Install and configure CSF Print

  • 326

This article will walk through how to install and configure CSF (ConfigServer Security & Firewall) in just a few steps

  1. Install CSF. The one liner below will install CSF with the defauls confiruation and whitelist the IP that you are connected from.

    # cd /usr/src && rm -fv csf.tgz && wget && tar -xzf csf.tgz && cd csf && sh

  2.  Next we will need to adjust the /etc/csf/csf.conf configuration file to enable the firewall. To do this, change TESTING = "0" to TESTING = "1" the command below will make the change for you.

    # sed -i 's/TESTING = "1"/TESTING = "0"/g' /etc/csf/csf.conf 

  3. To prevent people from overloading the services on the server, we should set the CONNLIMIT and PORTFLOOD settings. Below is an example that will protect the http and ssh ports.

    CONNLIMIT = "22;5,80;20,443;20"
    PORTFLOOD = "22;tcp;5;300,80;tcp;20;5,443;tcp;20;5"

    Here is a command to change this from the command line

    # sed -i 's/CONNLIMIT = ""/CONNLIMIT = "22;5,80;20,443;20"/g' /etc/csf/csf.conf && sed -i 's/PORTFLOOD = ""/PORTFLOOD = "22;tcp;5;300,80;tcp;20;5,443;tcp;20;5"/g' /etc/csf/csf.conf

  4. Lastly we will need to restart CSF to apply the configuration changes

    # csf -r

For you convenience we've put it all together into a one liner that will install and make the described configuration changes.

# cd /usr/src && rm -fv csf.tgz && wget && tar -xzf csf.tgz && cd csf && sh && sed -i 's/TESTING = "1"/TESTING = "0"/g' /etc/csf/csf.conf && sed -i 's/CONNLIMIT = ""/CONNLIMIT = "22;5,80;20,443;20"/g' /etc/csf/csf.conf && sed -i 's/PORTFLOOD = ""/PORTFLOOD = "22;tcp;5;300,80;tcp;20;5,443;tcp;20;5"/g' /etc/csf/csf.conf && csf -r

Was this answer helpful?

« Back