ConfigServe Firewall, more commonly referred to simply as CSF, is a type of firewall configuration script that has been designed to up the security of servers. While it does so, users are able to enjoy an advanced and robust interface for specifically managing firewall settings. Basically, it provides users with means to manage and configure their firewall in a simpler easier manner. CSF helps to control exactly what traffic is allowed in and out of the server and protect the server from malicious attack. The CSF installation includes control panel user interface available via WHM and login failure daemon process (lfd) that runs periodically to scan the latest log file entries for login attempts that continually fail within a short period of time. Such attempts are often called “Brute-force attacks” and the daemon process responds very quickly to such patterns and blocks offending IPs quickly
For those who are interested to use CSF but do not have any idea where to start, below are some of the fact about the script as well as a step by step guide on how to install and configure it.
So, login to your server via ssh and let’s start CSF installation by retrieving the package files using wget command:
# wget http://configserver.com/free/csf.tgz
Unpack the archive:
# tar xfz csf.tgz
Navigate to the uncompressed csf directory:
# cd csf
Run the installer:
# sh install.sh
It will create configuration file and add all required cPanel services to allow list. Let’s disable testing mode by editing main CSF configuration file. Open the file using any editor (vi, nano, etc):
# nano /etc/csf/csf.conf
TESTING = “1″
TESTING = “0″
When done, restart CSF:
# csf -r
Now CSF is installed and ready. You can simply manage it via cPanel WHM interface WHM > Config Security & Firewall
You may want to visit “Check server security” page next, allow/block IP addresses, flush blocks, restart login failure daemon and much more.
Configuratiton Options Available
There are a number of configuration options offered by the ConfigServer Firewall. All of these can be found within the ‘/etc/csf’ directory. Some of the most important and useful options include the following:
- conf. Use to configure files for controlling the script.
- allow. Use to check the list of allowed IP addresses and CIDR addresses.
- deny. Use to check the list of denied IP addresses and and CIDR addresses.
- ignore. Use to check the list of ignored IP addresses and CIDR addresses.
All in all, CSF is a script that users are going to find useful, especially if they want to protect their servers from the significant damage that can be caused by brute force attacks.