Whenever I setup a Linux VPS, the first thing I do is install a firewall. I have noticed an increase in attacks on my servers, especially from China. I use
Config Server Firewall (CFG) and Login Failure deamon (LFD) because they are easy to set up and provide additional features like suspicious file reporting and system monitoring.
Installation of Config Server Firewall
Before your proceed, be sure to remove any firewall software already installed.
[leo@linux-vps ~]# wget http://configserver.com/free/csf.tgz
[leo@linux-vps ~]# tar -xzf csf.tgz
[leo@linux-vps ~]# cd csf
[leo@linux-vps ~]# sudo sh install.sh
The script is written in perl,so you will need to check for the required perl modules.
You will get some features are not installed but that's ok as long as you do not get any fatal errors.
Modify the configuration to include only ports used by your applications
[leo@linux-vps ~]# sudo vim /etc/csf/csf.conf
# Allow incoming TCP ports
TCP_IN = "22,80"
# Allow outgoing TCP ports
TCP_OUT = "25"
#add your email for alerts
LF_ALERT_TO = "firstname.lastname@example.org"
#Remove from testing mode
TESTING = "0"
Common services and their port numbers
[leo@linux-vps ~]sudo csf -s
As long as there are no fatal config errors you can ignore the below warning.
WARNING* RESTRICT_SYSLOG is disabled. See SECURITY WARNING in /etc/csf/csf.conf
CSF config files through which you can allow and deny IP addresses
csf.allow - a list of IP's and CIDR addresses that should always be allowed
through the firewall
csf.deny - a list of IP's and CIDR addresses that should never be allowed
through the firewall
csf.ignore - a list of IP's and CIDR addresses that lfd should ignore and not
not block if detected
The difference between "csf.allow" and "csf.ignore" is that "csf.allow" rules overwrite "csf.deny".
You may want to whitelist your IP address by adding it to "/etc/csf/csf.allow"
You can also whitelist processes and users by modifying "/etc/csf/csf.pignore" as follows
You need to restart CSF for the changes to reflect
[leo@linux-vps ~]sudo csf -r
CSF commands to start, stop and disable csf
Show this message
List/Show the IPv4 iptables configuration
List/Show the IPv6 ip6tables configuration
Start the firewall rules
Flush/Stop firewall rules (Note: lfd may restart csf)
Restart firewall rules
Uninstalling CSF is simple as well.
Update : For list of Linux System administration and Programming tutorials and cheatsheets you can download the DevopsWiki
I recommend you also Monitor your Server with Monit and Install a VPN server to secure your web traffic.