How to configure and Install Config Server Firewall & Login failure Daemon

How to configure and Install Config Server Firewall & Login failure Daemon

Whenever I setup a Linux VPS, the first thing I do is install a firewall. I have noticed an increase in attacks on my servers, especially from China. I use
Config Server Firewall (CFG) and Login Failure deamon (LFD) because they are easy to set up and provide additional features like suspicious file reporting and system monitoring.

Installation of Config Server Firewall

Before your proceed, be sure to remove any firewall software already installed.

[leo@linux-vps ~]# wget http://configserver.com/free/csf.tgz
[leo@linux-vps ~]# tar -xzf csf.tgz
[leo@linux-vps ~]# cd csf
[leo@linux-vps ~]# sudo sh install.sh

The script is written in perl,so you will need to check for the required perl modules.

perl /usr/local/csf/bin/csftest.pl

You will get some features are not installed but that’s ok as long as you do not get any fatal errors.

Configure CSF
Modify the configuration to include only ports used by your applications


[leo@linux-vps ~]# sudo vim /etc/csf/csf.conf

# Allow incoming TCP ports
TCP_IN = "22,80"

# Allow outgoing TCP ports
TCP_OUT = "25"

#add your email for alerts
LF_ALERT_TO = "youremail@domain.com"

#Remove from testing mode
TESTING = "0"

Common services and their port numbers

22: ssh
25: postfix
80: http

Start CSF

[leo@linux-vps ~]sudo csf -s

As long as there are no fatal config errors you can ignore the below warning.

WARNING* RESTRICT_SYSLOG is disabled. See SECURITY WARNING in /etc/csf/csf.conf

CSF config files through which you can allow and deny IP addresses

csf.allow       - a list of IP's and CIDR addresses that should always be allowed
                  through the firewall
csf.deny        - a list of IP's and CIDR addresses that should never be allowed
                  through the firewall
csf.ignore      - a list of IP's and CIDR addresses that lfd should ignore and not
                  not block if detected

The difference between “csf.allow” and “csf.ignore” is that “csf.allow” rules overwrite “csf.deny”.

You may want to whitelist your IP address by adding it to “/etc/csf/csf.allow”

You can also whitelist processes and users by modifying “/etc/csf/csf.pignore” as follows

exe:/usr/sbin/nginx
user:leo

You need to restart CSF for the changes to reflect

[leo@linux-vps ~]sudo csf -r

CSF commands to start, stop and disable csf


h,  --help
              Show this message

       -l,  --status
              List/Show the IPv4 iptables configuration

       -l6, --status6
              List/Show the IPv6 ip6tables configuration

       -s,  --start
              Start the firewall rules

       -f,  --stop
              Flush/Stop firewall rules (Note: lfd may restart csf)

       -r,  --restart
              Restart firewall rules
        -x,  disable
  
         -e, enable

Uninstalling CSF is simple as well.

sh /etc/csf/uninstall.sh

You may also like to read about monit monitoring
source http://configserver.com/free/csf/readme.txt

Follow me

Leo G

Is a Linux Enthusiast and Hobbyist, he has over 8 years experience in Technical Project Management, Support and Operations.He shares his experiences and loves opensource software
Follow me

Similar Posts
How to install an Opensource VPN  Server on Linux
How to install an Opensource VPN Server on Linux
Whenever I setup a Linux VPS, the first thing I do is install a firewall. I have noticed an increase...
How to configure and secure your Postfix email server
How to configure and secure your Postfix email server
Whenever I setup a Linux VPS, the first thing I do is install a firewall. I have noticed an increase...
How to confiigure fail2ban to block Brute Force IP’s by scanning postfix logs
Whenever I setup a Linux VPS, the first thing I do is install a firewall. I have noticed an increase...

9 Comments

Leave a Reply


Name (required)

Email (required)

Website

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>