Breaking

How to Install ConfigServer Security & Firewall (CSF) in RHEL,CentOS




In this article we explains How to Install ConfigServer Security & Firewall (CSF) in RHEL,CentOS 


CSF is an open source Stateful Packet Inspection (SPI) iptables firewall that is straight-forward, easy and flexible to configure and secure with extra checks to ensure smooth operation.


CSF Provides lots of features, Some of them are,
  • Login Tracking
  • Script Email Alerts
  • Process Tracking
  • Directory Watching
  • Advanced Allow/Deny Filters
  • Multiple Ethernet Devices
  • Messenger Service (v1 and v2)
  • Block Reporting
  • Port Flood Protection
  • External Pre- and Post- Scripts
  • lfd Clustering
  • Port Knocking
  • Port/IP address Redirection
  • IP Block Lists

Directory structure:


/etc/csf/                - configuration files
/var/lib/csf/          - temporary data files
/usr/local/csf/bin/ - scripts
/usr/local/csf/lib/  - perl modules and static data
/usr/local/csf/tpl/  - email alert templates


Prerequestics


Perl modules are required for install csf firewall.


                # yum install perl-libwww-perl



Installation


Step 1: Download CSF Firewall from https://download.configserver.com/csf.tgz


            #  wget https://download.configserver.com/csf.tgz




Step 2: Extract CSF package

           # tar -zxvf csf.tgz




Step 3: Install CSF Package

           # chmod +x install.sh

           # ./install.sh





Note:
The port details above are for information only, csf hasn't been auto-configured.

Don't forget to:

1. Configure the following options in the csf configuration to suite your server: TCP_*, UDP_*, IPV6, TCP6_*, UDP6_*
2. Restart csf and lfd
3. Set TESTING to 0 once you're happy with the firewall, lfd will not run until you do so

csf.conf : The main configuration
csf.allow : The list of allowed IP addresses
csf.deny : The list of denied IP addresses
csf.ignore : The list of ignored IP addresses

Configuration


The default csf configuration file is /etc/csf/csf.conf. You can edit this file as per your requirements. you can disable Testing mode by changing variable TESTING = "1" to TESTING = "0"





Start CSF


            # service csf start

            # chkconfig csf on


Reload CSF firewall


           # csf -r




List default rules


         # csf -l




Start the CSF firewall


          # csf -s


Stop the CSF firewall


         # csf -f


Allow IP Address


If you want to allow an ip address, open /etc/csf/allow.csf and add that ip address

           # vim /etc/csf/csf.allow




or

         # csf -a 192.168.10.11


Block IP Address


If you want to block an ip address, open /etc/csf/deny.csf and add that ip address


            # vim /etc/csf/csf.deny





or

           # csf -d 192.168.10.11


Delete IP from csf.allow and csf.deny file through command


If you want to delete IP from csf.allow and csf.deny file, just run the following command:

                  # csf -ar 192.168.10.11

                  # csf -dr 192.168.10.11





Uninstall CSF Firewall


To uninstall csf firewall, go to /etc/csf/ directory and run following command

# ./uninstall.sh





For more information, Please refer csf readme


Source : http://www.configserver.com


No comments:

Powered by Blogger.