Secure Your Linux VPS Using CSF Firewall

Secure Your Linux VPS Using CSF Firewall



CSF is considered the best and advanced firewall for Linux VPS and dedicated servers, because its free and has more configurable options compared to other firewalls that are available on the market. It is very easy to install and configure so that even the most novice of administrators can configure and use it. I am writing this article to give you an overview of how you can install and configure CSF.

Note: This is already assumed that you are confident with SSH commands and navigation of lines in a file using VI editor. The following instructions only apply to the customers who have a Linux VPS or Dedicated server.

This is not for you if you do not have root-level access to your server. These instructions are for system administrators that have root access.

How to install CSF on Linux VPS server with Cpanel.

1. First disable “SMTP Tweaks” from WHM > Tweak Settings > Mail -> ‘Restrict outgoing SMTP to root, exim, and mailman (SMTP Tweak)’

2. “SMTP_BLOCK” in CSF uses the “ipt_owner” kernel module and that must be loaded for CSF to work.

Please ensure that “ipt_owner module” is loaded.

[email protected][~/]# lsmod | grep “ipt_owner”

After running above command, you should see result like the following. If you see then it means module is installed.

ipt_owner 35009 4

x_tables 50505 14

ipt_recent,ipt_owner,ipt_REDIRECT,iptable_nat,xt_conntrack,ipt_LOG,xt_limit,xt_multiport,ipt_REJECT,xt_state,ip_tables,ip6t_REJECT,xt_tcpudp,ip6_tables
If “ipt_owner” is not loaded, please try to load it using following command.

# modprobe ipt_owner

Now check again. If “ipt_owner” is loaded, please configure following script to load ” ipt_owner” on boot.

vi /etc/rc.modules

Add following in /etc/rc.modules

modprobe ipt_owner

Add executable permission to /etc/rc.modules.

chmod +x /etc/rc.modules

 

CSF setup Instructions:

Run the following command to create csf directory in source directory:

# mkdir /usr/local/src/csf

Change directory to csf:

# cd /usr/local/src/csf

Download the csf setup using this command:

# wget http://www.configserver.com/free/csf.tgz

Un-compress the csf setup

# tar -xzvf csf.tgz

Change directory  to csf:

# cd csf

Run the following command to install csf:

# sh install.cpanel.sh

Download this predefined rules configuration file by Crucial:

# wget http://111.118.173.50/~blogcruc/csf-cpanel.conf

Rename existing csf.conf file:

# mv -iv /etc/csf/csf.conf /etc/csf/csf.conf-old

Copy recently downloaded predefined rules configuration file to CSF configuration directory:

# cp -pv csf-cpanel.conf /etc/csf/csf.conf

Reload all the rules:

# csf -r

Congratulation! Your CSF firewall is up and running!

 

 

How to install CSF on a non CPanel Linux VPS server.

Run the following commands as per notes:

1. Install required perl modules

# yum -y install perl-libwww-perl

For Ubuntu and Debian VPS server:

# apt-get install libwww-perl

 

2. Download & setup CSF:

Make a new directory in /usr/local/src/

# mkdir /usr/local/src/csf-new

Change directory to csf-new:

# cd /usr/local/src/csf-new

Dowload CSF setup:

# wget http://www.configserver.com/free/csf.tgz

Un-compress the setup file:

# tar -xzvf csf.tgz

Change directory:

# cd csf

Install using this command:

# sh install.generic.sh

Download this predefined rules configuration file by Crucial:

# wget http://111.118.173.50/~blogcruc/csf-generic.conf

Rename existing csf.conf file:

# mv -iv /etc/csf/csf.conf /etc/csf/csf.conf-old

Copy recently downloaded predefined rules configuration file to CSF configuration directory:

# cp -pv csf-generic.conf /etc/csf/csf.conf

Now, edit /etc/csf/csf.conf and customize ports as required and reload rules.

# csf -r

Congratulation! Your CSF firewall is up and running on your Linux VPS or Dedicted Server.

 

You can also check the following URLs to know more about CSF:

http://www.configserver.com/free/csf/readme.txt

http://www.configserver.com/free/csf/install.txt

http://forum.configserver.com/

http://www.configserver.com/cp/csf.html


 


Categories