Tuesday , 24 January 2017
Home » Cpanel/WHM » Install and Configure CSF (Config Server Firewall) on CentOS/Cpanel

Install and Configure CSF (Config Server Firewall) on CentOS/Cpanel

CSF : It is the abbreviation of Config Server Security & Firewall. CSF is for configuring or managing your server firewall easily and simply. Here is some useful steps to Install , configure and uninstall csf on server with CentOS.

Installation Process:
SSH to your server and do the following steps as root user.
Step 1: Downloading csf package.

rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz

Step 2: Remove already installed firewall settings
Execute the following command to remove already installed firewall like APF (Advanced Policy Firewall) or BFD (Brute Force Detection) from server.

[root@server #] sh /tmp/csf/remove_apf_bfd.sh 

Step 3: Installation

[root@server #] tar -xzf csf.tgz 
[root@server #] cd csf 
[root@server #] sh install.sh 

You will get an output like below pasted if that was a successful installation.

----------------------------
----------------------------
*WARNING* TESTING mode is enabled - do not forget to disable it in the configuration
`/etc/csf/csfwebmin.tgz' -> `/usr/local/csf/csfwebmin.tgz'

Installation Completed

Then, check whether your server have required IP tables modules by using the following command.

[root@server #] perl /usr/local/csf/bin/csftest.pl 

Step 4: Configure CSF
Once the installation process is completed we need to enable the csf to work it properly. ‘csf -e’[csf -x for disabling csf] command is using to enable csf on server.

[root@server csf]# csf -e
Starting lfd:[  OK  ]
csf and lfd have been enabled
*WARNING* TESTING mode is enabled - do not forget to disable it in the configuration

The ‘csf -e’ output sounds, the csf is configured in testing mode on your server. You need to edit the conf file for enabling it.

[root@server #] vim /etc/csf/csf.conf
Then change the value of 'TESTING' from 1 to 0

Important configuration options
All cofiguration options are located under the directory “/etc/csf” . Some usefull and importent configuration files are listed below.

csf.conf : Configuration file for controlling CSF.
csf.allow : Allowed IP’s and CIDR addresses list on the firewall.
csf.deny : Denied IP’s and CIDR addresses list on the firewall.
csf.ignore : Ignored IP’s and CIDR addresses list on the firewall.
csf.*ignore : The list of various ignore files of users, IP’s.

Uninstallation
Removing csf and lfd is even more simple:

cd /etc/csf
sh uninstall.sh

About admin

I have been working with Linux based systems since 2002. I hope the article published on this site will be useful to those new to server administration.