CSF installation on servers with cPanel
SSH onto the box and sudo as root, go into the normal user home folder (should be /home/plugandplayroot) and execute the following:
tar -xzf csf.tgz
This will take care of installing the firewall, now for the configuration. PS: leave your ssh connection opened since it will be required again.
Login to the box whm console and search for firewall, from here we go to Firewall configuration.
Configuration – ports and settings
Change the TESTING from 1 to a 0 – this will disable the testing mode, we need to be really careful with what other settings we change because we might get our selfs locked out of the box
Switch to IPv4 Settings and add the following to TCP_IN and TCP_OUT
5666 – is the nagios NRPE port to allow the server to be monitored
the range 30000:50000 will be used by pure-ftpd to allow ftp connections to the server
Once this is done we save the settings.
Configuration – protection profile
From the main firewall screen we now go to Firewall Profiles
Here we need to activate the protection_medium profile. We use the medium one because the high security profile will generate a large number of false-positives and it will block normal users.
Configuration – pure ftpd
We go back into the ssh console and edit the /etc/pure-ftpd.conf with our favourite editor and uncomment the line
PassivePortRange 30000 50000
Save the file and restart the service either through WHM or from ssh.
Install on server without cPanel
1) On Centos 6.6 minimal you need to run
yum install perl-libwww-perl
1.1) On Ubuntu run
apt-get install libwww-perl
2) Follow the installation steps above.
3) in the terminal run
csf --profile apply protection_medium
4) If the server is monitored using nagios nrpe we need to add the 5666 port to TCP_IN and TCP_OUT for both IPv4 and IPv6 in /etc/csf/csf.conf
5) restart csf and lfd services and test the configuration, if everything is okay proceed, if connection is lost, wait 5 minutes for the cron to clear the iptables rules
6) edit again /etc/csf/csf.conf and disable testing mode – only do this if you are sure the configuration works, you might get locked out of the server
7) restart csf and lfd
Quick ip block
csf -d [comment]
Quick ip allow
csf -a [comment]
Quick ip unblock
csf -dr [comment]
Search for an IP
More information about this firewall can be found at ConfigServer.com