Install and configure CSF Print

  • 458

This article will walk through how to install and configure CSF (ConfigServer Security & Firewall) in just a few steps

  1. Install CSF. The one liner below will install CSF with the defauls confiruation and whitelist the IP that you are connected from.

    # cd /usr/src && rm -fv csf.tgz && wget https://download.configserver.com/csf.tgz && tar -xzf csf.tgz && cd csf && sh install.sh

  2.  Next we will need to adjust the /etc/csf/csf.conf configuration file to enable the firewall. To do this, change TESTING = "0" to TESTING = "1" the command below will make the change for you.

    # sed -i 's/TESTING = "1"/TESTING = "0"/g' /etc/csf/csf.conf 

  3. To prevent people from overloading the services on the server, we should set the CONNLIMIT and PORTFLOOD settings. Below is an example that will protect the http and ssh ports.

    CONNLIMIT = "22;5,80;20,443;20"
    PORTFLOOD = "22;tcp;5;300,80;tcp;20;5,443;tcp;20;5"

    Here is a command to change this from the command line

    # sed -i 's/CONNLIMIT = ""/CONNLIMIT = "22;5,80;20,443;20"/g' /etc/csf/csf.conf && sed -i 's/PORTFLOOD = ""/PORTFLOOD = "22;tcp;5;300,80;tcp;20;5,443;tcp;20;5"/g' /etc/csf/csf.conf

  4. Lastly we will need to restart CSF to apply the configuration changes

    # csf -r

For you convenience we've put it all together into a one liner that will install and make the described configuration changes.

# cd /usr/src && rm -fv csf.tgz && wget https://download.configserver.com/csf.tgz && tar -xzf csf.tgz && cd csf && sh install.sh && sed -i 's/TESTING = "1"/TESTING = "0"/g' /etc/csf/csf.conf && sed -i 's/CONNLIMIT = ""/CONNLIMIT = "22;5,80;20,443;20"/g' /etc/csf/csf.conf && sed -i 's/PORTFLOOD = ""/PORTFLOOD = "22;tcp;5;300,80;tcp;20;5,443;tcp;20;5"/g' /etc/csf/csf.conf && csf -r



Was this answer helpful?

« Back