Skip to main content

CWP: How to Install CSF on CentOS 7 ?

CSF is an application-based firewall for iptables provided for Linux servers. CSF has many features and can support web-based management tools like CWP, cPanel/WHM, DirectAdmin and Webmin. CSF is easy to install and use on the server, it makes security management easier for sysadmins.

To add more power to this, it comes with a Login Failure Daemon (LFD) script that runs all the time to scan for failed attempts to login to the server to detect bruteforce-attacks. There are an array of extensive checks that lfd can perform to help alert the server administrator of changes to the server, potential problems and possible compromises.
LFD also blocks IPs if a huge number of failed logins are appearing from that IP. The block is temporary. It also allows the admin to view the blocked IP by enabling an email alert service.

Some of the features include:
Login Tracking
Process Tracking
Directory Watching
Advanced Allow/Deny features
Block Reporting
Port Flood Protection ....etc

Before going through the configuration process of CSF you'll have to stop and disable the default firewalld services of CentOS 7 server and to do so run following command:
# systemctl stop firewalld 
# systemctl disable firewalld
# systemctl mask firewalld

# systemctl stop fail2ban
# systemctl disable fail2ban
# systemctl mask fail2ban
1.Install iptables ( Optional or No Need )
# yum -y install iptables-services
Create necessary files which are needed by ip-tables.
# touch /etc/sysconfig/iptables
# touch /etc/sysconfig/iptables6
You can now safely start iptables service using sytemctl command:
# systemctl start iptables
# systemctl start ip6tables
To make sure iptables service always runs each time your server reboot, then do this:
# systemctl enable iptables
# systemctl enable ip6tables
2.Install Required Perl Module: The CSF package relies on Perl for some of its functionality. So first we need to make sure that Perl is installed by running the following command:
# yum list installed perl
If it’s not installed, then you can install it by typing:
# yum install perl
Install the CSF dependencies
# yum install perl-libwww-perl.noarch perl-Time-HiRes  perl-libwww-perl perl-LWP-Protocol-https perl-GDGraph -y
2.Downloading and Installing
The first step involves removing any previous version of csf that might have been downloaded and then downloading the latest version. To perform these use the following two commands:
# cd /usr/local/src
# rm -fv csf.tgz
# wget http://www.configserver.com/free/csf.tgz
Now we extract the tar file in the home directory and move into the csf directory.
# tar -xzf csf.tgz
# cd csf
Install CSF using the following command:
# sh install.sh
Now you should check that CSG really works on this server. Go to the "/usr/local/csf/bin/" directory, and run "csftest.pl".
# cd /usr/local/csf/bin/
# perl csftest.pl
If you see the test results as shown below, then CSF is running without problems on your server:
RESULT: csf should function on this server
3.Remove other firewalls
It is important to remove older firewalls or any other firewalls setup to protect the server.So use the following command to detect and remove them if they exist.
# sh /usr/local/csf/bin/remove_apf_bfd.sh
I didn't have it pre-installed , so the output of the command in my system looked like the image below:
Prepare CSF for production Server:
Now Open CSF Configuration file "/etc/csf/csf.conf" with your favourite editor:
# vi /etc/csf/csf.conf
Change line 11 "TESTING " to "0" for applying the firewall configuration.
TESTING = "0"
Don't Block IP addresses that are in the csf.allow files.
By default lfd also will block an IP under csf.allow files, so if you want that an IP in csf.allow files never get blocked by lfd, then please go to the line 310 and change "IGNORE_ALLOW" to "1". This is useful when you have a static IP at home or in office and want to ensure that your IP never gets blocked by the firewall on your internet server.
IGNORE_ALLOW = "1"
4. Send the Su and SSH Login log by Email.
You can set an email address that is used by LFD to send an email about "SSH Login" events and users that run the "su" command, Find the following sysntax and change the value to "1".
LF_SSH_EMAIL_ALERT = "1"
...
LF_SU_EMAIL_ALERT = "1"
...
LF_ALERT_TO = "mymail@mydomain.tld"
Now start CSF and LFD with systemctl command:
# systemctl start csf
# systemctl start lfd
And then enable the csf and lfd services to be started at boot time:
# systemctl enable csf
# systemctl enable lfd
Uninstalling CSF and LFD
If you want to remove CSF completely, then just use the following two commands.
# cd /etc/csf
# sh uninstall.sh

Comments