ConfigServer Security & Firewall (CSF): Introduction, Installation, and Security Best Practices

ConfigServer Security & Firewall (CSF) is a free, advanced firewall for Linux, and also an intrusion detection system (IDS). CSF provides strong security capabilities for servers, helping administrators easily manage and monitor network traffic. It is developed by ConfigServer and is compatible with various web control panels such as cPanel, DirectAdmin, and Webmin.

How to Install

Requirements

• A Linux server.
• Root access.
• wget, perl, and other basic utilities pre-installed.

Installation Steps

Download and Extract:

Bashwget https://download.configserver.com/csf.tgz tar -xzf csf.tgz cd csf

Install:Bashsh install.sh

Check for Necessary Modules:

Bashperl /usr/local/csf/bin/csftest.pl If there are any errors, install the corresponding dependencies.

Switch to Production Mode: Open the configuration file /etc/csf/csf.conf and change TESTING = "1" to TESTING = "0".

Restart the Service:

Bashcsf -r

Remove Installation Files:

Bashcd .. rm -rf csf/ csf.tgz

Basic Usage Guide

Basic Commands

Add an IP address to the whitelist:

Bashcsf -a 192.168.1.1 This command adds the IP address 192.168.1.1 to the /etc/csf/csf.allow file.

Block an IP address (blacklist):

Bashcsf -d 192.168.1.2 This command adds the IP address 192.168.1.2 to the /etc/csf/csf.deny file.

Unblock an IP address:

Bashcsf -dr 192.168.1.2

Open a Port: To open a port, you need to edit the main configuration file /etc/csf/csf.conf. For example:

Bash# Add ports 80, 443 (HTTP/HTTPS) and 22 (SSH) to the allowed list TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"

Limit SSH Logins: CSF can limit the number of failed SSH login attempts. By default, CSF will block an IP after 5 consecutive failed login attempts within 1 hour. You can change these parameters in the csf.conf file with the following lines:

Bash# Enable the feature LF_SSHD = "1" # Number of failed attempts allowed LF_SSHD_PERM = "5" # Time interval (in seconds) LF_SSHD_INTERVAL = "3600"

Advantages

• Easy to Use: Intuitive command-line interface (CLI) that integrates well with many web control panels.
• Strong Security Capabilities: Supports many advanced security features such as DDoS protection, country-based IP filtering, and detection and prevention of brute-force attacks on SSH, FTP, SMTP, and other services.
• Free and Regularly Updated: As open-source software, CSF is maintained by the community and continuously updated to counter new threats.
• High Compatibility: Compatible with most Linux distributions and popular control panels.

Important Considerations

• Careful Configuration: Incorrect configuration can result in you being locked out of your own server. Always back up your configuration files before making changes.
• TEST Mode: After installation, CSF is in test mode (TESTING = "1") to ensure services are not blocked. Double-check everything before switching to production mode (TESTING = "0").
• Be Cautious with LFD (Login Failure Daemon): LFD is a part of CSF that automatically blocks IPs upon detecting login failures. If not configured correctly, it could block your own IP.

Who Should Use It and Why It’s Popular

• Server Administrators (sysadmins): Whether for individuals or businesses, CSF is an essential tool to protect Linux servers from network attacks.
• Hosting Companies: CSF is commonly used by hosting providers to protect hundreds, if not thousands, of client servers on a single system.

CSF is popular because it is a comprehensive, easy-to-deploy, and cost-effective solution for strengthening Linux server security. It provides a solid layer of protection against common threats, allowing administrators to focus on other tasks.