How to Install ConfigServer Security & Firewall (CSF) in RHEL,CentOS
In this article we explains How to Install ConfigServer Security & Firewall (CSF) in RHEL,CentOS
CSF is an open source Stateful Packet Inspection (SPI) iptables firewall that is straight-forward, easy and flexible to configure and secure with extra checks to ensure smooth operation.
CSF Provides lots of features, Some of them are,
- Login Tracking
- Script Email Alerts
- Process Tracking
- Directory Watching
- Advanced Allow/Deny Filters
- Multiple Ethernet Devices
- Messenger Service (v1 and v2)
- Block Reporting
- Port Flood Protection
- External Pre- and Post- Scripts
- lfd Clustering
- Port Knocking
- Port/IP address Redirection
- IP Block Lists
Directory structure:
/etc/csf/ - configuration files
/var/lib/csf/ - temporary data files
/usr/local/csf/bin/ - scripts
/usr/local/csf/lib/ - perl modules and static data
/usr/local/csf/tpl/ - email alert templates
Prerequestics
Perl modules are required for install csf firewall.
# yum install perl-libwww-perl
Installation
Step 1: Download CSF Firewall from https://download.configserver.com/csf.tgz
# wget https://download.configserver.com/csf.tgz
Step 2: Extract CSF package
# tar -zxvf csf.tgz
Step 3: Install CSF Package
# chmod +x install.sh
# ./install.sh
Note: The port details above are for information only, csf hasn't been auto-configured.
Don't forget to:
1. Configure the following options in the csf configuration to suite your server: TCP_*, UDP_*, IPV6, TCP6_*, UDP6_*
2. Restart csf and lfd
3. Set TESTING to 0 once you're happy with the firewall, lfd will not run until you do so
csf.conf : The main configuration
csf.allow : The list of allowed IP addresses
csf.deny : The list of denied IP addresses
csf.ignore : The list of ignored IP addresses
Configuration
The default csf configuration file is /etc/csf/csf.conf. You can edit this file as per your requirements. you can disable Testing mode by changing variable TESTING = "1" to TESTING = "0"
Start CSF
# chkconfig csf on
Reload CSF firewall
# csf -r
List default rules
# csf -l
Start the CSF firewall
# csf -s
Stop the CSF firewall
# csf -f
Allow IP Address
If you want to allow an ip address, open /etc/csf/allow.csf and add that ip address
# vim /etc/csf/csf.allow
or
# csf -a 192.168.10.11
Block IP Address
If you want to block an ip address, open /etc/csf/deny.csf and add that ip address
# vim /etc/csf/csf.deny
or
# csf -d 192.168.10.11
Delete IP from csf.allow and csf.deny file through command
If you want to delete IP from csf.allow and csf.deny file, just run the following command:
# csf -ar 192.168.10.11
# csf -dr 192.168.10.11
Uninstall CSF Firewall
To uninstall csf firewall, go to /etc/csf/ directory and run following command
# ./uninstall.sh
For more information, Please refer csf readme
Source : http://www.configserver.com
No comments: