• Support
  • Get In Touch
Login
March 19, 2017

How to Install and Configure CSF on CentOS 7

Want your very own server? Get our 1GB memory, Xeon V4, 25GB SSD VPS for £10.00 / month.
Get a Cloud Server

CSF (Config Server Firewall) is a firewall configuration script created to provide better security for your server while giving you an easy to use, advanced interface for managing your firewall settings. CSF configures your server’s firewall to lock down public access to services and only allow certain connections, such as logging in to FTP, checking your email, or loading your websites which makes your server more secure. CSF can detect when someone is logging into the server via SSH and alerts you when this user tries to use the “su” command on the server to get higher privileges. CSF is a good security solution for hosting servers and can be integrated into the user interface (UI) of WHM/cPanel, DirectAdmin, and Webmin.

Requirements

You don’t have to own any special kind of hardware to install Config server Firewall on your server all you’ll have to do is own a CentOS 7 server and root privileges over it. You can switch between non root user to root user using sudo -i command.

Installing CSF and Dependencies

CSF is based on Perl so you’ll have to install perl first. You’ll also need wget package and a text editor to install CSF, here we are using nano text editor you can have any text editor of your choice.

yum -y install wget nano perl-libwww-perl.noarch perl-Time-HiRes

Next go to the “/usr/src/” directory and download CSF using wget command as shown in the below commands.

cd /usr/src/
wget https://download.configserver.com/csf.tgz

We have successfully downloaded the CSF archive file now you’ll have to extract this archive file and then install it using following command:

tar -xzf csf.tgz
cd csf
sh install.sh

You should get a message stating ” installation is completed ” at the end of this process.

Now let’s check that CSF really works on this server and to do so please go to the “/usr/local/csf/bin/” directory, and run “csftest.pl” using following commands:

cd /usr/local/csf/bin/
perl csftest.pl

You should see a result stating that “csf should function on this server” on your screen, this indicates that CSF is running without problems on your server.

Configure CSF

Before going through the configuration process of CSF you’ll have to stop and disable the default firewalld services of CentOS 7 server and to do so run following command:

systemctl stop firewalld
systemctl disable firewalld

Now we can configure the CSF on our server so go to the CSF configuration directory and edit configuration file using any text editor you want but here we are using nano text editor.

cd /etc/csf/
nano csf.conf

Find “TESTING ” on line 11 and change it to TESTING = "0", save the file and exit from the text editor for applying the firewall configuration.
Next, start CSF and LFD services using systemctl command as shown below.

systemctl start csf
systemctl start lfd

Now enable these services to start at boot time using following commands.

systemctl enable csf
systemctl enable lfd

You can check the list of default rules using csf -l command:

Basic CSF Commands

There are some basic CSF commands given and explained below:

csf -s <- Run this command to start and enable firewall rules.
csf -f <- Run this command to stop or flush the firewall rules
csf -r <-Run this command to reload the firewall rules
csf -a yourIP <- Allow an IP and add it to csf.allow and you should see something similar to this in result.

Adding yourIP to csf.allow and iptables ACCEPT...
ACCEPT  all opt -- in !lo out *  yourIP  -> 0.0.0.0/0  
ACCEPT  all opt -- in * out !lo  0.0.0.0/0  -> yourIP

Use following command to remove and delete an IP from csf.allow and result should be similar to this.

csf -ar yourIP

Removing rule...
ACCEPT  all opt -- in !lo out *  yourIP  -> 0.0.0.0/0  
ACCEPT  all opt -- in * out !lo  0.0.0.0/0  -> yourIP

Use Following command to deny an IP and add to csf.deny.

csf -d yourIP

Adding yourIP to csf.deny and iptables DROP...
DROP  all opt -- in !lo out *  yourIP  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> yourIP

Use following command to remove and delete an IP from csf.deny.
csf -dr yourIP

Removing rule...
DROP  all opt -- in !lo out *  yourIP  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> yourIP

Use following command to remove and Unblock all entries from csf.deny.
csf -df

DROP  all opt -- in !lo out *  yourIP1  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> yourIP1  
DROP  all opt -- in !lo out *  yourIP2  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> yourIP2    
csf: all entries removed from csf.deny

Conclusion

In this tutorial we’ve learned how to install and configure CSF on a CentOS 7 server. It has many features and can support web-based management tools like cPanel / WHM, DirectAdmin and Webmin.

Want your very own server? Get our 1GB memory, Xeon V4, 25GB SSD VPS for £10.00 / month.
Get a Cloud Server

Share this Article!

Related Posts

Node.js Authentication – A Complete Guide with Passport and JWT

Node.js Authentication – A Complete Guide with Passport and JWT

Truth be told, it’s difficult for a web application that doesn’t have some kind of identification, even if you don’t see it as a security measure in and of itself. The Internet is a kind of lawless land, and even on free services like Google’s, authentication ensures that abuses will be avoided or at least […]

September 30, 2021
Read More Node.js Authentication – A Complete Guide with Passport and JWT
Node.js and MongoDB: How to Connect MongoDB With Node

Node.js and MongoDB: How to Connect MongoDB With Node

MongoDB is a document-oriented NoSQL database, which was born in 2007 in California as a service to be used within a larger project, but which soon became an independent and open-source product. It stores documents in JSON, a format based on JavaScript and simpler than XML, but still with good expressiveness. It is the dominant […]

September 27, 2021
Read More Node.js and MongoDB: How to Connect MongoDB With Node
Using MySQL with Node.js: A Complete Tutorial

Using MySQL with Node.js: A Complete Tutorial

Although data persistence is almost always a fundamental element of applications, Node.js has no native integration with databases. Everything is delegated to third-party libraries to be included manually, in addition to the standard APIs. Although MongoDB and other non-relational databases are the most common choice with Node because if you need to scale an application, […]

September 7, 2021
Read More Using MySQL with Node.js: A Complete Tutorial
Node.Js Vs Django: Which Is the Best for Your Project

Node.Js Vs Django: Which Is the Best for Your Project

Django and NodeJs are two powerful technologies for web development, both have great functionality, versatile applications, and a great user interface. Both are open source and can be used for free. But which one fits your project best? NodeJs is based on JavaScript, while Django is written in Python. These are two equally popular technologies […]

August 31, 2021
Read More Node.Js Vs Django: Which Is the Best for Your Project
Nodejs Vs PHP: Which Works Best?

Nodejs Vs PHP: Which Works Best?

Before getting into the “battle” between Node.js and PHP we need to understand why the issue is still ongoing. It all started with the increased demand for smartphone applications, their success forcing developers to adapt to new back-end technologies that could handle a multitude of simultaneous requests. JavaScript has always been identified as a client-side […]

August 30, 2021
Read More Nodejs Vs PHP: Which Works Best?