Secure Your Linux VPS Using CSF Firewall
CSF is considered the best and advanced firewall for Linux VPS and dedicated servers, because its free and has more configurable options compared to other firewalls that are available on the market. It is very easy to install and configure so that even the most novice of administrators can configure and use it. I am writing this article to give you an overview of how you can install and configure CSF.
Note: This is already assumed that you are confident with SSH commands and navigation of lines in a file using VI editor. The following instructions only apply to the customers who have a Linux VPS or Dedicated server.
This is not for you if you do not have root-level access to your server. These instructions are for system administrators that have root access.
How to install CSF on Linux VPS server with Cpanel.
1. First disable “SMTP Tweaks” from WHM > Tweak Settings > Mail -> ‘Restrict outgoing SMTP to root, exim, and mailman (SMTP Tweak)’
2. “SMTP_BLOCK” in CSF uses the “ipt_owner” kernel module and that must be loaded for CSF to work.
Please ensure that “ipt_owner module” is loaded.
root@[~/]# lsmod | grep “ipt_owner”
After running above command, you should see result like the following. If you see then it means module is installed.
ipt_owner 35009 4
x_tables 50505 14
ipt_recent,ipt_owner,ipt_REDIRECT,iptable_nat,xt_conntrack,ipt_LOG,xt_limit,xt_multiport,ipt_REJECT,xt_state,ip_tables,ip6t_REJECT,xt_tcpudp,ip6_tables
If “ipt_owner” is not loaded, please try to load it using following command.
# modprobe ipt_owner
Now check again. If “ipt_owner” is loaded, please configure following script to load ” ipt_owner” on boot.
vi /etc/rc.modules
Add following in /etc/rc.modules
modprobe ipt_owner
Add executable permission to /etc/rc.modules.
chmod +x /etc/rc.modules
CSF setup Instructions:
Run the following command to create csf directory in source directory:
# mkdir /usr/local/src/csf
Change directory to csf:
# cd /usr/local/src/csf
Download the csf setup using this command:
# wget http://www.configserver.com/free/csf.tgz
Un-compress the csf setup
# tar -xzvf csf.tgz
Change directory to csf:
# cd csf
Run the following command to install csf:
# sh install.cpanel.sh
Download this predefined rules configuration file by Crucial:
# wget http://111.118.173.50/~blogcruc/csf-cpanel.conf
Rename existing csf.conf file:
# mv -iv /etc/csf/csf.conf /etc/csf/csf.conf-old
Copy recently downloaded predefined rules configuration file to CSF configuration directory:
# cp -pv csf-cpanel.conf /etc/csf/csf.conf
Reload all the rules:
# csf -r
Congratulation! Your CSF firewall is up and running!
How to install CSF on a non CPanel Linux VPS server.
Run the following commands as per notes:
1. Install required perl modules
# yum -y install perl-libwww-perl
For Ubuntu and Debian VPS server:
# apt-get install libwww-perl
2. Download & setup CSF:
Make a new directory in /usr/local/src/
# mkdir /usr/local/src/csf-new
Change directory to csf-new:
# cd /usr/local/src/csf-new
Dowload CSF setup:
# wget http://www.configserver.com/free/csf.tgz
Un-compress the setup file:
# tar -xzvf csf.tgz
Change directory:
# cd csf
Install using this command:
# sh install.generic.sh
Download this predefined rules configuration file by Crucial:
# wget http://111.118.173.50/~blogcruc/csf-generic.conf
Rename existing csf.conf file:
# mv -iv /etc/csf/csf.conf /etc/csf/csf.conf-old
Copy recently downloaded predefined rules configuration file to CSF configuration directory:
# cp -pv csf-generic.conf /etc/csf/csf.conf
Now, edit /etc/csf/csf.conf and customize ports as required and reload rules.
# csf -r
Congratulation! Your CSF firewall is up and running on your Linux VPS or Dedicted Server.
You can also check the following URLs to know more about CSF:
http://www.configserver.com/free/csf/readme.txt
http://www.configserver.com/free/csf/install.txt
http://forum.configserver.com/
http://www.configserver.com/cp/csf.html
Hosting Options & Info | VPS | Web Solutions & Services |
---|---|---|