How to Install and Configure CSF on Rocky Linux 9.2
To Install and Configure CSF on Rocky Linux 9.2
Introduction:
The ConfigServer Security & Firewall provides security features such as login, intrusion, and flood detection. A UI integration option for cPanel, DirectAdmin, and Webmin is also available on the platform.
Installation steps :
Step 1 : Check the OS version by using the following command.
[root@Linuxhelp ~]# cat /etc/os-release
NAME="Rocky Linux"
VERSION="9.2 (Blue Onyx)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.2"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Rocky Linux 9.2 (Blue Onyx)"
ANSI_COLOR="0;32"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:rocky:rocky:9::baseos"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
SUPPORT_END="2032-05-31"
ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9"
ROCKY_SUPPORT_PRODUCT_VERSION="9.2"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.2"
Step 2 : Install all required Perl modules by using the following command
[root@Linuxhelp ~]# dnf install perl perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch -y
Rocky Linux 9 - BaseOS 4.3 kB/s | 4.1 kB 00:00
Rocky Linux 9 - AppStream 4.9 kB/s | 4.5 kB 00:00
Rocky Linux 9 - Extras 2.6 kB/s | 2.9 kB 00:01
Dependencies resolved.
======================================================================================================================
Package Architecture Version Repository Size
======================================================================================================================
Installing: ------
Installed:
annobin-11.05-1.el9.x86_64 dwz-0.14-3.el9.x86_64
efi-srpm-macros-6-2.el9_0.noarch fonts-srpm-macros-1:2.0.5-7.el9.1.noarch
gcc-11.3.1-4.3.el9.x86_64 gcc-c++-11.3.1-4.3.el9.x86_64
gcc-plugin-annobin-11.3.1-4.3.el9.x86_64 ghc-srpm-macros-1.5.0-6.el9.noarch
glibc-devel-2.34-60.el9.x86_64 glibc-headers-2.34-60.el9.x86_64
go-srpm-macros-3.2.0-1.el9.noarch kernel-headers-5.14.0-284.18.1.el9_2.x86_64
kernel-srpm-macros-1.0-12.el9.noarch libstdc++-devel-11.3.1-4.3.el9.x86_64
libxcrypt-devel-4.4.18-3.el9.x86_64 lua-srpm-macros-1-6.el9.noarch
make-1:4.3-7.el9.x86_64 ocaml-srpm-macros-6-6.el9.noarch
openblas-srpm-macros-2-11.el9.noarch perl-4:5.32.1-480.el9.x86_64
perl-Algorithm-Diff-1.2010-4.el9.noarch perl-Archive-Tar-2.38-6.el9.noarch
perl-FindBin-1.51-480.el9.noarch perl-GDBM_File-1.18-480.el9.x86_64
perl-HTML-Parser-3.76-3.el9.x86_64 perl-HTML-Tagset-3.20-47.el9.noarch
perl-HTTP-Cookies-6.10-4.el9.noarch perl-HTTP-Date-6.05-7.el9.noarch
perl-HTTP-Message-6.29-3.el9.noarch perl-HTTP-Negotiate-6.01-30.el9.noarch
perl-Hash-Util-0.23-480.el9.x86_64 perl-Hash-Util-FieldHash-1.20-480.el9.x86_64
perl-I18N-Collate-1.02-480.el9.noarch perl-I18N-LangTags-0.44-480.el9.noarch
perl-I18N-Langinfo-0.19-480.el9.x86_64 perl-IO-Compress-2.102-4.el9.noarch
perl-IO-Compress-Lzma-2.101-4.el9.noarch perl-IO-HTML-1.004-4.el9.noarch
perl-IO-Zlib-1:1.11-4.el9.noarch perl-IPC-Cmd-2:1.04-461.el9.noarch
perl-IPC-SysV-2.09-4.el9.x86_64 perl-IPC-System-Simple-1.30-6.el9.noarch
perl-Importer-0.026-4.el9.noarch perl-JSON-PP-1:4.06-4.el9.noarch
perl-less-0.03-480.el9.noarch perl-lib-0.65-480.el9.x86_64
perl-libnetcfg-4:5.32.1-480.el9.noarch perl-libwww-perl-6.53-4.el9.noarch
perl-local-lib-2.000024-13.el9.noarch perl-macros-4:5.32.1-480.el9.noarch
perl-meta-notation-5.32.1-480.el9.noarch perl-open-1.12-480.el9.noarch
perl-perlfaq-5.20201107-4.el9.noarch perl-ph-5.32.1-480.el9.x86_64
perl-sigtrap-1.09-480.el9.noarch perl-sort-2.04-480.el9.noarch
perl-srpm-macros-1-41.el9.noarch perl-threads-1:2.25-460.el9.x86_64
perl-threads-shared-1.61-460.el9.0.1.x86_64 perl-utils-5.32.1-480.el9.noarch
perl-version-7:0.99.28-4.el9.x86_64 perl-vmsish-1.04-480.el9.noarch
pyproject-srpm-macros-1.6.2-1.el9.noarch python-srpm-macros-3.9-52.el9.noarch
python3-pyparsing-2.4.7-9.el9.noarch qt5-srpm-macros-5.15.3-1.el9.noarch
redhat-rpm-config-199-1.el9.noarch rust-srpm-macros-17-4.el9.noarch
sombok-2.4.0-16.el9.x86_64 systemtap-sdt-devel-4.8-2.el9.x86_64
Complete!
Step 3: Download the latest version of CSF by using the following command
[root@Linuxhelp ~]# wget https://download.configserver.com/csf.tgz
--2023-07-02 05:24:44-- https://download.configserver.com/csf.tgz
Resolving download.configserver.com (download.configserver.com)... 94.130.90.175
Connecting to download.configserver.com (download.configserver.com)|94.130.90.175|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2288477 (2.2M) [application/x-gzip]
Saving to: ‘csf.tgz’
csf.tgz 100%[===============================================>] 2.18M 973KB/s in 2.3s
2023-07-02 05:24:47 (973 KB/s) - ‘csf.tgz’ saved [2288477/2288477]
Step 4: Extract the downloaded file by using the following command
[root@Linuxhelp ~]# tar xzf csf.tgz
Step 5: Go to the extracted directory and install CSF by using the following command
[root@Linuxhelp ~]# cd csf/
[root@Linuxhelp csf]# sh install.sh
Selecting installer...
Running csf generic installer
Installing generic csf and lfd
Check we're running as root
mkdir: created directory '/etc/csf'
'install.txt' -> '/etc/csf/install.txt'
Checking Perl modules...
Using configuration defaults
...Perl modules OK
*** IPV6 Enabled
*** IPV6_SPI set to 1
TCP ports currently listening for incoming connections:
22
UDP ports currently listening for incoming connections:
5353,35091
Note: The port details above are for information only, csf hasn't been auto-configured.
Don't forget to:
1. Configure the following options in the csf configuration to suite your server: TCP_*, UDP_*
2. Restart csf and lfd
3. Set TESTING to 0 once you're happy with the firewall, lfd will not run until you do so
'lfd.service' -> '/usr/lib/systemd/system/lfd.service'
'csf.service' -> '/usr/lib/systemd/system/csf.service'
Created symlink /etc/systemd/system/multi-user.target.wants/csf.service → /usr/lib/systemd/system/csf.service.
Created symlink /etc/systemd/system/multi-user.target.wants/lfd.service → /usr/lib/systemd/system/lfd.service.
Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".
Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".
Created symlink /etc/systemd/system/firewalld.service → /dev/null.
'/etc/csf/csfwebmin.tgz' -> '/usr/local/csf/csfwebmin.tgz'
Installation Completed
Step 6: Check the CSF version by using the following command
[root@Linuxhelp csf]# csf -v
csf: v14.18 (generic)
*WARNING* TESTING mode is enabled - do not forget to disable it in the configuration
Step 7: Configure CSF by using the below steps
Change TESTING = “1” to TESTING = “0” in csf.conf file then Save and close the file when you are finished
[root@Linuxhelp csf]# vim /etc/csf/csf.conf
Step 8: Start and Enable the CSF and LFD services
[root@Linuxhelp csf]# systemctl start csf lfd
[root@Linuxhelp csf]# systemctl enable csf lfd
Step 9: Check the status of both CSF and LFD by using the following command
[root@Linuxhelp csf]# systemctl status csf lfd
● csf.service - ConfigServer Firewall & Security - csf
Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled; preset: disabled)
Active: active (exited) since Sun 2023-07-02 05:39:37 IST; 3min 22s ago
Main PID: 10504 (code=exited, status=0/SUCCESS)
CPU: 2.673s
Jul 02 05:39:37 Linuxhelp csf[10504]: ACCEPT all opt in * out lo ::/0 -> ::/0
Jul 02 05:39:37 Linuxhelp csf[10504]: LOGDROPOUT all opt in * out !lo ::/0 -> ::/0
Jul 02 05:39:37 Linuxhelp csf[10504]: LOGDROPIN all opt in !lo out * ::/0 -> ::/0
Jul 02 05:39:37 Linuxhelp csf[10504]: csf: FASTSTART loading DNS (IPv4)
Jul 02 05:39:37 Linuxhelp csf[10504]: csf: FASTSTART loading DNS (IPv6)
Jul 02 05:39:37 Linuxhelp csf[10504]: LOCALOUTPUT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
Jul 02 05:39:37 Linuxhelp csf[10504]: LOCALINPUT all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
Jul 02 05:39:37 Linuxhelp csf[10504]: LOCALOUTPUT all opt in * out !lo ::/0 -> ::/0
Jul 02 05:39:37 Linuxhelp csf[10504]: LOCALINPUT all opt in !lo out * ::/0 -> ::/0
Jul 02 05:39:37 Linuxhelp systemd[1]: Finished ConfigServer Firewall & Security - csf.
● lfd.service - ConfigServer Firewall & Security - lfd
Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled; preset: disabled)
Active: active (running) since Sun 2023-07-02 05:39:37 IST; 3min 21s ago
Main PID: 10676 (lfd - sleeping)
Tasks: 1 (limit: 22877)
Memory: 270.6M
CPU: 7.292s
CGroup: /system.slice/lfd.service
└─10676 "lfd - sleeping"
Jul 02 05:39:37 Linuxhelp systemd[1]: Starting ConfigServer Firewall & Security - lfd...
Jul 02 05:39:37 Linuxhelp systemd[1]: Started ConfigServer Firewall & Security - lfd.
Conclusion:
We have reached the end of this article. In this guide, we have walked you through the steps required to Install and Configure CSF on Rocky Linux 9.2. Your feedback is much welcome.
Q
What is a Login failure daemon (lfd) in CSF?
A
If login attempts happened against the server the daemon process responds very quickly to block offending IPs
Q
How to deny ip in CSF from the command?
A
To deny ip in CSF from the command line
#csf -a mention_the_ipaddress
#csf -a mention_the_ipaddress
Q
How to add IP in CSF from the command?
A
To add ip in CSF from the command line
#csf -a mention_the_ipaddress
#csf -a mention_the_ipaddress
Q
What is the CSF configuration file location?
A
The configuration file location of CSF is /etc/csf/csf.conf
Q
How to Install and Configure CSF on Rocky Linux 9.2
A
The command to reload the CSF firewall is
# csf -r
# csf -r