CSF firewall and steps to install the same
The CSF (ConfigServer) firewall is a Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers.
The CSF comes with the LFD (Login Failure Daemon), which would detect any malicious login attempts to the server, via
* courier imap and pop3
* non-ssl cpanel / whm / webmail
* password protected web pages (htpasswd)
* mod_security failures
This is an additional feature to the packet filtering. With the Firewall installed, the need for manual intervention is reduced. In case of brute force attempts, multiple failed login attempts, high server load, etc the LFD will send notification emails. These email notifications are being generated to keep you informed about system health and possible signs of brute force, (d)DoS attack or unauthorized processes running. While most of the actions will be done automatically by CSF/LFD it still would be a good idea to check these emails for cases where, say, unauthorized logins are happening or things like unauthorized processes running on the system.
Steps to install the CSF firewall are as follows:
First of all, get the latest version of CSF from http://www.configserver.com/cp/csf.html (http://www.configserver.com/free/csf.tgz).
Run as root;
– cd /usr/local/src
– wget http://www.configserver.com/free/csf.tgz
– gunzip csf.tgz
– tar xf csf.tar
– cd csf
Once in the CSF installation directory where you will find 3 installation scripts. One is for generic use (non-control panel or plesk based servers), the other 2 are pre-configured for use in either DirectAdmin or cPanel based servers. Make your choice and run one of the following commands;
The CSF Firewall will be installed to /etc/csf and your allowed inbound/outbound port configuration has been adjusted to your current settings. Open your configuration file in /etc/csf/csf.conf to make further adjustments and restart the firewall after for changes to take effect (/etc/init.d/csf restart).
once the installation is completed, you are ready to take the firewall into productive mode, open your csf.conf again and change the value of TESTING=”1″ to 0. Once this is done, restart the firewall using the command “/etc/init.d/csf restart” or “csf -r”.