Installing Config Server Security & Firewall (CSF) on AlmaLinux
Posted inWHM

Installing Config Server Security & Firewall (CSF) on AlmaLinux

What is firewall ::

     Config Server Security & Firewall (CSF) is a comprehensive firewall tool for Linux servers that enhances security by managing access to services like SSH, SMTP, and IMAP.It includes features such as login and intrusion detection, and works via command line or integrates with control panels like cPanel. The built-in Login Failure Daemon (LFD) monitors for repeated login attempts and blocks suspicious IPs to prevent brute-force attacks.

Benefits of the firewall ::

Using a firewall offers several key benefits, as listed below:

1.Blocks access from suspicious or malicious IP addresses to prevent attacks

2.Allows only trusted IP addresses to access specific services or ports

3.Monitors and filters incoming and outgoing network traffic based on custom rules

4.Helps create a controlled, secure hosting environment for sensitive data

5.Acts as the first line of defense against unauthorized access and cyber threats

Features of the firewall ::

Advanced Traffic Filtering :

Allows fine-grained control over incoming and outgoing connections based on ports, IPs, and protocols.

Login Failure Detection (LFD) :

 Monitors for repeated failed login attempts and blocks suspicious IPs automatically.

Brute Force Protection

Detects and prevents brute-force attacks on services like SSH, SMTP, FTP, cPanel, etc.

Temporary and Permanent Bans

Supports both short-term and permanent blocking of IP addresses.

Email Alerting

 Sends notifications for suspicious activity, login failures, and system integrity warnings.

Step-by-Step Installation & Configuration of CSF on AlmaLinux

Step 1: Access the Server as Root

Log in to your Linux server using the root user account. In this tutorial, we’re using WHM to log in. After accessing WHM, navigate to the Server Configuration section and open the terminal.

Once you locate the terminal section, click on the Terminal option to open it and begin executing commands.

Step 2: Update Your System

Before installing any new software, it’s important to ensure your system packages are up to date. This helps avoid compatibility issues and ensures you’re working with the latest security patches.

#dnf update -y

Step 3: Verify and Install Required Dependencies

Before installing CSF on AlmaLinux, ensure the necessary system packages are installed. These dependencies are crucial for CSF to operate correctly:

#dnf install perl-libwww-perl unzip net-tools iptables firewalld perl-CPAN tar nano -y

This command installs all essential tools and libraries that CSF relies on for proper functionality and integration with your system.

Step 4: Navigate to the Root Directory

Execute the command below in the terminal to confirm you’re in the root directory. If you’re already there, the system will display the root prompt.

#cd  /root

 Step 5: Download the CSF Firewall

To get the latest version of CSF on AlmaLinux, download it directly from the official source using the command line. Use the following command to initiate the download:

#wget https://download.configserver.com/csf.tgz

Here is what the output looks like:

 Step 6: Extract the Archive

After the download completes, extract the CSF archive file using the command below:

#tar xzf csf.tgz

Step 7: Navigate to the CSF Directory

After extracting the archive, move into the CSF directory with the following command:

#cd csf

Step 8: Install CSF on AlmaLinux

Begin the installation process by running the provided installation script:

#sh install.sh

Steps to Configure CSF:

Step a : Open the CSF Configuration File

Use the vi/nano editor to open the main CSF configuration file:

#vi /etc/csf/csf.conf

i) Disable Testing Mode : TESTING = “0”

If testing mode is enabled, the LFD service will not start until it is disabled.

ii) Configure Allowed Incoming/Outgoing Ports : 

    Example :  TCP_IN = “22,80,443”

                       TCP_OUT = “22,80,443”

iii) Intrusion Detection System (IDS) Settings : 

LF_TRIGGER_PERM: Sets the threshold for failed login attempts before permanently blocking an IP address.

LF_SSHD: Defines how CSF handles SSH login failures, including the number of attempts allowed and the ban duration.

iv) Email Alerts

LF_ALERT_TO: Defines the email address where CSF will send security alerts and notifications.

Step b : Final Step: Save and Apply Changes

Step 9 : Restart CSF and LFD Services

#systemctl restart csf

#systemctl restart lfd

Step 10 : Enable CSF and LFD Services

#systemctl enable csf

#systemctl enable lfd

Basic CSF Commands

In this Dedicated Hosting tutorial, we will explore essential CSF commands. These include restarting services, allowing, blocking, and unblocking IP addresses, among others. Each command will be explained with its purpose, followed by a practical example demonstrating how to use it.

Starting and Stopping CSF : 

To manage the CSF service on your server, you can use the following commands:

You can start CSF (ConfigServer Security & Firewall) with the following command:

#csf -s

To stop CSF, use the following command:

#csf -x 

Permanently Block an IP Address Using CSF : 

To permanently block an IP address using CSF, use the following command:

Syntax:

#csf -d < IP-Address >

Examle : 

 [root@training ~]# csf -d 192.168.0.1

 Temporarily Block an IP Address Using CSF : 

To temporarily block an IP address using CSF, use the following command:

Syntax:

#csf -td <IP_address> <duration>

Example : 

[root@training ~]# csf -td 192.168.0.1 150s

Allow an IP Address in CSF : 

To allow (whitelist) an IP address using CSF, use the following command:

Syntax

#csf -a <IP_address>

Example : 

[root@training ~]# csf -a 192.168.0.2

Temporarily Allow an IP Address in CSF : 

To temporarily allow (whitelist) an IP address using CSF, use the following command:

Syntax

#csf -ta <IP-Address> <Time-in-Minutes>

Example : 

[root@training ~]# csf -ta 192.168.1.100 60

Permanently Unblock an IP Address in CSF:

If an IP address has been permanently blocked by CSF (ConfigServer Security & Firewall), you can manually remove it from the deny list to unblock it.

Syntax : 

#csf -dr <IP-Address>

Example : 

[root@training ~]# csf -dr 192.168.0.100

Unblock an IP Address (Temporary Block) in CSF:

If an IP address has been temporarily blocked by CSF (due to failed login attempts, port scans, etc.), you can manually remove it from the temporary deny list.

Syntax : 

#csf -tr <IP-Address>

Example : 

[root@training ~]# csf -tr 192.168.1.100

List Temporarily Blocked IPs and Their Block Durations in CSF:

You can view all IP addresses that are temporarily blocked by CSF along with the remaining block time using a simple command.

Syntax : 

#csf -t

Example : 

[root@training ~]# csf -t

Output : 

A/D   IP address                               Port   Dir   Time To Live     Comment

DENY  192.168.0.100                              *    in    56m 18s          Manually added: 192.168.0.100 (-)

Remove All Temporary IP Blocks in CSF:

To quickly clear all temporarily blocked IP addresses from CSF (ConfigServer Security & Firewall), you can use a built-in command.

Syntax:

#csf -tf

Example : 

[root@training ~]# csf -tf