What is the Config Server Firewall (CSF)?CSF is a Stateful Packet Inspection (SPI) firewall that acts as a strong line of defense that provides security, prevents malicious attempts to access server ports, scans log files, monitors unsuccessful suspicious login attempts and suggests corrective actions.
CSF Extensions: LFD & Login TrackingCSF has been exclusively designed to provide security to your Linux server or Virtual Private Server (VPS). CSF comes with an additional Login Failure Daemon (LFD) process that scans the log file entries periodically after every (X) second, looking for suspicious multiple failed login attempts within a certain time slot. The daemon process reacts and blocks such unauthorized IP’s. Another key feature is the “Login Tracking”, an extension of LFD, restricts the number of SSH, SMTP, POP3 and IMAP connections per IP per hour per Account.
CSF InstallationA front end UI based platform is available for both CSF and LFD, and are both accessible by the root account through cPanel, WebAdmin and DirectAdmin. The ConfigServer offers a free Web Host Manager (WHM) plugin CSF, allowing the modifications and updates of iptable rules within WHM. 1. Execute the following commands after you login as a root user to SSH.
cd /usr/src rm -fv csf.tgz wget http://www.configserver.com/free/csf.tgz tar -xzf csf.tgz cd csf sh install.sh2. Keep in mind that the previous existence of any other iptables firewall configuration script such as APF+BFD should be removed or at least disabled. APF is a frontend for the iptables application. Using APF, the user can avoid using iptables syntaxes needed to open and close ports. Else, the CSF installation attempt would fail with numerous conflicts.
Disable: sh /usr/local/csf/bin/disable_apf_bfd.sh Remove: sh /usr/local/csf/bin/remove_apf_bfd.shFeel free to configure the csf and lfd by reading the configuration and related documentation files present at:
cPanel ConfigurationFor cPanel and DirectAdmin users, CSF is already preconfigured to work with cPanel ports open. When running on a non-standard port, CSF auto-configures your SSH port on installation. The default cPanel and WHM comes bundled with lot of services active and ports open. It is up to the discretion of the Server administrator or the hosting companies to uninstall such services frees the system resources and to reduce vulnerabilities through attacks.
- Cpanel CSF and LFD
- Cpanel CSF and LFD 02
- Cpanel CSF and LFD 03