• Categories
    Category
  • Categories
    Category
  • News
  • Tutorials
  • Forums
  • Tags
  • Users
Tutorial Comments FAQ Related Articles

How to install CSF on RedHat 8.5

  • 00:10 cat /etc/os-release
  • 00:31 yum install perl-libwww-perl.noarch perl-Time-HiRes
  • 00:49 wget https://download.configserver.com/csf.tgz
  • 01:04 tar -xvf csf.tgz
  • 01:18 cd csf/
  • 01:31 sh install.sh
  • 02:02 systemctl Disable firewalld
  • 02:17 systemctl stop firewalld
  • 02:31 cd /usr/local/csf/bin
  • 02:43 perl csftest.pl
  • 03:06 vim /etc/csf/csf.conf
  • 03:44 systemctl enable csf lfd
  • 03:56 systemctl start csf lfd
  • 04:12 csf -s
  • 04:28 csf -a 192.168.6.110
  • 04:44 vim /etc/csf/csf.allow
  • 05:06 csf -ar 192.168.6.110
  • 05:38 csf -d 192.168.6.120
  • 05:49 vim /etc/csf/csf.deny
  • 06:15 csf -dr 192.168.6.120
  • 06:47 csf -r
7005

To Install And Configure CSF On RedHat 8.5

Introduction:

CSF Stands for ConfigServer Firewall. CSF is a firewall software designed to keep your server safe. It features an advanced web-based interface to manage firewall settings.CSF includes other security features, including login/intrusion/flood detections.

Installation Procedure:

Step 1: Check the installed version of OS by using the below command

[root@linuxhelp Downloads]# cat /etc/os-release 
NAME="Red Hat Enterprise Linux"
VERSION="8.5 (Ootpa)"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8"
REDHAT_BUGZILLA_PRODUCT_VERSION=8.5
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.5"

Step 2: Now install the CSF Dependency by using the below command

[root@linuxhelp Downloads]# yum install perl-libwww-perl.noarch perl-Time-HiRes
Updating Subscription Management repositories.
Unable to read consumer identity
Last metadata expiration check: 1:08:51 ago on Fri 08 Apr 2022 04:05:31 PM IST.
Dependencies resolved.

Is this ok [y/N]: y
Downloading Packages:
(1/23): perl-Data-Dump-1.23-7.module+el8.3.0+6498+9eecfe51.noarch.rpm                                        
(4/23): perl-Encode-Locale-1.05-10.module+el8.3.0+6498+9eecfe51.noarch.rpm                                  7.2 MB/s |  22 kB     00:00    Complete!

Step 3 Download the CSF package by using the below command

 [root@linuxhelp Downloads]# wget https://download.configserver.com/csf.tgz
--2022-04-08 17:16:40--  https://download.configserver.com/csf.tgz
Resolving download.configserver.com (download.configserver.com)... 94.130.90.175
Connecting to download.configserver.com (download.configserver.com)|94.130.90.175|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2283608 (2.2M) [application/x-gzip]
Saving to: ‘csf.tgz’

csf.tgz                            100%[================================================================>]   2.18M  1.26MB/s    in 1.7s    

2022-04-08 17:16:42 (1.26 MB/s) - ‘csf.tgz’ saved [2283608/2283608]

Step 4: List the download package by using the below command

[root@linuxhelp Downloads]# ls -la 
total 2236
drwxr-xr-x.  2 root root      21 Apr  8 17:16 .
dr-xr-x---. 15 root root    4096 Apr  8 16:28 ..
-rw-r--r--.  1 root root 2283608 Mar  3 16:33 csf.tgz

Step 5: Extract the download Package by using the below command

[root@linuxhelp Downloads]# tar -xvf csf.tgz
csf/
csf/ConfigServer/
csf/ConfigServer/AbuseIP.pm
csf/ConfigServer/CheckIP.pm
csf/ConfigServer/CloudFlare.pm
csf/version.txt
csf/watchalert.txt
csf/webminalert.txt
csf/x-arf.txt

Step 6: List the extract directory by using the below command

[root@linuxhelp Downloads]# ls -la
drwxr-xr-x.  3 root root      32 Apr  8 17:22 .
dr-xr-x---. 15 root root    4096 Apr  8 16:28 ..
drwxr-xr-x. 20 root root    8192 Mar  3 16:33 csf
-rw-r--r--.  1 root root 2283608 Mar  3 16:33 csf.tgz

Step 7: Change the directory CSF by using the below command

[root@linuxhelp Downloads]# cd csf/

Step 8: Now install the CSF using shell script by using the below command

[root@linuxhelp csf]# sh install.sh 

mkdir: cannot create directory ‘/usr/local/csf/bin’: File exists
mkdir: cannot create directory ‘/usr/local/csf/lib’: File exists
'/etc/csf/webmin' -> '/usr/local/csf/lib/webmin'
mkdir: cannot create directory ‘webmin/csf/images’: File exists
mkdir: cannot create directory ‘ui/images’: File exists
mkdir: cannot create directory ‘da/images’: File exists
mkdir: cannot create directory ‘interworx/images’: File exists
'csf/admin_icon.svg' -> 'webmin/csf/images/admin_icon.svg'
'csf/bootstrap/fonts/glyphicons-halflings-regular.eot' -> 'webmin/csf/
Installation Completed

Step 9: Disable the firewalld Services by using the below command

[root@linuxhelp csf]# systemctl Disable firewalld

Step 10: Stop the Firewalld Services by using the below command

[root@linuxhelp csf]# systemctl stop firewalld

Step 11: Change the Following directory by using the below command

[root@linuxhelp csf]# cd /usr/local/csf/bin  

Step 12: Run the command to check CSF working or not by using the below command

[root@linuxhelp bin]# perl csftest.pl  
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK
RESULT: csf should function on this server

Step 13: change Testing “1” to Testing “0” by using the below command

[root@linuxhelp bin]# vim /etc/csf/csf.conf
###############################################################################
#SECTION:Initial Settings
###############################################################################
#Testing flag - enables a CRON job that clears iptables incase of
#configuration problems when you start csf. This should be enabled until you
#lfd will not start while this is enabled
TESTING = "0"
#will be cleared in 0-5 minutes from the firewall start

Step 14: Enable the both CSF and IFD Services by using the below command

[root@linuxhelp bin]# systemctl enable csf lfd 

Step 15: Start the both CSF and IFD Services by using the below command

root@linuxhelp bin]# systemctl start csf lfd 

Step 16: Start the CSF by using the below command

[root@linuxhelp bin]# csf -s 
Flushing chain `INPUT'
Flushing chain `ALLOWOUT'
Flushing chain `LOCALINPUT'
Flushing chain `ALLOWOUT'
csf: FASTSTART loading DROP no logging (IPv4)
csf: FASTSTART loading DROP no logging (IPv6)
ALLOWIN  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
*WARNING* RESTRICT_SYSLOG is disabled. See SECURITY WARNING in /etc/csf/csf.conf.

Step 17: Allow the IP using CSF by using the below command

[root@linuxhelp bin]# csf -a 192.168.6.110
Adding 192.168.6.110 to csf.allow and iptables ACCEPT...
ACCEPT  all opt -- in !lo out *  192.168.6.110  -> 0.0.0.0/0  
ACCEPT  all opt -- in * out !lo  0.0.0.0/0  -> 192.168.6.110  
EPT  all opt -- in * out !lo  0.0.0.0/0  -> 192.168.6.110  

Step 18: Check the allowed IP list by using the below command

[root@linuxhelp bin]# vim /etc/csf/csf.allow
Advanced port+ip filtering allowed with the following format
#tcp/udp|in/out|s/d=port|s/d=ip
#Note: IP addressess listed in this file will NOT be ignored by lfd, so they
#can still be blocked. If you do not want lfd to block an IP address you must
#add it to csf.ignore
192.168.6.110 # Manually allowed: 192.168.6.110 (-) - Fri Apr  8 17:41:31 2022

Step 19: Remove the allowed from CSF by using the below command

[root@linuxhelp bin]# csf -ar 192.168.6.110
Removing rule...
ACCEPT  all opt -- in !lo out *  192.168.6.110  -> 0.0.0.0/0  
ACCEPT  all opt -- in * out !lo  0.0.0.0/0  -> 192.168.6.110  
192.168.6.110 # Manually allowed: 192.168.6.110 (-) - Fri Apr  8 17:38:22 2022

Step 20: Deny the IP using CSF by using the below command

[root@linuxhelp bin]# csf -d 192.168.6.120
Adding 192.168.6.120 to csf.deny and iptables DROP...
DROP  all opt -- in !lo out *  192.168.6.120  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> 192.168.6.120

Step 21: Check the deny IP list by using the below command

[root@linuxhelp bin]# vim /etc/csf/csf.deny

###############################################################################
#The following IP addresses will be blocked in iptables# CIDR addressing allowed with a quaded IP (e.g. 192.168.254.0/24)
#Only list IP addresses, not domain names (they will be ignored)
#Note: If you add the text "do not delete" to the comments of an entry then
#See readme.txt for more information regarding advanced port filtering
192.168.6.120 # Manually denied: 192.168.6.120 (-) - Sat Apr  9 09:17:01 2022

Step 22: Remove the deny IP using CSF by using the below command

[root@linuxhelp bin]# csf -dr 192.168.6.120
Removing rule...
DROP  all opt -- in !lo out *  192.168.6.120  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> 192.168.6.120 

Step 23: Restart the CSF by using the below command

[root@linuxhelp bin]# csf -r 
Flushing chain `INPUT'
Flushing chain `OUTPUT'
csf: FASTSTART loading DROP no logging (IPv4)
csf: FASTSTART loading DROP no logging (IPv6)
LOCALINPUT  all opt -- in !lo out *  0.0.0.0/0  -> 0.0.0.0/0  
*WARNING* Binary location for [SENDMAIL] [/usr/sbin/sendmail] in /etc/csf/csf.conf is either incorrect, is not installed or is not executable
*WARNING* Missing or incorrect binary locations will break csf and lfd functionality
*WARNING* RESTRICT_SYSLOG is disabled. See SECURITY WARNING in /etc/csf/csf.conf.

We have reached the end of this article. In this guide, we have walked you through the Installation and Configuration of CSF on RedHat 8.5 . Your feedback is much welcome

Tags:
michael
Author: 

Comments ( 0 )

No comments available

Add a comment

Frequently asked questions ( 5 )

Q

How should start CSF Services?

A

By using the systemctl enable csf command

Q

What are iptables rules?

A

iptables is a command-line interface used to set up and maintain tables for the Netfilter firewall for IPv4

Q

Where Firewalld services are stored?

A

It is stored in various XML files in /usr/lib/firewalld/ and /etc/firewalld

Q

How do you install the CSF package?

A

To install the CSF package to execute the following command
# sh install.sh

Q

How do you restart the CSF?

A

Restart the CSF by csf -r

Related Tutorials in How to install CSF on RedHat 8.5

Related Tutorials in How to install CSF on RedHat 8.5

How to enable repositories on RHEL7.6 without Red Hat-Subscription
How to enable repositories on RHEL7.6 without Red Hat-Subscription
Sep 5, 2020
How to check the lsb_release of your redhat based Linux distros
How to check the lsb_release of your redhat based Linux distros
Jun 8, 2018
How to Install IPFire in Linux
How to Install IPFire in Linux
May 31, 2016
How to install ipcop
How to install ipcop
Jul 25, 2016
How to Configure Static NAT on Fortigate firewall
How to Configure Static NAT on Fortigate firewall
Feb 4, 2021
How To Install FireStarter in Debian
How To Install FireStarter in Debian
May 21, 2016
How to Install Docker-CE on RHEL-7.6
How to Install Docker-CE on RHEL-7.6
Sep 11, 2020
Steps to do after minimal installation of RHEL/CentOS
Steps to do after minimal installation of RHEL/CentOS
May 5, 2016

Related Forums in How to install CSF on RedHat 8.5

Related Forums in How to install CSF on RedHat 8.5

redhat
ethan class=
How to fix "container-selinux >= 2:2.74" issue while Installing Docker-CE on RHEL7.6
Aug 25, 2020
Firewall
kishore class=
How to check log for CSF firewall
Jan 2, 2018
Linux
AadrikaAnshu class=
How to add timestamps to history On Any Linux Machine
Jun 18, 2019
Zentyal
ganeshkonka class=
Zentya 6.1 http proxy configuration
Jan 31, 2020
Firewall
wilson class=
How to block IP in firewalld command
Sep 23, 2017
redhat
BlackRishi class=
RHVM_installation issuses
Jul 31, 2019
redhat
atly class=
How to install qcow2 images on a virtual machine on rhev 7.5
Jan 2, 2019
CSF (ConfigServer Security & Firewall)
matthew class=
How to allow all google IP in CSF
Apr 20, 2017

Related News in How to install CSF on RedHat 8.5

Related News in How to install CSF on RedHat 8.5

Red Hat Enterprise Linux 6.9 Hits Beta
Red Hat Enterprise Linux 6.9 Hits Beta
Jan 6, 2017
Red Hat initiates new pilot program to ease into Digital Transformation
Red Hat initiates new pilot program to ease into Digital Transformation
Mar 30, 2017
Red Hat Preconized Red Hat Openstack Platform 11
Red Hat Preconized Red Hat Openstack Platform 11
May 10, 2017
IBM TO ACQUIRE RED HAT
IBM TO ACQUIRE RED HAT
Nov 15, 2018
Red Hat Enterprise Linux 7.7 beta rolled out
Red Hat Enterprise Linux 7.7 beta rolled out
Jun 7, 2019
Oracle Vulnerability Exploited in the Wild
Oracle Vulnerability Exploited in the Wild
Jun 25, 2019
Red Hat propels Linux towards the “Four Footprints of Technology”
Red Hat propels Linux towards the “Four Footprints of Technology”
Aug 4, 2017
Red Hat allows Microsoft’s .NET Core 2.0 to Linux and associated Cloud
Red Hat allows Microsoft’s .NET Core 2.0 to Linux and associated Cloud
Aug 23, 2017
Back To Top!
Rank
User
Points

Top Contributers

userNamenaveelansari
135850

Top Contributers

userNameayanbhatti
92510

Top Contributers

userNamehamzaahmed
32150

Top Contributers

1
userNamelinuxhelp
31040

Top Contributers

userNamemuhammadali
24500
Can you help David Lopez Guillen ?
Ayuda urgente instale SSL para servidor Opensuse y ahora no funciona tengo servicio web

hola segui este tutorial para tener un certificado ssl y ahora no se ve mi app en la red, espero alguien pueda ayudarme, tengo M9oodle en3.5 en un servidor open suse y ahora no funciona por favor ayuda.

https://www.linuxhelp.com/how-to-create-ssl-certificate-in-opensuse

Networking
  • Routing
  • trunk
  • Netmask
  • Packet Capture
  • domain
  • HTTP Proxy
Server Setup
  • NFS
  • KVM
  • Memory
  • Sendmail
  • WebDAV
  • LXC
Shell Commands
  • Cloud commander
  • Command line archive tools
  • last command
  • Shell
  • terminal
  • Throttle
Desktop Application
  • Linux app
  • Pithos
  • Retrospect
  • Scribe
  • TortoiseHg
  • 4Images
Monitoring Tool
  • Monit
  • Apache Server Monitoring
  • EtherApe 
  • Arpwatch Tool
  • Auditd
  • Barman
Web Application
  • Nutch
  • Amazon VPC
  • FarmWarDeployer
  • Rukovoditel
  • Mirror site
  • Chef
Contact Us | Terms of Use| Privacy Policy| Disclaimer
© 2025 LinuxHelp.com All rights reserved. Linux™ is the registered trademark of Linus Torvalds. This site is not affiliated with linus torvalds in any way.