CSF : Installation and Configuration

Ideal place for discussions related to Linux/Windows server security, Apache, MySQL, MS SQL and PHP, including tutorials and questions.
hr-ethadmin
Site Admin
Posts: 67
Joined: Fri May 31, 2013 1:04 pm

CSF : Installation and Configuration

Postby hr-ethadmin » Sat Jun 01, 2013 2:54 am

CSF: Config Server Firewall Installation. Its very easy to install and user friendly.
The csf installation includes preconfigured configurations and control panel
UI's for cPanel, DirectAdmin and Webmin

Installation
============
Installation is quite straightforward:

rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

=================

Uninstallation
==============
Removing csf and lfd is even more simple:

On cPanel servers:

cd /etc/csf
sh uninstall.sh

====================

1. Login Failure Daemon (lfd): It scans the latest log file entries for login attempts against your server that continually fail
within a short period of time. Such attempts are often called "Brute-force attacks" and the daemon process responds very quickly to such patterns and blocks offending IP's quickly.

2. Control Panel Interface: To help with the ease and flexibility of the suite we have developed a
front-end to both csf and lfd for cPanel, DirectAdmin and Webmin.

3. csf Command Line Options

Helf:csf -h

Option Meaning
-h, --help Show this message
-l, --status List/Show iptables configuration
-l6, --status6 List/Show ip6tables configuration
-s, --start Start firewall rules
-f, --stop Flush/Stop firewall rules (Note: lfd may restart csf)
-r, --restart Restart firewall rules
-q, --startq Quick restart (csf restarted by lfd)
-sf, --startf Force CLI restart regardless of LF_QUICKSTART setting
-a, --add ip Allow an IP and add to /etc/csf.allow
-ar, --addrm ip Remove an IP from /etc/csf.allow and delete rule
-d, --deny ip Deny an IP and add to /etc/csf.deny
-dr, --denyrm ip Unblock an IP and remove from /etc/csf.deny
-df, --denyf Remove and unblock all entries in /etc/csf.deny
-g, --grep ip Search the iptables rules for an IP match (incl. CIDR)
-t, --temp Displays the current list of temp IP entries and their TTL
-tr, --temprm ip Remove an IPs from the temp IP ban and allow list
-td, --tempdeny ip ttl [-p port] [-d direction]

4. Login Tracking

Login tracking is an extension of lfd, it keeps track of POP3 and IMAP logins
and limits them to X connections per hour per account per IP address.

5. Script Email Alerts
lfd can scan for emails being sent through exim from scripts on the server.

6. Process Tracking
This option enables tracking of user and nobody processes and examines them for
suspicious executables or open network ports.

7. Directory Watching
Directory Watching enables lfd to check /tmp and /dev/shm and other pertinent
directories for suspicious files, i.e. script exploits.

8. Advanced Allow/Deny Filters

In /etc/csf.allow and /etc/csf.deny you can add more complex port and ip
filters using the following format (you must specify a port AND an IP address):

9. Block Reporting
lfd can run an external script when it performs and IP address block following
for example a login failure.

10. Port Flood Protection
This option configures iptables to offer protection from DOS attacks against
specific ports. This option limits the number of connections per time interval
that new connections can be made to specific ports.

11. Watching IP Addresses
The CLI option csf --watch [ip] (csf -w [ip]) and configuration option
WATCH_MODE logs TCP connection initiation (SYN) packets from a specified source
as they traverse the iptables chains.

12. Port Knocking
This option configures iptables to offer port knocking to open sensitive ports
based on a sequence of knocked ports for the connecting IP address.

13. Connection Limit Protection
This option configures iptables to offer protection from DOS attacks against
specific ports.

14. IP Block Lists
This feature allows csf/lfd to periodically download lists of IP addresses and
CIDRs from pubished block or black lists. It is controlled by the file:
/etc/csf/csf.blocklists

Return to “System Security”

Who is online

Users browsing this forum: No registered users and 1 guest