How to install CSF on Ubuntu 22.04
- 00:31 lsb_release -a
- 00:48 apt remove ufw
- 01:20 apt install perl zip unzip libwww-perl liblwp-protocol-https-perl
- 01:30 cd /usr/src/
- 01:44 wget https://download.configserver.com/csf.tgz
- 01:54 tar -xvf csf.tgz
- 02:15 sh install.sh
- 02:25 cd csf
- 02:31 perl /usr/local/csf/bin/csftest.pl
- 02:58 csf -v
- 03:03 vim /etc/csf/csf.conf
- 03:33 csf -r
- 03:35 systemctl start csf lfd
- 04:05 systemctl enable csf lfd
- 04:15 systemctl status csf lfd
7564
To Install CSF On Ubuntu 22.04
Introduction
ConfigServer Firewall (CSF) is a firewall application suite for Linux servers that helps manage and control network traffic, block suspicious IP addresses, and receive real-time alerts about potential threats.
Procedure
Step 1: Check the OS version by using the below command
root@linuxhelp:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.2 LTS
Release: 22.04
Codename: jammy
Step 2 : Remove the Ubuntu default firewall by using the below command
root@linuxhelp:~# apt remove ufw
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages were automatically installed and are no longer required:
libflashrom1 libftdi1-2 libllvm13
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
ufw
0 upgraded, 0 newly installed, 1 to remove and 13 not upgraded.
After this operation, 850 kB disk space will be freed.
Do you want to continue? [Y/n] y
(Reading database ... 202562 files and directories currently installed.)
Removing ufw (0.36.1-4build1) ...
Skip stopping firewall: ufw (not enabled)
Processing triggers for man-db (2.10.2-1) ...
Step 3: Install the CSF dependencies by using the below command
root@linuxhelp:~# apt install perl zip unzip libwww-perl liblwp-protocol-https-perl
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
liblwp-protocol-https-perl is already the newest version (6.10-1).
liblwp-protocol-https-perl set to manually installed.
libwww-perl is already the newest version (6.61-1).
libwww-perl set to manually installed.
zip is already the newest version (3.0-12build2).
zip set to manually installed.
perl is already the newest version (5.34.0-3ubuntu1.1).
perl set to manually installed.
unzip is already the newest version (6.0-26ubuntu3.1).
unzip set to manually installed.
The following packages were automatically installed and are no longer required:
libflashrom1 libftdi1-2 libllvm13
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 13 not upgraded.
Step 4 : Move to the following directory by using the below command
root@linuxhelp:~# cd /usr/src/
step 5 : Download the CSF distribution by using wget command
root@linuxhelp:/usr/src# wget https://download.configserver.com/csf.tgz
--2023-06-23 08:05:33-- https://download.configserver.com/csf.tgz
Resolving download.configserver.com (download.configserver.com)... 94.130.90.175
Connecting to download.configserver.com (download.configserver.com)|94.130.90.175|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2288477 (2.2M) [application/x-gzip]
Saving to: ‘csf.tgz’
csf.tgz 100%[===========================================>] 2.18M 1.91MB/s in 1.1s
2023-06-23 08:05:35 (1.91 MB/s) - ‘csf.tgz’ saved [2288477/2288477]
Step 6 : Extract the downloaded file by using tar command
root@linuxhelp:/usr/src# tar -xvf csf.tgz
csf/
csf/csf.uidignore
csf/csf.vesta.conf
csf/csf.vesta.ignore
csf/csfajaxtail.js
csf/csftest.pl
csf/csget.pl
csf/exploitalert.txt
csf/filealert.txt
csf/install.cpanel.sh
csf/watchalert.txt
csf/webminalert.txt
csf/x-arf.txt
Step 7 : Move to the CSF directory by using the below command
root@linuxhelp:/usr/src# cd csf
Step 8 : Install CSF by running the following script
root@linuxhelp:/usr/src/csf# sh install.sh
Selecting installer...
Running csf generic installer
Installing generic csf and lfd
Check we're running as root
mkdir: created directory '/etc/csf'
'install.txt' -> '/etc/csf/install.txt'
Checking Perl modules...
Configuration modified for Debian/Ubuntu/Gentoo settings /etc/csf/csf.conf
Configuration modified for Debian/Ubuntu/Gentoo to use legacy iptables/ip6tables
...Perl modules OK
mkdir: cannot create directory ‘/etc/csf’: File exists
mkdir: created directory '/var/lib/csf'
mkdir: created directory '/var/lib/csf/backup'
mkdir: created directory '/var/lib/csf/Geo'
mkdir: created directory '/var/lib/csf/ui'
Don't forget to:
1. Configure the following options in the csf configuration to suite your server: TCP_*, UDP_*
2. Restart csf and lfd
3. Set TESTING to 0 once you're happy with the firewall, lfd will not run until you do so
'lfd.service' -> '/usr/lib/systemd/system/lfd.service'
'csf.service' -> '/usr/lib/systemd/system/csf.service'
Created symlink /etc/systemd/system/multi-user.target.wants/csf.service → /lib/systemd/system/csf.service.
Created symlink /etc/systemd/system/multi-user.target.wants/lfd.service → /lib/systemd/system/lfd.service.
Failed to disable unit: Unit file firewalld.service does not exist.
Failed to stop firewalld.service: Unit firewalld.service not loaded.
Unit firewalld.service does not exist, proceeding anyway.
Created symlink /etc/systemd/system/firewalld.service → /dev/null.
'/etc/csf/csfwebmin.tgz' -> '/usr/local/csf/csfwebmin.tgz'
Installation Completed
Step 9 : Check the required iptables modules by using the below command
root@linuxhelp:/usr/src/csf# perl /usr/local/csf/bin/csftest.pl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK
RESULT: csf should function on this server
Step 10 : Check the status of the csf by using the below command
root@linuxhelp:/usr/src/csf# csf -v
csf: v14.18 (generic)
*WARNING* TESTING mode is enabled - do not forget to disable it in the configuration
Step 11 : Disable the testing mode in the CSF configuration file by using the below command
root@linuxhelp:/usr/src/csf# vim /etc/csf/csf.conf
# lfd will not start while this is enabled
TESTING = "0"
Step 12 : Reload CSF by using the below command
root@linuxhelp:/usr/src/csf# csf -r
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Flushing chain `PREROUTING'
Flushing chain `OUTPUT'
Flushing chain `PREROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `POSTROUTING'
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
Flushing chain `PREROUTING'
Flushing chain `INPUT'
*WARNING* RESTRICT_SYSLOG is disabled. See SECURITY WARNING in /etc/csf/csf.conf.
Step 13 : Start the csf and lfd by using sytemctl command
root@linuxhelp:/usr/src/csf# systemctl start csf lfd
Step 14 : Enable the csf and lfd by using sytemctl command
root@linuxhelp:/usr/src/csf# systemctl enable csf lfd
Step 15 : Check the status of the csf and lfd by using the below command
root@linuxhelp:/usr/src/csf# systemctl status csf lfd
● csf.service - ConfigServer Firewall & Security - csf
Loaded: loaded (/lib/systemd/system/csf.service; enabled; vendor preset: enabled)
Active: active (exited) since Fri 2023-06-23 08:08:44 IST; 18s ago
Main PID: 16815 (code=exited, status=0/SUCCESS)
CPU: 3.284s
Jun 23 08:08:44 linuxhelp csf[16815]: ACCEPT all opt in * out lo ::/0 -> ::/0
Jun 23 08:08:44 linuxhelp csf[16815]: LOGDROPOUT all opt in * out !lo ::/0 -> ::/0
Jun 23 08:08:44 linuxhelp csf[16815]: LOGDROPIN all opt in !lo out * ::/0 -> ::/0
Jun 23 08:08:44 linuxhelp csf[16815]: csf: FASTSTART loading DNS (IPv4)
Jun 23 08:08:44 linuxhelp csf[16815]: csf: FASTSTART loading DNS (IPv6)
Jun 23 08:08:44 linuxhelp csf[16815]: LOCALOUTPUT all opt -- in * out !lo 0.0.0.0/0 -> 0.0.0.0/0
Jun 23 08:08:44 linuxhelp csf[16815]: LOCALINPUT all opt -- in !lo out * 0.0.0.0/0 -> 0.0.0.0/0
Jun 23 08:08:44 linuxhelp csf[16815]: LOCALOUTPUT all opt in * out !lo ::/0 -> ::/0
Jun 23 08:08:44 linuxhelp csf[16815]: LOCALINPUT all opt in !lo out * ::/0 -> ::/0
Jun 23 08:08:44 linuxhelp systemd[1]: Finished ConfigServer Firewall & Security - csf.
● lfd.service - ConfigServer Firewall & Security - lfd
Loaded: loaded (/lib/systemd/system/lfd.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2023-06-23 08:08:45 IST; 17s ago
Main PID: 16993 (lfd - sleeping)
Tasks: 1 (limit: 4573)
Memory: 223.6M
CPU: 6.585s
CGroup: /system.slice/lfd.service
└─16993 "lfd - sleeping"
Jun 23 08:08:44 linuxhelp systemd[1]: Starting ConfigServer Firewall & Security - lfd...
Jun 23 08:08:45 linuxhelp systemd[1]: Started ConfigServer Firewall & Security - lfd.
Conclusion:
By this how to install CSF in Ubuntu 22.4 has come to an end.
Comments ( 0 )
No comments available