About
http://configserver.com/cp/csf.html
CSF firewall commonly known as Configserver Security and Firewall has become one of the popular firewall not just because of its easy of use it also provides a cpanel interface and can be easily installed and tuned by any novice users. If you are running cpanel without firewall then CSF firewall is very much recommended, considering the security aspects of your server.
You can visit the CSF firewall website for more information. You can also download necessary files there.
Important Features
WHM Interface for CPanel
Firewall Running Status
Easy to Install and Administer
Brute Force Attack Prevention
One Click Server Security Checks
Port scan prevention and blocking
Intrusion detection system
Easy Installation and Configuration
IP Blocking and more…
The CSF comes with the LFD, which would detect any malicious login attempts to the server, via
- courier imap and pop3
- ssh
- non-ssl cpanel / whm / webmail
- pure-pftd
- password protected web pages (htpasswd)
- mod_security failures
- Port Scan
This is an additional feature to the packet filtering. With the Firewall installed, the need for manual intervention is reduced.
Let us prepare a linux based server running with cpanel. Note that CSF firewall requires to remove any currently running IP based firewall (APF or other IP tables firewall). It comes with all necessary scripts that will remove APF or IP tables firewall.
Installation
1. Download the package to the server.
cd /usr/local/src wget http://www.configserver.com/free/csf.tgz
2. Extract it.
tar -zxf csf.tar.gz cd csf
3. Run the Install script.
sh install.sh
Or for cPanel Servers :
sh install.cpanel.sh
Or for DirectAdmin Servers :
sh install.directadmin.sh
That’s it! wait until the script ends!
4. Remove APF or IPTables Firewall
If you have any existing IP tables firewall remove them using uninstall scripts located at /etc/csf. In this case i was running APF firewall and BFD in my server so i have to remove it.
sh /etc/csf/remove_apf_bfd.sh
5. Start the Firewall in Testing Mode
Start the firewall with the following command.
csf -s // start the firewall csf -r // restart the firewall csf -f // flush the rules or stop the firewall.
If you are running a VPS plan, then you might get the error like this
"iptables LKM ip_tables missing so this firewall cannot function unless you enable MONOLITHIC_KERNEL in /etc/csf/csf.conf Error: aborted, at line 156"
To fix:
Open the /etc/csf/csf.conf and look for a line MONOLITHIC_KERNEL = "0" and change to MONOLITHIC_KERNEL = "1"
That’s all! Now restart the firewall.
6. Specify which ports you want to allow.
The default ports will be enabled/opened when you install using the above mentioned scripts. If you are using any custom ports, you may need to open in it in the CSF.
It is very important to check the firewall on which ports to open and close all remaining port numbers. Open the /etc/csf/csf.conf and edit the following line with port numbers
# Allow incoming TCP ports TCP_IN = "20,21,22,25,53,80,110,143,443,465,953,993,995,2077,2078,2082,2083,2087" # Allow outgoing TCP ports TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,953,2087,2089,2703" # Allow incoming UDP ports UDP_IN = "20,21,53,953" # Allow outgoing UDP ports # To allow outgoing traceroute add 33434:33523 to this list UDP_OUT = "20,21,53,113,123,873,953,6277" 21 => FTP 22 => SSH 23 => Telnet 25 => SMTP Mail Transfer 43 => WHOIS service 53 => name server (DNS) 80 => HTTP (Web server) 110 => POP protocol (for email) 443 => HTTP Secure (SSL for https:// ) 995 => POP over SSL/TLS 9999 => Urchin 3306 = > MysQL Server 2082 => CPANEL Default 2083 => CPANEL - Secure/SSL 2086 => CPANEL WHM 2087 => CPANEL WHM - Secure/SSL 2095 => cpanel webmail 2096 => cpanel webmail - secure/SSL Plesk Control Panel => 8443 DirectAdmin Control Panel => 2222 Webmin Control Panel => 10000
For more information about commonly used port numbers refer to this article : Commonly Used Port Numbers
7. Disable the Testing Mode and Start the Firewall
Remember by default the firewall is running in testing mode. You might want to disable the firewall running in testing mode.
vi /etc/csf/csf.conf
Look for the first line and set testing mode to “0”
TESTING = "0"
You may also set the following:
CT_LIMIT = "100" LF_ALERT_TO =(email id of the customer) SYNFLOOD =1
Now restart the firewall!
csf -r
In Cpanel:
If you have successfully installed the CSF firewall, then you will find this CSF Security & Firewall option within cpanel WHM at the bottom of the menu. Just click on the link and you can also edit the firewall settings inside Cpanel, which is very easy to do.
Configuration Files
/etc/csf/csf.conf CSF Firewall configuration file /etc/csf/csf.allow => Config file to allow IPs /etc/csf/csf.deny => Config file to deny IPs /etc/csf/ => Alert files with TXT extension are stored within this directory
Final Steps
1. Check the status of firewall inside cpanel
2. Harden the firewall security by performing the system security check. To do this go to Cpanel WHM > CSF Firewall & Security > Check System Security. There it will list WARNINGS based on your server.
Uninstall CSF
Just run the uninstall script located at the installation directory.
sh /etc/csf/uninstall.sh