How to install and configure CSF on Ubuntu 21.04
To Install and Configure CSF on Ubuntu 21.04
Introduction:
CSF stands for Config server Firewall, it is an open source and available on all Linux distributions, CSF includes UI integration for cPanel, Direct Admin Webadmin. CSF checks for failed Login attempts at regular interval of time.
Installation Procedure:
Checking the installed OS version
linuxhelp@linuxhelp:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 21.04
Release: 21.04
Codename: hirsute
Login as Root user
linuxhelp@linuxhelp:~$ sudo -s
[sudo] password for linuxhelp:
Downloading the package by using Following command
root@linuxhelp:/# wget http://download.configserver.com/csf.tgz
--2021-10-16 14:55:23-- http://download.configserver.com/csf.tgz
Resolving download.configserver.com (download.configserver.com)... 94.130.90.175
Connecting to download.configserver.com (download.configserver.com)|94.130.90.175|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2299209 (2.2M) [application/x-gzip]
Saving to: ‘csf.tgz’
csf.tgz 100%[==========================================================>] 2.19M 9.23MB/s in 0.2s
2021-10-16 14:55:24 (9.23 MB/s) - ‘csf.tgz’ saved [2299209/2299209]
Long Listing to view downloaded files
root@linuxhelp:/# ls -la
total 1920648
drwxr-xr-x 20 root root 4096 Oct 16 14:55 .
drwxr-xr-x 20 root root 4096 Oct 16 14:55 ..
lrwxrwxrwx 1 root root 7 Sep 8 16:48 bin -> usr/bin
drwxr-xr-x 4 root root 4096 Oct 6 14:01 boot
drwxrwxr-x 2 root root 4096 Sep 8 16:50 cdrom
-rw-r--r-- 1 root root 2299209 Oct 4 15:09 csf.tgz
drwxr-xr-x 20 root root 4220 Oct 16 14:50 dev
drwxr-xr-x 131 root root 12288 Oct 16 14:37 etc
drwxr-xr-x 3 root root 4096 Sep 8 16:51 home
lrwxrwxrwx 1 root root 7 Sep 8 16:48 lib -> usr/lib
lrwxrwxrwx 1 root root 9 Sep 8 16:48 lib32 -> usr/lib32
lrwxrwxrwx 1 root root 9 Sep 8 16:48 lib64 -> usr/lib64
lrwxrwxrwx 1 root root 10 Sep 8 16:48 libx32 -> usr/libx32
Extracting the Downloaded Files
root@linuxhelp:/# tar -xzf csf.tgz
Changing the directory to the Extracted files
root@linuxhelp:/# cd csf
Long Listing to view the extracted files
root@linuxhelp:/csf# ls -la
total 2640
drwxr-xr-x 20 root root 4096 Oct 4 15:08 .
drwxr-xr-x 21 root root 4096 Oct 16 14:57 ..
-rw-r--r-- 1 root root 124 Feb 1 2013 accounttracking.txt
-rw-r--r-- 1 root root 181 Feb 1 2013 alert.txt
-rw-r--r-- 1 root root 1028 Feb 29 2020 apache.https.txt
-rw-r--r-- 1 root root 770 Feb 29 2020 apache.http.txt
-rw-r--r-- 1 root root 0 Feb 29 2020 apache.main.txt
-rwxr-xr-x 1 root root 976 Aug 11 2019 apf_stub.pl
-rwxr-xr-x 1 root root 15366 Jun 17 2020 auto.cwp.pl
-rwxr-xr-x 1 root root 14909 Jun 17 2020 auto.cyberpanel.pl
-rwxr-xr-x 1 root root 15776 Jun 17 2020 auto.directadmin.pl
-rwxr-xr-x 1 root root 14906 Jun 17 2020 auto.generic.pl
-rwxr-xr-x 1 root root 14908 Jun 17 2020 auto.interworx.pl
-rwxr-xr-x 1 root root 32526 Oct 4 15:08 auto.pl
-rwxr-xr-x 1 root root 15428 Jun 17 2020 auto.vesta.pl
-rw-r--r-- 1 root root 224353 Oct 4 15:08 changelog.txt
drwxr-xr-x 2 root root 4096 Mar 5 2021 ConfigServer
-rw-r--r-- 1 root root 192 Feb 1 2013 connectiontracking.txt
-rw-r--r-- 1 root root 76 Feb 1 2013 consolealert.txt
drwxr-xr-x 3 root root 4096 Oct 4 15:08 cpanel
-rw-r--r-- 1 root root 136 Feb 1 2013 cpanelalert.txt
-rw-r--r-- 1 root root 194 Feb 1 2013 syslogalert.txt
-rw-r--r-- 1 root root 298 Feb 1 2013 tracking.txt
drwxr-xr-x 3 root root 4096 Nov 10 2020 ui
Installing the CSF by using following command
root@linuxhelp:/csf# sh install.sh
Selecting installer...
Running csf generic installer
Installing generic csf and lfd
Check we're running as root
mkdir: created directory '/etc/csf'
'install.txt' -> '/etc/csf/install.txt'
Checking Perl modules...
Configuration modified for Debian/Ubuntu/Gentoo settings /etc/csf/csf.conf
Configuration modified for Debian/Ubuntu/Gentoo to use legacy iptables/ip6tables
...Perl modules OK
mkdir: cannot create directory ‘/etc/csf’: File exists
mkdir: created directory '/var/lib/csf'
mkdir: created directory '/var/lib/csf/backup'
mkdir: created directory '/var/lib/csf/Geo'
mkdir: created directory '/var/lib/csf/ui'
mkdir: created directory '/var/lib/csf/stats'
mkdir: created directory '/var/lib/csf/lock'
mkdir: created directory '/var/lib/csf/webmin'
mkdir: created directory '/var/lib/csf/zone'
mkdir: created directory '/usr/local/csf'
mkdir: created directory '/usr/local/csf/bin'
mkdir: created directory '/usr/local/csf/lib'
mkdir: created directory '/usr/local/csf/tpl'
'csf.generic.conf' -> '/etc/csf/csf.conf'
'csf.generic.allow' -> '/etc/csf/csf.allow'
'csf.deny' -> '/etc/csf/./csf.deny
Disabling the ubuntu firewall by using following command
root@linuxhelp:/csf# ufw disable
Firewall stopped and disabled on system startup
Changing the directory
root@linuxhelp:/csf# cd /etc/csf/
Log listing the all configuration files
root@linuxhelp:/etc/csf# ls -l
total 528
lrwxrwxrwx 1 root root 18 Oct 16 14:58 alerts -> /usr/local/csf/tpl
-rw------- 1 root root 224353 Oct 4 15:08 changelog.txt
-rw------- 1 root root 814 Oct 16 14:58 csf.allow
-rw------- 1 root root 4521 Oct 16 14:58 csf.blocklists
-rw------- 1 root root 1694 Feb 17 2018 csf.cloudflare
-rw------- 1 root root 111701 Oct 16 14:58 csf.conf
-rw------- 1 root root 812 Feb 17 2018 csf.deny
-rw------- 1 root root 636 Feb 17 2018 csf.dirwatch
-rw------- 1 root root 939 Feb 17 2018 csf.dyndns
-rw------- 1 root root 972 Mar 25 2019 csf.fignore
-rw------- 1 root root 507 Oct 16 14:58 csf.ignore
-rw------- 1 root root 856 Sep 27 15:34 csf.logfiles
-rw------- 1 root root 3761 Sep 29 02:36 csf.logignore
-rw------- 1 root root 408 Feb 17 2018 csf.mignore
-rw------- 1 root root 2007 Sep 10 16:00 csf.pignore
lrwxrwxrwx 1 root root 13 Oct 16 14:58 csf.pl -> /usr/sbin/csf
-rw------- 1 root root 747 Feb 17 2018 csf.rblconf
-rw------- 1 root root 1142 Feb 17 2018 csf.redirect
-rw------- 1 root root 2150 Aug 22 2019 csf.resellers
-rw------- 1 root root 1622 Feb 17 2018 csf.rignore
-rw------- 1 root root 413 Feb 17 2018 csf.signore
-rw------- 1 root root 510 Feb 17 2018 csf.sips
-rw------- 1 root root 660 Feb 17 2018 csf.smtpauth
-rw------- 1 root root 368 Feb 17 2018 csf.suignore
Configure CSF by using vi editor
root@linuxhelp:/etc/csf# vi csf.conf
Changing the testing line from 1 to 0
Deny the ip by using following command
root@linuxhelp:/etc/csf# csf -d 192.168.6.104
Restarting the csf by using following command
root@linuxhelp:/etc/csf# csf -r
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Flushing chain `PREROUTING'
Flushing chain `OUTPUT'
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
csf: FASTSTART loading DROP no logging (IPv4)
csf: FASTSTART loading DROP no logging (IPv6)
LOG tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *TCP_IN Blocked* "
LOG tcp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *TCP_OUT Blocked* "
LOG udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *UDP_IN Blocked* "
LOG udp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDP_OUT Blocked* "
LOG icmp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *ICMP_IN Blocked* "
LOG icmp opt -- in * out * 0.0.0.0/0 -> 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *ICMP_OUT Blocked* "
LOG tcp opt in * out * ::/0 -> ::/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *TCP6IN Blocked* "
LOG tcp opt in * out * ::/0 -> ::/0 tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *TCP6OUT Blocked* "
LOG udp opt in * out * ::/0 -> ::/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *UDP6IN Blocked* "
Viewing the deny list by opening the csf.deny file
root@linuxhelp:/etc/csf# vi csf.deny
Removing the deny list by using following command
root@linuxhelp:/etc/csf# csf -dr 192.168.6.104
Removing rule...
DROP all opt -- in !lo out * 192.168.6.104 -> 0.0.0.0/0
LOGDROPOUT all opt -- in * out !lo 0.0.0.0/0 -> 192.168.6.104
Restarting the csf by using following command
root@linuxhelp:/etc/csf# csf -r
LOCALOUTPUT all opt in * out !lo ::/0 -> ::/0
LOCALINPUT all opt in !lo out * ::/0 -> ::/0
*WARNING* Binary location for [SENDMAIL] [/usr/sbin/sendmail] in /etc/csf/csf.conf is either incorrect, is not installed or is not executable
*WARNING* Missing or incorrect binary locations will break csf and lfd functionality
*WARNING* RESTRICT_SYSLOG is disabled. See SECURITY WARNING in /etc/csf/csf.conf.
By this install and configuration of CSF on Ubuntu 21.04 has completed
Q
Where Firewalld service are stored ?
A
it is stored in various XML files in /usr/lib/firewalld/ and /etc/firewalld/.
Q
Where iptables service are stored ?
A
The iptables service stores configuration in /etc/sysconfig/iptables while firewalld stores
Q
What are iptables rules?
A
iptables is a command line interface used to set up and maintain tables for the Netfilter firewall for IPv4
Q
Does CSF provides WE-Based Interface ?
A
It provides an advanced and easy-to-use web-based interface to manage firewall settings.
Q
How does CSF firewall work?
A
CSF configures your server's firewall to lock down public access to services and only allow certain connections,