BuycPanel Blog

BuycPanel Blog

Latest news and updates

Installing and Configuring CSF on cPanel

Posted by Jamison on 01 09 2015.

ConfigServe Firewall, more commonly referred to simply as CSF, is a type of firewall configuration script that has been designed to up the security of servers. While it does so, users are able to enjoy an advanced and robust interface for specifically managing firewall settings. Basically, it provides users with means to manage and configure their firewall in a simpler, easier manner.

 

For those who are interested to use CSF but do not have any idea where to start, below are some of the fact about the script as well as a step by step guide on how to install and configure it.

 

About CSF – A Quick Look at this Firewall Configuration Script

 

The basic function of CSF is to configure the firewall of a server as a way to limit the level of access the public has to certain services. Through the use of this script, only a few connections are…

ConfigServe Firewall, more commonly referred to simply as CSF, is a type of firewall configuration script that has been designed to up the security of servers. While it does so, users are able to enjoy an advanced and robust interface for specifically managing firewall settings. Basically, it provides users with means to manage and configure their firewall in a simpler, easier manner.

 

For those who are interested to use CSF but do not have any idea where to start, below are some of the fact about the script as well as a step by step guide on how to install and configure it.

 

About CSF – A Quick Look at this Firewall Configuration Script

 

The basic function of CSF is to configure the firewall of a server as a way to limit the level of access the public has to certain services. Through the use of this script, only a few connections are allowable, include checking on emails, loading of websites, and logging in to FTP clients.

 

The script comes with a useful service known as the Login Failure Daemon (LFD). The key responsibility of the service is to monitor user activity and watch out for excessive login failures, an event that is often associated with brute force attacks. In the event that a the significant number of login failures are coming from a single IP address, LFD is going to immediately block the IP from all services available on the server.

 

These blocks against the IP are temporary and are going to expire automatically. However, they can be manually removed.

 

Aside from blocking IP addresses, this configuration script also allows for the manual whitelisting or blacklisting of IPs in the user’s firewall. Real time monitoring can also be done with the automatic blocks executed by the Login Failure Daemon.

 

Installing CSF

 

Below are the steps to install ConfigServe Firewall.

 

  • Step 1. Download the csf package by executing the following commands:

 

  • rm -fv csf.tgz
  • wget http://www.configserver.com/free/csf.tgz

 

  • Step 2. Get rid of the existing firewall settings, which may be in the form of Brute Force Detection (BFD) or Advanced Policy Firewall (APF). To do this, just run this command:

 

  • [root@server #] sh /tmp/csf/remove_apf_bfd.sh

 

  • Step 3. Install the newly downloaded csf package. Executing the following commands is going to do the trick:

 

  • [root@server #] tar -xzf csf.tgz
  • [root@server #] cd csf
  • [root@server #] sh install.sh

 

Important Note: If the CSF has been installed properly, this message is going to come up:

 

‘*WARNING* TESTING mode is enabled – do not forget to disable it in the configuration `/etc/csf/csfwebmin.tgz’ -> `/usr/local/csf/csfwebmin.tgz’

 

Installation Completed

 

  • Step 4. Check if the server is already equipped with the necessary IP tables modules. This can be done by using this command:

 

  • [root@server #] perl /usr/local/csf/bin/csftest.pl

 

  • Step 5. Check if CSF is working properly. This command is going to enable the configuration script on the server:

 

  • csf -e’[csf -x for disabling csf]

 

  • Step 6. Set the correct CSF configurations. Run this command to do so:

 

  • [root@server csf]# csf -e
  • Starting lfd:[ OK  ]
  • csf and lfd have been enabled

 

Important Note: If CSF has been configured properly, the message below is going to come up.

 

‘*WARNING* TESTING mode is enabled – do not forget to disable it in the configuration’

 

Configuratiton Options Available

 

There are a number of configuration options offered by the ConfigServer Firewall. All of these can be found within the ‘/etc/csf’ directory. Some of the most important and useful options include the following:

 

  • conf. Use to configure files for controlling the script.
  • allow. Use to check the list of allowed IP addresses and CIDR addresses.
  • deny. Use to check the list of denied IP addresses and and CIDR addresses.
  • ignore. Use to check the list of ignored IP addresses and CIDR addresses.

 

All in all, CSF is a script that users are going to find useful, especially if they want to protect their servers from the significant damage that can be caused by brute force attacks.