare CSF for production Server:
Now Open CSF Configuration file "/etc/csf/csf.conf" with your favourite editor:
# vi /etc/csf/csf.conf
Change line 11 "TESTING " to "0" for applying the firewall configuration.
TESTING = "0"
Don't Block IP addresses that are in the csf.allow files.
By default lfd also will block an IP under csf.allow files, so if you want that an IP in csf.allow files never get blocked by lfd, then please go to the line 310 and change "IGNORE_ALLOW" to "1". This is useful when you have a static IP at home or in office and want to ensure that your IP never gets blocked by the firewall on your internet server.
IGNORE_ALLOW = "1"
4. Send the Su and SSH Login log by Email.
You can set an email address that is used by LFD to send an email about "SSH Login" events and users that run the "su" command, Find the following sysntax and change the value to "1".
LF_SSH_EMAIL_ALERT = "1"
...
LF_SU_EMAIL_ALERT = "1"
...
LF_ALERT_TO = "mymail@mydomain.tld"
Now start CSF and LFD with systemctl command:
# systemctl start csf
# systemctl start lfd
And then enable the csf and lfd services to be started at boot time:
# systemctl enable csf
# systemctl enable lfd
Uninstalling CSF and LFD
If you want to remove CSF completely, then just use the following two commands.
# cd /etc/csf
# sh uninstall.sh

Comments

Most Popular

CWP DNS Part 1 : How to Configure DNS properly for CentOS WebPanel on CentOS 7.6

After hosting my parent domain on CWP7.admin, I am getting dns error and i'm not able access my server using my server FQDN but i can access using my server IP.
So what can i do for that problem ?

Yes, you have to fix the error .

Environment Details:
Distro Name: CentOS Linux release 7.6.1810 (Core)
CentOS-Web Panel version: CWP7.admin
CWP version: 0.9.8.757
WebServer: Apache Only
FQDN: host.datahead.biz
IP: 192.120.10.3

1.Change Hostname Permanently:
# hostnamectl set-hostname host.datahead.biz# hostnamectl Static hostname: host.datahead.biz Icon name: computer-vm Chassis: vm Machine ID: 7400071490ea4f7d931374824ad4b52c Boot ID: 6e1f2d76495d4b318c25c4a1195aa130 Virtualization: vmware Operating System: CentOS Linux 7 (Core) CPE OS Name: cpe:/o:centos:centos:7 Kernel: Linux 3.10.0-862.14.4.el7.x86_64 Architecture: x86-64 It also writes this information to the /etc/hostname file as well.
# cat /etc/hostname host.d…

CWP DNS Part 2 : How to Configure DNS properly for CentOS WebPanel on CentOS 7.6

7.Open Main Configuration file
# vi /etc/named.conf 12 options { 13 listen-on port 53 { any; }; 14 listen-on-v6 port 53 { ::1; }; 15 directory "/var/named"; 16 dump-file "/var/named/data/cache_dump.db"; 17 statistics-file "/var/named/data/named_stats.txt"; 18 memstatistics-file "/var/named/data/named_mem_stats.txt"; 19 recursing-file "/var/named/data/named.recursing"; 20 secroots-file "/var/named/data/named.secroots"; 21 allow-query { any; }; 33 recursion no; 34 35 dnssec-enable yes; 36 dnssec-validation yes; 54 zone "." IN { 55 type hint; 56 file "named.ca"; 57 }; 58 59 include "/etc/named.rfc1912.zones"; 60 include "/etc/named.root.key"; 61 …