• Categories
    Category
  • Categories
    Category
  • News
  • Tutorials
  • Forums
  • Tags
  • Users
Tutorial Comments FAQ Related Articles

How to Install and Configure the CSF on Linux Mint 20

  • 00:36 lsb_release -a
  • 00:50 cd /usr/src
  • 01:00 wget https://download.configserver.com/csf.tgz
  • 01:09 tar -zxvf csf.tgz
  • 01:30 sh install.sh
  • 02:05 vim /etc/csf/csf.conf
  • 02:58 vim /etc/csf/csf.conf
  • 03:49 systemctl status csf lfd
  • 04:01 csf -s
  • 04:12 csf -r
  • 04:46 csf -ar 192.168.7.237
  • 05:01 vim /etc/csf/csf.allow
  • 05:16 csf -d 192.168.7.105
  • 05:42 csf -dr 192.168.7.105
  • 06:10 csf -x
  • 06:18 csf -e
  • 06:26 csf -f
  • 06:39 csf -l
6608

To Install & Configure the CSF on Linux Mint 20

Introduction:

Config Server Firewall or CSF is an open-source high-level firewall for most Linux distributions and Linux-based VPS. In addition to the basic functionality of a firewall, filtering packets, CSF combines other security features including login/intrusion/flood detections. This tutorial will cover the installation of CSF on Linux Mint 20.

Installation Procedure:

root@LinuxHelp:~# lsb_release -a
No LSB modules are available.
Distributor ID:	Linuxmint
Description:	Linux Mint 20
Release:	20
Codename:	ulyana

First of all enter in to src directory for install the CSF

root@LinuxHelp:~# cd /usr/src

Download the CSF package

root@LinuxHelp:/usr/src# wget https://download.configserver.com/csf.tgz
--2021-01-02 12:07:08--  https://download.configserver.com/csf.tgz
Resolving download.configserver.com (download.configserver.com)... 94.130.90.175
Connecting to download.configserver.com (download.configserver.com)|94.130.90.175|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2295164 (2.2M) [application/x-gzip]
Saving to: ‘csf.tgz’

csf.tgz                       100%[=================================================>]   2.19M   910KB/s    in 2.5s    

2021-01-02 12:07:11 (910 KB/s) - ‘csf.tgz’ saved [2295164/2295164]

Now extract the package

root@LinuxHelp:/usr/src# tar -zxvf csf.tgz 
csf/
csf/restricted.txt
csf/litespeed.https.txt
csf/csf.c
csf/csfajaxtail.js
.
.
.
csf/csf.generic.pignore
csf/install.cyberpanel.sh
csf/csf.vesta.conf
csf/csf.directadmin.pignore
csf/install.interworx.sh
csf/lfd.pl

once the extract is completed the enter into the CSF directory

root@LinuxHelp:/usr/src# cd csf

now install the CSF by using the following command

root@LinuxHelp:/usr/src/csf# sh install.sh
Selecting installer...
Running csf generic installer
Installing generic csf and lfd
Check we're running as root
.
.
Created symlink /etc/systemd/system/multi-user.target.wants/lfd.service → /usr/lib/systemd/system/lfd.service.
Failed to disable unit: Unit file firewalld.service does not exist.
Failed to stop firewalld.service: Unit firewalld.service not loaded.
Unit firewalld.service does not exist, proceeding anyway.
Created symlink /etc/systemd/system/firewalld.service → /dev/null.
'/etc/csf/csfwebmin.tgz' -> '/usr/local/csf/csfwebmin.tgz'
Installation Completed

once the installation is completed then confirm the CSF is installed or not

root@LinuxHelp:/usr/src/csf# perl /usr/local/csf/bin/csftest.pl 
Testing ip_tables/iptable_filter...open3: exec of /sbin/iptables -I OUTPUT -p tcp --dport 9999 -j ACCEPT failed: No such file or directory at /usr/local/csf/bin/csftest.pl line 144.

before start the csf now i am configure the csf.conf file

root@LinuxHelp:/usr/src/csf# vim /etc/csf/csf.conf 

snap1

When I am trying to start the csf & lfd service I faced this error

root@LinuxHelp:/usr/src/csf# systemctl start csf lfd
Job for csf.service failed because the control process exited with error code.
See "systemctl status csf.service" and "journalctl -xe" for details.
Job for lfd.service failed because the control process exited with error code.
See "systemctl status lfd.service" and "journalctl -xe" for details.
root@LinuxHelp:/usr/src/csf# journalctl -xe
-- Subject: A start job for unit lfd.service has failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- 
-- A start job for unit lfd.service has finished with a failure.
-- 
-- The job identifier is 2639 and the job result is failed.

The issue is path of the iptable is miss matched I will show you how to fix this issue, for that now I am enter into csf.conf file and configure the iptables details

root@LinuxHelp:/usr/src/csf# vim /etc/csf/csf.conf 

snap2

once the configuration is completed then I start the csf and lfd service

root@LinuxHelp:/usr/src/csf# systemctl start csf lfd

Once the service is started then check the status of the csf and lfd

root@LinuxHelp:/usr/src/csf# systemctl status csf lfd
● csf.service - ConfigServer Firewall & Security - csf
     Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled; vendor preset: enabled)
     Active: active (exited) since Sat 2021-01-02 12:12:42 IST; 27s ago
    Process: 4325 ExecStart=/usr/sbin/csf --initup (code=exited, status=0/SUCCESS)
   Main PID: 4325 (code=exited, status=0/SUCCESS)

● lfd.service - ConfigServer Firewall & Security - lfd
     Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2021-01-02 12:12:59 IST; 11s ago
    Process: 4449 ExecStart=/usr/sbin/lfd (code=exited, status=0/SUCCESS)
   Main PID: 4470 (lfd - sleeping)
.
.
Jan 02 12:12:58 LinuxHelp systemd[1]: Starting ConfigServer Firewall & Security - lfd...

if you want to start the csf service to execute the following command

root@LinuxHelp:/usr/src/csf# csf -s
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `ALLOWIN'
.
.
.
LOCALOUTPUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
LOCALINPUT  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
*WARNING* Binary location for [SENDMAIL] [/usr/sbin/sendmail] in /etc/csf/csf.conf is either incorrect, is not installed or is not executable
*WARNING* Missing or incorrect binary locations will break csf and lfd functionality
*WARNING* RESTRICT_SYSLOG is disabled. See SECURITY WARNING in /etc/csf/csf.conf.

If you want to reload the csf service to execute the following command

root@LinuxHelp:/usr/src/csf# csf -r
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
.
.
.
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
LOGDROPIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
csf: FASTSTART loading DNS (IPv4)
LOCALOUTPUT  all opt -- in * out !lo  0.0.0.0/0  -> 0.0.0.0/0  
LOCALINPUT  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
*WARNING* Binary location for [SENDMAIL] [/usr/sbin/sendmail] in /etc/csf/csf.conf is either incorrect, is not installed or is not executable
*WARNING* Missing or incorrect binary locations will break csf and lfd functionality
*WARNING* RESTRICT_SYSLOG is disabled. See SECURITY WARNING in /etc/csf/csf.conf.

if you want to allow ip to csf to execute the following command

root@LinuxHelp:/usr/src/csf# csf -a 192.168.7.237
Adding 192.168.7.237 to csf.allow and iptables ACCEPT...
ACCEPT  all opt -- in !lo out *  192.168.7.237  -> 0.0.0.0/0  
ACCEPT  all opt -- in * out !lo  0.0.0.0/0  -> 192.168.7.237 

now check the ip is added or not to the following location

root@LinuxHelp:/usr/src/csf# vim /etc/csf/csf.allow 

now remove the ip from the csf

root@LinuxHelp:/usr/src/csf# csf -ar 192.168.7.237
Removing rule...
ACCEPT  all opt -- in !lo out *  192.168.7.237  -> 0.0.0.0/0  
ACCEPT  all opt -- in * out !lo  0.0.0.0/0  -> 192.168.7.237 

now check the ip is removed or not to the following location

root@LinuxHelp:/usr/src/csf# vim /etc/csf/csf.allow 

if you want deny the ip to csf by executing the following command

root@LinuxHelp:/usr/src/csf# csf -d 192.168.7.105
Adding 192.168.7.105 to csf.deny and iptables DROP...
DROP  all opt -- in !lo out *  192.168.7.105  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> 192.168.7.105  

now check the ip is denied or not to the following location

root@LinuxHelp:/usr/src/csf# vim /etc/csf/csf.deny 

now remove the deny ip from the csf

root@LinuxHelp:/usr/src/csf# csf -dr 192.168.7.105
Removing rule...
DROP  all opt -- in !lo out *  192.168.7.105  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> 192.168.7.105  

now check the denied ip is removed or not to the following location

root@LinuxHelp:/usr/src/csf# vim /etc/csf/csf.deny 

if you want to disable the csf service completely

root@LinuxHelp:/usr/src/csf# csf -x
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `ALLOWIN'
Flushing chain `ALLOWOUT'
.
.
.
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
csf and lfd have been disabled

if you want to enable the csf service run the following command

root@LinuxHelp:/usr/src/csf# csf -e
csf: FASTSTART loading DROP no logging (IPv4)
LOG  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *TCP_IN Blocked* "
LOG  tcp opt -- in * out *  0.0.0.0/0  -> 0.0.0.0/0   tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *TCP_OUT Blocked* "
.
.
● lfd.service - ConfigServer Firewall & Security - lfd
     Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2021-01-02 12:18:38 IST; 13ms ago
    Process: 4938 ExecStart=/usr/sbin/lfd (code=exited, status=0/SUCCESS)
   Main PID: 4960 (lfd - starting)
      Tasks: 1 (limit: 4583)
     Memory: 26.4M
     CGroup: /system.slice/lfd.service
             └─4960 lfd - starting

Jan 02 12:18:37 LinuxHelp systemd[1]: Starting ConfigServer Firewall & Security - lfd...
Jan 02 12:18:38 LinuxHelp systemd[1]: Started ConfigServer Firewall & Security - lfd.
csf and lfd have been enabled

if you want flush the csf

root@LinuxHelp:/usr/src/csf# csf -f
Flushing chain `INPUT'
Flushing chain `FORWARD'
.
.
Flushing chain `PREROUTING'
Flushing chain `OUTPUT'
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'

If you want to check the IPv4 iptables configuration run the -l option.

root@LinuxHelp:/usr/src/csf# csf -l
iptables filter table
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination

With this method the installation of CSF is comes to an end.

Tags:
grayson
Author: 

Comments ( 0 )

No comments available

Add a comment

Frequently asked questions ( 5 )

Q

What is CFS(Config Server Firewall)?

A

Config Server Firewall (or CSF) is a free and advanced firewall for most Linux distributions and Linux-based VPS. In addition
to the basic functionality of a firewall – filtering packets – CSF includes other security features, such as login/intrusion/flood detections.

Q

Where do you download the CFS package?

A

The URL is https://download.configserver.com/csf.tgz I download the CSF package to this URL using wget command.

Q

How do you install the CSF package?

A

To install the CSF package to execute the following command
# sh install.sh

Q

From where do I change the ip tables locations?

A

The location is # vim /etc/csf/csf.conf

Q

How do I start, reload, disable and enable the CSF service?

A

If you want to start the CSF service
csf -s

Related Tutorials in How to Install and Configure the CSF on Linux Mint 20

Related Tutorials in How to Install and Configure the CSF on Linux Mint 20

How to install WinRAR 5.11 on Linuxmint 18.03
How to install WinRAR 5.11 on Linuxmint 18.03
May 22, 2018
How to Setup VNC Server on Linux Mint 20
How to Setup VNC Server on Linux Mint 20
Dec 22, 2020
How to install and configure samba setup in Linux mint - 18.3
How to install and configure samba setup in Linux mint - 18.3
Mar 26, 2018
Installation SSL Certificate on Ubuntu/Linuxmint/Debian to Secure Apache
Installation SSL Certificate on Ubuntu/Linuxmint/Debian to Secure Apache
Sep 19, 2018
How to Install and Configure Samba on Linux Mint 20
How to Install and Configure Samba on Linux Mint 20
Nov 9, 2020
How to Install NextCloud on Linux Mint 18.3
How to Install NextCloud on Linux Mint 18.3
Feb 27, 2018
How To Install And Update OpenSSL On Linuxmint 18.3
How To Install And Update OpenSSL On Linuxmint 18.3
Jun 8, 2018
How To Install AnyDesk on Linux Mint 18.3
How To Install AnyDesk on Linux Mint 18.3
Apr 11, 2018

Related Forums in How to Install and Configure the CSF on Linux Mint 20

Related Forums in How to Install and Configure the CSF on Linux Mint 20

Linux
isaac class=
Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/m/mysql-8.0/mysql-client-core-8.0_8.0.21-0ubuntu0.20.04.4_amd64.deb 404 Not Found
Dec 4, 2020
Linux Mint
AlxH class=
Complete beginner, install bluegriffon
Jul 1, 2020
Linux
AadrikaAnshu class=
How to add timestamps to history On Any Linux Machine
Jun 18, 2019
Linux Mint
bz0 class=
How to change a function of a key
Jun 7, 2019
Linux Mint
who class=
How to compare multiple files
Nov 10, 2019
NFS (Network File System)
Mike class=
Linux Mint 18.3 - NFS Shares - Only Root Can Mount Share
Oct 4, 2019
Command Line Tools
wayne class=
Deleting windows files booting from mint(usb)
Sep 16, 2017
CSF (ConfigServer Security & Firewall)
matthew class=
How to allow all google IP in CSF
Apr 20, 2017

Related News in How to Install and Configure the CSF on Linux Mint 20

Related News in How to Install and Configure the CSF on Linux Mint 20

A Newer and a Faster Window Manager for Tina (Linux Mint 19.2)
A Newer and a Faster Window Manager for Tina (Linux Mint 19.2)
Apr 9, 2019
Linux Mint 18.2 Ubuntu based Operating System is named Sonya
Linux Mint 18.2 Ubuntu based Operating System is named Sonya
May 2, 2017
Refreshed Linux Mint Debian Edition (LMDE) 2 'Betsy' ISO images now available
Refreshed Linux Mint Debian Edition (LMDE) 2 'Betsy' ISO images now available
Mar 14, 2017
The Best Linux Operating System is in the house: Mint 18.2
The Best Linux Operating System is in the house: Mint 18.2
Aug 12, 2017
Linux Mint 18.1 released with smooth features and offers long-term support
Linux Mint 18.1 released with smooth features and offers long-term support
Apr 11, 2017
Linux Mint 18.2 Sonya Beta version now available for download
Linux Mint 18.2 Sonya Beta version now available for download
Jun 7, 2017
Back To Top!
Rank
User
Points

Top Contributers

userNamenaveelansari
135850

Top Contributers

userNameayanbhatti
92510

Top Contributers

userNamehamzaahmed
32150

Top Contributers

1
userNamelinuxhelp
31040

Top Contributers

userNamemuhammadali
24500
Can you help Isaiah ?
What is the use of SUID & SGID commands

How to set the special permissions to the files and folders using SUID and SGID commands...

Networking
  • Routing
  • trunk
  • Netmask
  • Packet Capture
  • domain
  • HTTP Proxy
Server Setup
  • NFS
  • KVM
  • Memory
  • Sendmail
  • WebDAV
  • LXC
Shell Commands
  • Cloud commander
  • Command line archive tools
  • last command
  • Shell
  • terminal
  • Throttle
Desktop Application
  • Linux app
  • Pithos
  • Retrospect
  • Scribe
  • TortoiseHg
  • 4Images
Monitoring Tool
  • Monit
  • Apache Server Monitoring
  • EtherApe 
  • Arpwatch Tool
  • Auditd
  • Barman
Web Application
  • Nutch
  • Amazon VPC
  • FarmWarDeployer
  • Rukovoditel
  • Mirror site
  • Chef
Contact Us | Terms of Use| Privacy Policy| Disclaimer
© 2025 LinuxHelp.com All rights reserved. Linux™ is the registered trademark of Linus Torvalds. This site is not affiliated with linus torvalds in any way.