How to Install and configure CSF on Oracle Linux
- 00:41 cat /etc/os-release
- 00:55 yum install perl-libwww-perl
- 01:34 cd /usr/src/
- 01:49 wget https://download.configserver.com/csf.tgz
- 02:02 tar xzf csf.tgz
- 02:27 cd csf/
- 02:41 sh install.sh
- 02:57 perl /usr/local/csf/bin/csftest.pl
- 03:29 systemctl stop firewalld
- 03:51 systemctl disable firewalld
- 04:06 vim /etc/csf/csf.conf
- 05:16 systemctl restart lfd csf
- 05:31 systemctl enable csf lfd
- 05:47 systemctl is-active csf lfd
- 06:05 csf -v
- 06:23 csf -l
7391
To Install And Configure CSF On Oracle Linux
Introduction:
CSF stands for ConfigServer Security & Firewall CSF is completely free and open source. CSF includes security features like login/intrusion/flood detections. It’s also had UI integration for cPanel, DirectAdmin and Webmin
Installation Steps:
Step 1: Check the OS version by using the below command
[root@localhost ~]# cat /etc/os-release
NAME="Oracle Linux Server"
VERSION="8.4"
ID="ol"
ID_LIKE="fedora"
VARIANT="Server"
VARIANT_ID="server"
VERSION_ID="8.4"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Oracle Linux Server 8.4"
ANSI_COLOR="0;31"
Step 2: Install the supporting packages by using the below command
[root@localhost ~]# yum install perl-libwww-perl
Last metadata expiration check: 7:13:07 ago on Monday 06 December 2021 11:28:54 PM IST.
Dependencies resolved.
============================================================================================================================================
Package Architecture Version Repository Size
============================================================================================================================================
Installing:
perl-libwww-perl noarch 6.34-1.module+el8.3.0+7692+542c56f9 ol8_appstream 212 k
Installing dependencies:
perl-Compress-Raw-Bzip2 x86_64 2.081-1.el8 ol8_baseos_latest 40 k
perl-Compress-Raw-Zlib x86_64 2.081-1.el8 ol8_baseos_latest 68 k
perl-Data-Dump noarch 1.23-7.module+el8.3.0+7692+542c56f9 ol8_appstream 37 k
perl-Digest-HMAC noarch 1.03-17.module+el8.3.0+7692+542c56f9 ol8_appstream 20 k
perl-Digest-SHA x86_64 1:6.02-1.el8 ol8_appstream 66 k
perl-Encode-Locale noarch 1.05-10.module+el8.3.0+7692+542c56f9 ol8_appstream 22 k
perl-File-Listing noarch 6.04-17.module+el8.3.0+7692+542c56f9 ol8_appstream 18 k
perl-HTML-Parser x86_64 3.72-15.module+el8.3.0+7692+542c56f9 ol8_appstream 119 k
perl-HTML-Tagset noarch 3.20-34.module+el8.3.0+7692+542c56f9 ol8_appstream 24 k
perl-HTTP-Cookies noarch 6.04-2.module+el8.3.0+7692+542c56f9 ol8_appstream 39 k
perl-HTTP-Date
Step 3: change Diretory to /usr/src/ by using the below command
[root@localhost ~]# cd /usr/src/
Step 4: Download the CSF package by using the below command
[root@localhost src]# wget https://download.configserver.com/csf.tgz
--2021-12-07 06:21:15-- https://download.configserver.com/csf.tgz
Connecting to download.configserver.com (download.configserver.com)|94.130.90.175|:443... connected.
HTTP request sent, awaiting response... 200 OK
csf.tgz 100%[================================================================>] 2.18M 2.16MB/s in 1.0s
Step 5: Extract the package by using the below command
[root@localhost src]# tar xzf csf.tgz
Step 6: Enter to the CSF directory by using the below command
[root@localhost src]# cd csf/
Step 7: Run the installation script by using the below command
[root@localhost csf]# sh install.sh
Selecting installer...
Running csf generic installer
Installing generic csf and lfd
Check we're running as root
mkdir: cannot create directory ‘/etc/csf’: File exists
'install.txt' -> '/etc/csf/install.txt'
Checking Perl modules...
Using configuration defaults
...Perl modules OK
Don't forget to:
1. Configure the following options in the csf configuration to suite your server: TCP_*, UDP_*
2. Restart csf and lfd
3. Set TESTING to 0 once you're happy with the firewall, lfd will not run until you do so
'lfd.service' -> '/usr/lib/systemd/system/lfd.service'
'csf.service' -> '/usr/lib/systemd/system/csf.service'
Unit /etc/systemd/system/firewalld.service is masked, ignoring.
'/etc/csf/csfwebmin.tgz' -> '/usr/local/csf/csfwebmin.tgz'
Installation Completed
Step 8: check that all dependencies installed by using the below command
[root@localhost csf]# perl /usr/local/csf/bin/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK
RESULT: csf should function on this server
Step 9: Stop the firewalld by using the below command
[root@localhost csf]# systemctl stop firewalld
Step 10: Disable the firewalld by using the below command
[root@localhost csf]# systemctl disable firewalld
Unit /etc/systemd/system/firewalld.service is masked, ignoring
Step 11: Edit the CSF configuration file and change TESTING=1 to TESTING=0 by using the below command
[root@localhost csf]#vim /etc/csf/csf.conf
###############################################################################
#SECTION:Initial Settings
###############################################################################
#Testing flag - enables a CRON job that clears iptables incase of
#configuration problems when you start csf. This should be enabled until you
#are sure that the firewall works - i.e. incase you get locked out of your
#server! Then do remember to set it to 0 and restart csf when you're sure
#everything is OK. Stopping csf will remove the line from /etc/crontab
#lfd will not start while this is enabled
TESTING = "0"
#The interval for the crontab in minutes. Since this uses the system clock the
#CRON job will run at the interval past the hour and not from when you issue
#the start command. Therefore an interval of 5 minutes means the firewall
#will be cleared in 0-5 minutes from the firewall start
TESTING_INTERVAL = "5"
Step 12: Restart the lFD and CSF services by using the below command
[root@localhost csf]# systemctl restart lfd csf
Step 13: Enable the services by using the below command
[root@localhost csf]# systemctl enable csf lfd
Step 14: Check the services status by using the below command
[root@localhost csf]# systemctl is-active csf lfd
Step 15: Check the CSF version by using the below command
[root@localhost csf]# csf -v
csf: v14.15 (generic)
Step 16: List the CSF rules by using the below command
[root@localhost csf]# csf -l
iptables filter table
=====================
Chain INPUT (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT tcp -- !lo * 8.8.8.8 0.0.0.0/0 tcp dpt:53
2 0 0 ACCEPT udp -- !lo * 8.8.8.8 0.0.0.0/0 udp dpt:53
3 0 0 ACCEPT tcp -- !lo * 8.8.8.8 0.0.0.0/0 tcp spt:53
4 0 0 ACCEPT udp -- !lo * 8.8.8.8 0.0.0.0/0 udp spt:53
5 143 36414 LOCALINPUT all -- !lo * 0.0.0.0/0 0.0.0.0/0
6 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
7 0 0 INVALID tcp -- !lo * 0.0.0.0/0 0.0.0.0/0
8 0 0 ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmptype 8 limit: avg 1/sec burst 5
9 0 0 LOGDROPIN icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmptype 8
10 2 72 ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0
11 0 0 ACCEPT all -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
12 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:20
13 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:21
14 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:22
15 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:25
16 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:53
Conclusion:
We have reached the end of this article. In this guide, we have walked you through the steps required to install and configure CSF on Oracle Linux. Your feedback is much welcome.
Comments ( 0 )
No comments available