In this tutorial we will install Configserver Security & Firewall (CSF) and Login Failure Deamon (LFD) on our CentOS machine.

What is CSF and LFD?

A Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers.

In short, It’s a very simple to use, but highly advanced firewall.
CSF has an extensive command line utility as well as a GUI if one prefers.
CSF is combined with LFD which will work to record and block failed login attempts on the services running.

This really is a must have if you are running anything that is internet facing!

Installing prerequisites

CSF is built using perl so we need to make sure we have that installed, and IPSet is needed for some functionality in CSF IP blocking.

yum install -y perl-libwww-perl ipset

Download from official website

cd /usr/src/ && wget

Unpack and install

tar -xzf csf.tgz && cd csf && sh

Test if everything is working

perl /usr/local/csf/bin/

You should now see this result:

Stopping and disabling the built-in firewall if present.

systemctl stop firewalld && systemctl disable firewalld

Configuring CSF

This is done though several configuration files in /etc/csf

# Main configuration file
nano /etc/csf/csf.conf

# This files contains whitelisted IP's
nano /etc/csf/csf.ignore

# This file contains whitelisted processes
nano /etc/csf/csf.pignore

# This file contains blacklisted IPs
nano /etc/csf.deny

We need some basic steps configured in csf.conf before we can start the service.

# By default testing mode resets CSF every 5 minutes.
# Turn this off here when ready to permanently activate it.

# Enable LFD to prevent login attacks

# Configure ports that should be open
# Please make sure your SSH port is listed as to not be locked out!
TCP_IN = "make sure it contains your SSH port!"
TCP_out = "make sure it contains your SSH port!"

CSF is now protecting your server!
Enjoy 😊

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.