In this tutorial we will install Configserver Security & Firewall (CSF) and Login Failure Deamon (LFD) on our CentOS machine.
What is CSF and LFD?
A Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers.https://www.configserver.com/cp/csf.html
In short, It’s a very simple to use, but highly advanced firewall.
CSF has an extensive command line utility as well as a GUI if one prefers.
CSF is combined with LFD which will work to record and block failed login attempts on the services running.
This really is a must have if you are running anything that is internet facing!
CSF is built using perl so we need to make sure we have that installed, and IPSet is needed for some functionality in CSF IP blocking.
yum install -y perl-libwww-perl ipset
Download from official website
cd /usr/src/ && wget https://download.configserver.com/csf.tgz
Unpack and install
tar -xzf csf.tgz && cd csf && sh install.sh
Test if everything is working
You should now see this result:
Stopping and disabling the built-in firewall if present.
systemctl stop firewalld && systemctl disable firewalld
This is done though several configuration files in /etc/csf
# Main configuration file nano /etc/csf/csf.conf # This files contains whitelisted IP's nano /etc/csf/csf.ignore # This file contains whitelisted processes nano /etc/csf/csf.pignore # This file contains blacklisted IPs nano /etc/csf.deny
We need some basic steps configured in csf.conf before we can start the service.
# By default testing mode resets CSF every 5 minutes. # Turn this off here when ready to permanently activate it. Testing="0" # Enable LFD to prevent login attacks LF_DAEMON = "1" # Configure ports that should be open # Please make sure your SSH port is listed as to not be locked out! TCP_IN = "make sure it contains your SSH port!" TCP_out = "make sure it contains your SSH port!"
CSF is now protecting your server!