CSF Instalation (config server firewall)

CSF installation on servers with cPanel

SSH onto the box and sudo as root, go into the normal user home folder (should be /home/plugandplayroot) and execute the following:

wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

This will take care of installing the firewall, now for the configuration. PS: leave your ssh connection opened since it will be required again.

Login to the box whm console and search for firewall, from here we go to Firewall configuration.

Configuration – ports and settings

Change the TESTING from 1 to a 0 – this will disable the testing mode, we need to be really careful with what other settings we change because we might get our selfs locked out of the box

Switch to IPv4 Settings and add the following to TCP_IN and TCP_OUT

5666,30000:50000

5666 – is the nagios NRPE port to allow the server to be monitored
the range 30000:50000 will be used by pure-ftpd to allow ftp connections to the server

Once this is done we save the settings.

Configuration – protection profile

From the main firewall screen we now go to Firewall Profiles
Here we need to activate the protection_medium profile. We use the medium one because the high security profile will generate a large number of false-positives and it will block normal users.

Configuration – pure ftpd

We go back into the ssh console and edit the /etc/pure-ftpd.conf with our favourite editor and uncomment the line

PassivePortRange 30000 50000

Save the file and restart the service either through WHM or from ssh.

Install on server without cPanel

1) On Centos 6.6 minimal you need to run

yum install perl-libwww-perl

1.1) On Ubuntu run

apt-get install libwww-perl

2) Follow the installation steps above.
3) in the terminal run

csf --profile apply protection_medium

4) If the server is monitored using nagios nrpe we need to add the 5666 port to TCP_IN and TCP_OUT for both IPv4 and IPv6 in /etc/csf/csf.conf
5) restart csf and lfd services and test the configuration, if everything is okay proceed, if connection is lost, wait 5 minutes for the cron to clear the iptables rules

/etc/init.d/lfd restart
/etc/init.d/csf restart

6) edit again /etc/csf/csf.conf and disable testing mode – only do this if you are sure the configuration works, you might get locked out of the server
7) restart csf and lfd

Quick commands

Quick ip block

csf -d  [comment]

Quick ip allow

csf -a  [comment]

Quick ip unblock

csf -dr  [comment]

Search for an IP

csf -g

More information about this firewall can be found at ConfigServer.com