Tutorial News Comments FAQ Related Articles

How to Install and configure CSF on Oracle Linux

{{postValue.id}}

To Install And Configure CSF On Oracle Linux

Introduction:

CSF stands for ConfigServer Security & Firewall CSF is completely free and open source. CSF includes security features like login/intrusion/flood detections. It’s also had UI integration for cPanel, DirectAdmin and Webmin

Installation Steps:

Step 1: Check the OS version by using the below command

[root@localhost ~]# cat /etc/os-release 
NAME="Oracle Linux Server"
VERSION="8.4"
ID="ol"
ID_LIKE="fedora"
VARIANT="Server"
VARIANT_ID="server"
VERSION_ID="8.4"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Oracle Linux Server 8.4"
ANSI_COLOR="0;31"

Step 2: Install the supporting packages by using the below command

[root@localhost ~]# yum install perl-libwww-perl
Last metadata expiration check: 7:13:07 ago on Monday 06 December 2021 11:28:54 PM IST.
Dependencies resolved.
============================================================================================================================================
 Package                            Architecture      Version                                            Repository                    Size
============================================================================================================================================
Installing:
 perl-libwww-perl                   noarch            6.34-1.module+el8.3.0+7692+542c56f9                ol8_appstream                212 k
Installing dependencies:
 perl-Compress-Raw-Bzip2            x86_64            2.081-1.el8                                        ol8_baseos_latest             40 k
 perl-Compress-Raw-Zlib             x86_64            2.081-1.el8                                        ol8_baseos_latest             68 k
 perl-Data-Dump                     noarch            1.23-7.module+el8.3.0+7692+542c56f9                ol8_appstream                 37 k
 perl-Digest-HMAC                   noarch            1.03-17.module+el8.3.0+7692+542c56f9               ol8_appstream                 20 k
 perl-Digest-SHA                    x86_64            1:6.02-1.el8                                       ol8_appstream                 66 k
 perl-Encode-Locale                 noarch            1.05-10.module+el8.3.0+7692+542c56f9               ol8_appstream                 22 k
 perl-File-Listing                  noarch            6.04-17.module+el8.3.0+7692+542c56f9               ol8_appstream                 18 k
 perl-HTML-Parser                   x86_64            3.72-15.module+el8.3.0+7692+542c56f9               ol8_appstream                119 k
 perl-HTML-Tagset                   noarch            3.20-34.module+el8.3.0+7692+542c56f9               ol8_appstream                 24 k
 perl-HTTP-Cookies                  noarch            6.04-2.module+el8.3.0+7692+542c56f9                ol8_appstream                 39 k
 perl-HTTP-Date

Step 3: change Diretory to /usr/src/ by using the below command

[root@localhost ~]#  cd /usr/src/

Step 4: Download the CSF package by using the below command

[root@localhost src]# wget https://download.configserver.com/csf.tgz
--2021-12-07 06:21:15--  https://download.configserver.com/csf.tgz
Connecting to download.configserver.com (download.configserver.com)|94.130.90.175|:443... connected.
HTTP request sent, awaiting response... 200 OK

csf.tgz                            100%[================================================================>]   2.18M  2.16MB/s    in 1.0s

Step 5: Extract the package by using the below command

[root@localhost src]# tar xzf csf.tgz

Step 6: Enter to the CSF directory by using the below command

[root@localhost src]# cd csf/

Step 7: Run the installation script by using the below command

[root@localhost csf]# sh install.sh
Selecting installer...
Running csf generic installer
Installing generic csf and lfd
Check we're running as root
mkdir: cannot create directory ‘/etc/csf’: File exists
'install.txt' -> '/etc/csf/install.txt'
Checking Perl modules...
Using configuration defaults
...Perl modules OK
Don't forget to:
1. Configure the following options in the csf configuration to suite your server: TCP_*, UDP_*
2. Restart csf and lfd
3. Set TESTING to 0 once you're happy with the firewall, lfd will not run until you do so
'lfd.service' -> '/usr/lib/systemd/system/lfd.service'
'csf.service' -> '/usr/lib/systemd/system/csf.service'
Unit /etc/systemd/system/firewalld.service is masked, ignoring.
'/etc/csf/csfwebmin.tgz' -> '/usr/local/csf/csfwebmin.tgz'

Installation Completed

Step 8: check that all dependencies installed by using the below command

[root@localhost csf]# perl /usr/local/csf/bin/csftest.pl 
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK
RESULT: csf should function on this server

Step 9: Stop the firewalld by using the below command

[root@localhost csf]# systemctl stop firewalld

Step 10: Disable the firewalld by using the below command

[root@localhost csf]# systemctl disable firewalld
Unit /etc/systemd/system/firewalld.service is masked, ignoring

Step 11: Edit the CSF configuration file and change TESTING=1 to TESTING=0 by using the below command

[root@localhost csf]#vim /etc/csf/csf.conf
###############################################################################
#SECTION:Initial Settings
###############################################################################
#Testing flag - enables a CRON job that clears iptables incase of
#configuration problems when you start csf. This should be enabled until you
#are sure that the firewall works - i.e. incase you get locked out of your
#server! Then do remember to set it to 0 and restart csf when you're sure
#everything is OK. Stopping csf will remove the line from /etc/crontab
#lfd will not start while this is enabled
TESTING = "0"

#The interval for the crontab in minutes. Since this uses the system clock the
#CRON job will run at the interval past the hour and not from when you issue
#the start command. Therefore an interval of 5 minutes means the firewall
#will be cleared in 0-5 minutes from the firewall start
TESTING_INTERVAL = "5"

Step 12: Restart the lFD and CSF services by using the below command

[root@localhost csf]# systemctl restart lfd csf

Step 13: Enable the services by using the below command

[root@localhost csf]# systemctl enable csf lfd

Step 14: Check the services status by using the below command

[root@localhost csf]# systemctl is-active csf lfd

Step 15: Check the CSF version by using the below command

[root@localhost csf]# csf -v
csf: v14.15 (generic)

Step 16: List the CSF rules by using the below command

[root@localhost csf]# csf -l
iptables filter table
=====================
Chain INPUT (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     tcp  --  !lo    *       8.8.8.8              0.0.0.0/0            tcp dpt:53
2        0     0 ACCEPT     udp  --  !lo    *       8.8.8.8              0.0.0.0/0            udp dpt:53
3        0     0 ACCEPT     tcp  --  !lo    *       8.8.8.8              0.0.0.0/0            tcp spt:53
4        0     0 ACCEPT     udp  --  !lo    *       8.8.8.8              0.0.0.0/0            udp spt:53
5      143 36414 LOCALINPUT  all  --  !lo    *       0.0.0.0/0            0.0.0.0/0           
6        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
7        0     0 INVALID    tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0           
8        0     0 ACCEPT     icmp --  !lo    *       0.0.0.0/0            0.0.0.0/0            icmptype 8 limit: avg 1/sec burst 5
9        0     0 LOGDROPIN  icmp --  !lo    *       0.0.0.0/0            0.0.0.0/0            icmptype 8
10       2    72 ACCEPT     icmp --  !lo    *       0.0.0.0/0            0.0.0.0/0           
11       0     0 ACCEPT     all  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
12       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:20
13       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:21
14       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:22
15       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:25
16       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:53

Conclusion:

We have reached the end of this article. In this guide, we have walked you through the steps required to install and configure CSF on Oracle Linux. Your feedback is much welcome.

Tags:
Author: 

Comments ( 0 )

No comments available

Frequently asked questions ( 5 )

Q

Does CSF support any EOL OS?

A

Any OS that is EOL will not be supported.

Q

If I install CSF in EOL os what happened?

A

csf may no longer work as new functionality is added

Q

What are the UI integrations supported by CSF?

A

UI Integration for cPanel, DirectAdmin, InterWorx, CentOS Web Panel (CWP), VestaCP, CyberPanel, and Webmin

Q

What is a Login failure daemon (lfd) in CSF?

A

If login attempts happened against the server the daemon process responds very quickly to block offending IPs.

Q

IS iptables support ipv6?

A

No iptables only maintains firewall rules for IPv4 addresses "ip6tables" used for configuring IPV6 address.

Back To Top!