CSF stands for Configserver security and firewall. CSF is a configuration script built to provide better security to servers , at the same time providing a large number of configuration options and features to configure and secure with extra checks to ensure smooth operation. It helps in locking down public access and to restrict what can be accessed like only e-mails or only websites, etc. To add more power to this, it comes with a Login Failure Daemon (LFD) script that runs all the time to scan for failed attempts to login to the server to detect bruteforce-attacks. There are an array of extensive checks that lfd can perform to help alert the server administrator of changes to the server, potential problems and possible compromises.
- Login Tracking
- Process Tracking
- Directory Watching
- Advanced Allow/Deny features
- Block Reporting
- Port Flood Protection
And many more. This post does not cover all the features and thus for more detailed information about each of the features read the “readme.txt” file from the csf folder that we will download.
2 Downloading and Installing
The first step involves removing any previous version of csf that might have been downloaded and then downloading the latest version. To perform these use the following two commands:
rm -fv csf.tgz
Now we extract the tar file in the home directory and move into the csf directory.
tar -xzf csf.tgz
The steps till here are shown in the image below.
Now we are ready to install, but before we can, we will need to have root privileges else we will not be able to install. So, use the following command to gain root privilege and type in the password if asked.
Install CSF using the following command:
Once the installation is over successfully, the output will look similar to the image below.
Once the installation is complete, we can do the verification.To do so, we test if our system has all the required iptables modules. Now when this is run, it might indicate that you might not be able to run all the features but that is alright. This test can be considered as PASS as long as the script doesn’t report any FATAL errors. To test it, use the following command:
My result of running this test is shown in the image below:
3 Remove other firewalls
It is important to remove older firewalls or any other firewalls setup to protect the server. This is because the conflict of Firewalls can lead to failures or inaccessibility. You should also not install any other iptables firewall and if it already exists, then it has to be removed at this stage. Most of the systems is likely to have APF+BFD firewalls and has to be removed. So use the following command to detect and remove them if they exist.
I didn’t have it pre-installed , so the output of the command in my system looked like the image below:
Read my full post on HowToForge here.