In this documentation, we can check how to install CSF and its configuration. CSF is a firewall created to provide additional security to your server.
1) Install the dependencies of CSF.
yum install wget vim perl-libwww-perl.noarch perl-Time-HiRes
2) Go to the directory “/usr/src/”.
root@localhost [~]# cd /usr/src/
3) Download the CSF.
root@localhost [/usr/src]# wget https://download.configserver.com/csf.tgz
Now you will get the following result.
2015-12-12 09:11:38 (165 KB/s) – “csf.tgz” saved [720304/720304
4) Extract the CSF tar file.
root@localhost [/usr/src]# tar -xzf csf.tgz
5) Go to csf directory.
root@localhost [/usr/src]# cd csf
6) Install CSF on the server.
root@localhost [/usr/src/csf]# sh install.sh
Then you will get the installation complete message.
7) To test whether the CSF is working on this server, run the following commands.
root@localhost [/usr/src/csf]# cd /usr/local/csf/bin/
root@localhost [/usr/local/csf/bin]# perl csftest.pl
You will get the following result.
RESULT: csf should function on this server
CSF BASIC CONFIGURATION
1) Open CSF configuration file
2) Disable the ‘TESTING’ flag. Testing flag enables a CRON job that clears iptables in case of configuration problems when you start csf.
3) Allow TCP and UDP incoming and outgoing ports.
TCP_OUT = “20,21,22,25,37,43,53,80,110,113,443,587,873,2086,2087,2089,2703”
4) Set the connection Tracking limit. This option allows us to set maximum number of all connections from a single IP addresses to the server. If the total number of connections from the IP address is greater than the set value then the offending IP address is blocked. This also provides protection against denial of service attacks like Dos attacks.
CT_LIMIT = “100”
CT_INTERVAL = “60”
CT_BLOCK_TIME = “3600”
After make changes to the CSF configuration file, save the changes.
5) Restart CSF.
If you need any further help please reach our support department.
You can skip to the end and leave a response. Pinging is currently not allowed.