Install & Configure CSF (Config Server Firewall) on CentOS/RHEL 6x
-- Config Server Firewall (or CSF) is a free and advanced firewall for most Linux distributions and Linux based VPS. In Addition to the Basic Functionality of a Firewall – Filtering Packets. CSF includes other security features, such as Login/Intrusion/Flood Detections.
Step: 1. Stop Firewall :
# service iptables stop
# chkconfig iptables off
Step: 2. Disable Selinux :
# vi /etc/sysconfig/selinux
SELINUX=disabled
-- Save & Quit (:wq)
Step: 3. Reboot the Server :
# init 6
Step: 4. Installation of CFS Dependencies :
# yum -y install wget vim perl perl-libwww-perl.noarch perl-Time-HiRes
Step: 5. Download & Extract CSF Package :
# cd /usr/src/
# wget https://download.configserver.com/csf.tgz
# tar -xzf csf.tgz
Step: 6. Install CFS :
# cd csf
# sh install.sh
Step: 7. Now You should Check that CSG really Works on this Server :
# cd /usr/local/csf/bin/
# perl csftest.pl
[OUTPUT]
RESULT: csf should function on this server.
Step: 8. Configure CSF :
# vi /etc/csf/csf.conf
-- Line No. 11 :
TESTING = "0"
Note: By default CSF Allows Incoming & Outgoing Traffic for the SSH Standard Port 22, if you use a Different SSH Port then please Add your port to the Configuration in line 139 "TCP_IN".
-- Line No. 69 :
RESTRICT_SYSLOG = "3"
-- Save & Quit (:wq)
Step: 9. Start CSF & LFD Service :
# service csf restart
# chkconfig csf on
# service lfd restart
# chkconfig lfd on
Step: 10. To View the list of Default Rules of CSF :
# csf -l
Or
# csf --status
Step: 11. Basic CSF Commands :
-- Start the Firewall (Enable the Firewall Rules) :
# csf -s
Or
# csf --start
-- Flush/Stop the Firewall Rules :
# csf -f
Or
# csf --stop
-- Reload the Firewall Rules :
# csf -f
-- Restart the Firewall Rules :
# csf -r
Or
# csf --restart
-- Allow an IP & Add it to csf.allow :
# csf -a 10.100.97.37
Or
# csf --add 10.100.97.37
-- Remove/Delete an IP from csf.allow :
# csf -ar 10.100.97.37
Or
# csf --addrm 10.100.97.37
-- Deny an IP & Add to csf.deny :
# csf -d 10.100.97.37
Or
# csf --deny 10.100.97.37
-- Remove/Delete an IP from csf.deny :
# csf -dr 10.100.97.37
Or
# csf --denyrm 10.100.97.37
-- Remove & Unblock all Entries from csf.deny :
# csf -df
Or
# csf --denyf
-- Search for a Pattern Match on iptables e.g : IP, CIDR, Port Number :
# csf -g 10.100.97.37
Or
# csf --grep 10.100.97.37
-- Disable CSF & LFD Completely :
# csf -x
Or
# csf --disable
-- Displays the Current List of Temporary Allow & Deny IP Entries with their TTL & Comment :
# csf -t
Or
# csf --temp
-- Add an IP to the Temp IP Allow List :
# csf -ta 10.100.97.37 ttl -p 22 -d 0.0.0.0 Allow All For Port No 22
Or
# csf --tempallow 10.100.97.37 ttl [-p port] [-d direction] [comment]
-- Add an IP to the Temp IP Ban List :
# csf -td 10.100.97.37 ttl -p 22 -d 0.0.0.0 Ban All For Port No 22
Or
# csf --tempdeny 10.100.97.37 ttl [-p port] [-d direction] [comment]
-- Remove an IP From the Temporary IP Ban or Allow List :
# csf -tr 10.100.97.37
Or
# csf --temprm 10.100.97.37
-- Flush all IPs from the Temporary IP Entries :
# csf -tf
Or
# csf --tempf
Step: 12. Advanced CSF Configuration :
# vi /etc/csf/csf.conf
-- Don't Block IP addresses that are in the csf.allow files :
IGNORE_ALLOW = "1"
-- Allow Incoming & Outgoing ICMP. Line No 152 for Incoming & Line 159 for Outgoing :
ICMP_IN = "1"
ICMP_OUT = "1"
-- Block Certain Countries. Go To Line 836 & Add the Country Codes :
CC_DENY = "CN,UK,US"
CC_ALLOW = "ID,IN,DE"
-- Send the Su & SSH Login Logs by Email. Go to the Line No. 1069 :
LF_SSH_EMAIL_ALERT = "1"
LF_SU_EMAIL_ALERT = "1"
-- And then Define the Email Address at Line No. 588 :
LF_ALERT_TO = "koushik@domain.com"
-- Save & Quit (:wq)
Step: 13. Restart CSF & LFD Service :
# service csf restart
# service lfd restart
IMPORTANT NOTES:
=================
-- The Ports Opened by Default are the Following :
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"
TCP_OUT = "20,21,22,25,53,80,110,113,443"
UDP_IN = "20,21,53"
UDP_OUT = "20,21,53,113,123"
-- Services using the Open Ports :
Port 20: FTP data transfer
Port 21: FTP control
Port 22: Secure shell (SSH)
Port 25: Simple mail transfer protocol (SMTP)
Port 53: Domain name system (DNS)
Port 80: Hypertext transfer protocol (HTTP)
Port 110: Post office protocol v3 (POP3)
Port 113: Authentication service/identification protocol
Port 123: Network time protocol (NTP)
Port 143: Internet message access protocol (IMAP)
Port 443: Hypertext transfer protocol over SSL/TLS (HTTPS)
Port 465: URL Rendesvous Directory for SSM (Cisco)
Port 587: E-mail message submission (SMTP)
Port 993: Internet message access protocol over SSL (IMAPS)
Port 995: Post office protocol 3 over TLS/SSL (POP3S)
-- Below are Port sets that should be opened if you are Running the Listed Service :
On any Server:
TCP_IN: 22,53
TCP_OUT: 22,53,80,113,443
UPD_IN: 53
UPD_OUT: 53,113,123
Apache:
TCP_IN: 80,443
FTP Server:
TCP_IN: 20,21
TCP_OUT: 20,21
UPD_IN: 20,21
UPD_OUT:20,21
Mail Server:
TCP_IN: 25,110,143,587,993,995
TCP_OUT: 25,110
MySQL Server (if remote access is required):
TCP_IN: 3306
TCP_OUT: 3306
Thanks For Visiting on My Blog, For More Tutorials Keep Visiting My Blog