CSF Installation and Basic Configuration

Posted on September 4th, 2017

In this documentation, we can check how to install CSF and its configuration. CSF is a firewall created to provide additional security to your server.

 

CSF INSTALLATION

1) Install the dependencies of CSF.

yum install wget vim perl-libwww-perl.noarch perl-Time-HiRes

 

2) Go to the directory “/usr/src/”.

root@localhost [~]# cd /usr/src/

root@localhost [/usr/src]#

 

3) Download the CSF.

root@localhost [/usr/src]# wget https://download.configserver.com/csf.tgz

Now you will get the following result.

2015-12-12 09:11:38 (165 KB/s) – “csf.tgz” saved [720304/720304

 

4) Extract the CSF tar file.

root@localhost [/usr/src]# tar -xzf csf.tgz

 

5) Go to csf directory.

root@localhost [/usr/src]# cd csf

root@localhost [/usr/src/csf]#

 

6) Install CSF on the server.

root@localhost [/usr/src/csf]# sh install.sh

Then you will get the installation complete message.

Installation Completed

root@localhost [/usr/src/csf]#

 

7) To test whether the CSF is working on this server, run the following commands.

root@localhost [/usr/src/csf]# cd /usr/local/csf/bin/

root@localhost [/usr/local/csf/bin]# perl csftest.pl

 

You will get the following result.

RESULT: csf should function on this server

 

CSF BASIC CONFIGURATION

1) Open CSF configuration file

vi /etc/csf/csf.conf

 

2) Disable the ‘TESTING’ flag. Testing flag enables a CRON job that clears iptables in case of configuration problems when you start csf.

TESTING=”0”

 

3) Allow TCP and UDP incoming and outgoing ports.

TCP_IN=”20,21,22,25,53,80,110,143,443,465,587,993,995”

TCP_OUT = “20,21,22,25,37,43,53,80,110,113,443,587,873,2086,2087,2089,2703”

UDP_IN 20,21,53

UDP_OUT 20,21,53,113,123,873,6277

 

4) Set the connection Tracking limit. This option allows us to set maximum number of all connections from a single IP addresses to the server. If the total number of connections from the IP address is greater than the set value then the offending IP address is blocked. This also provides protection against denial of service attacks like Dos attacks.

 

CT_LIMIT = “100”

CT_PERMANENT =”1”

CT_INTERVAL = “60”

CT_BLOCK_TIME = “3600”

After make changes to the CSF configuration file, save the changes.

 

5) Restart CSF.

csf -r

 

If you need any further help please reach our support department.

 

 

Leave a Reply