CSF (Config Server Firewall) is an SPI (Stateful Packet Inspection) firewall and Login/Intrusion Detection application for Linux servers. It contains the firewall (CSF) and an LFD (Login Failure Daemon) which is flexible and does not require an expert level of knowledge to configure. The LFD runs constantly in the background and scans the latest logs on a periodic basis looking for any login attempts against the server. The LFD can recognize attempted login patterns and block any IP addresses that break its rules. The CSF / LFD has its own GUI interface or there are options to control it through an external CP (Control Panel) such as Virtualmin.
The first thing to do is make sure Centos is up to date with the following command line instructions: -
sudo dnf makecache
This downloads and caches the latest metadata for any enabled repositories. This is only really necessary if the metadata is outdated.
sudo dnf check-update
This will check to see if there are any updates available for the software installed on the server.
sudo dnf update or sudo dnf upgrade
These commands will both download and install any available updates to the server. Either command can be used according to personal preference.
Once the server is updated you can move onto installing CSF.
Enter the following commands in your terminal remembering to hit return after each.
sudo dnf install wget tar
This command will install wget which you will use to download CSF and tar which is necessary to decompress the CSF file you will download.
sudo dnf install @perl
This command will install perl.
sudo dnf install perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch perl-GDGraph perl-Math-BigInt
The final command will install the perl modules you need for the CSF installation.
You can check that perl is successfully installed with the following command.
perl -v
cd /tmp
Switch to the tmp directory
wget https://download.configserver.com/csf.tgz
Use wget to download the cfs.tgz file directly from configserver.com
tar -xzf csf.tgz
Expand the file ready to begin the installation procedure.
cd /csf
Switch into the newly created csf directory.
sh install.sh or ./install.sh
Run the installation script
perl /usr/local/csf/bin/csftest.pl
Once CSF has finished installing you can use this command to test if it is able to correctly run on your system.
As of Centos 7 there has been a built-in firewall, firewalld. This needs to be stopped and prevented from automatically starting on boot or else it will prevent CSF from working. Enter these 2 commands to do this.
systemctl stop firewalld
systemctl disable firewalld
You should now check to see if CSF is running.
sudo systemctl status csf
If CSF is not showing as active, then try using either of the following restart commands and then check again.
/etc/init.d/csf restart [or] csf -r
You should now also check to see if LFD is running.
sudo systemctl status lfd
If LFD is not showing as active, then try using either of the following restart commands and then check again.
/etc/init.d/lfd restart [or] lfd -r
When CSF runs for the first time it is in testing mode. If you are happy with the default settings or at least want to have a basic firewall running while you continue to fine tune, then it is time to fire up your favorite command line editor and make a change in the CSF configuration files.
Switch to the CSF directory and edit the file csf.conf using an editor in your terminal window.
cd /etc/csf
On line 11 change the value of Testing from 1 to 0. Make sure to save the file afterwards.
Testing = "0"
Restart CSF and LFD
/etc/init.d/csf restart [or] csf -r
/etc/init.d/lfd restart [or] lfd -r
Set CSF and LFD to startup at boot time.
systemctl enable csf
systemctl enable lfd
CSF should now be running and protecting your server. We will go into more details about configuring it to suit your requirements in another article. We will also cover using CSF when running a Control Panel such as Webmin/ Virtualmin.