How to install and configure CSF (Config Server Firewall) on Ubuntu 20.04 LTS

2021-03-24 By Ryan 82 Views linux csf firewall security
0 reviews

Config Server Firewall (CSF) is a popular security tool for Linux comes with multiple features such as stateful packet inspection firewall (SPI), intrusion detection, a login failure daemon, DDOS protection, and control panel integration.


This guide will describe the installation, basic configuration, and important commands for CSF on Ubuntu 20.04 LTS server. Please take SSH access to the Ubuntu server as root or a sudo user for running the steps.


Prepare the Ubuntu server for the CSF Installation


  1. Run the below command to remove the UFW Firewall which is installed on the Ubuntu 20.04 by default.

    # apt remove ufw
    

    csf1

  2. Install the CSF dependencies and Sendmail to send alerts to the administrator.

    # apt install perl zip unzip libwww-perl liblwp-protocol-https-perl
    

    csf2

    # apt install sendmail-bin
    

    csf3


Initiate the CSF Installation


  1. Change the directory on the cloud server to /usr/src and download the CSF distribution, then extract CSF.

    # cd /usr/src  
    
    # wget https://download.configserver.com/csf.tgz 
    
    # tar -xzf csf.tgz
    

    csf4

  2. Change to /usr/src/csf and install the script.

    # cd csf
    
    # sh install.sh
    

    csf5

  3. Run the below command to verify the required iptables modules for CSF are available. You may confirm that all tests report OK and the result will be the same as in the image below.

    # perl /usr/local/csf/bin/csftest.pl
    

    csf6

  4. Verify the CSF status with the below command once installation completed.

    # csf -v
    

    csf7


Start CSF Configuration


  1. First edit the /etc/csf/csf.conf to disable TESTING mode. By default, CSF runs in TESTING mode.

    # vi /etc/csf/csf.conf
    


    Locate the line TESTING = 1 and change the value to 0 as in the below image.

    csf8

  2. Locate the line RESTRICT_SYSLOG = "0", and change the value to 3 to set the access of syslog/rsyslog files for only the members of the RESTRICT_SYSLOG_GROUP.

    csf9

  3. Save the configuration file and then stop and reload CSF with the below command.

    # csf -ra
    

    csf10


Important CSF Commands & Configuration


  1. Start CSF tool.

    # csf -s
    

    csf11

  2. Stop/Flush CSF tool.

    # csf -f
    

    csf12

  3. Restart CSF tools.

    # csf -ra
    

    csf13

  4. Edit /etc/csf/csf.conf to allow IP traffic by port.

    # vi /etc/csf/csf.conf
    


    Locate the lines shown in the below image and add the required ports.

    csf14


    Restart CSF for the changes to take effect.

    # csf -ra
    

    csf15

  5. Deny by IP address.

    # csf -d 123.123.123.123
    

    csf16

  6. Allow by IP address.

    # csf -a 123.123.123.123
    

    csf17

  7. Remove IP from the allow list.

    # csf -ar 123.123.123.123
    

    csf18

  8. Remove IP from the deny list.

    # csf -dr 123.123.123.123
    

    csf19

  9. Block IP addresses by adding an entry to /etc/csf/csf.deny.

    csf20

  10. Add trusted IP addresses to /etc/csf/csf.allow.

    csf21

  11. Check ALL listening ports.

    # csf -p
    

    csf22

What do you think about this article?

Rate this article