ConfigServer Firewall, or CSF, is a security tool that can help protect your server against attacks and improve server safety. It is a Stateful Packet Inspection (SPI) firewall, login/intrusion detection and security application. It is designed for Linux servers and is free to use.
How to install and configure ConfigServer Firewall
ConfigServer Firewall will work as a WHM plugin. Here are the instructions to easily complete a basic ConfigServer Firewall installation and configure it to your requirements. Begin by logging into your server as root via SSH.
- Install CSF by entering the following:
tar -xzf csf.tgz
- To configure CSF, login to your server as root via WHM, and select “ConfigServer Security Firewall” in the Plugins section.
- Click on “Firewall Configuration” in the “csf – ConfigServer Firewall” section.
- Add or configure specific ports in the “IPv4 Port Settings” and/or “IPv6 Port Settings”.
- Enable syslog monitoring by setting “SYSLOG_CHECK” to 1800.
- Enable suspicious process detection by setting “PT_DELETED” and “PT_ALL_USERS” to 1.
- Enable optional spam protection and massive email activity detection in the SMTP Settings. Set “SMTP_BLOCK” to 1, set “LF_SCRIPT_LIMIT” to 250 to identify scripts sending out 250 emails messages in an hour, and set “LF_SCRIPT_ALERT” to 1 to send an email alert to the system administrator when the limit configured above is reached.
- Save the configuration by clicking “Change” at the end of the page.
- Restart the csf/lfd service.
- Return to the ConfigServer Security Firewall main page and check the top of the page. You should see “Firewall Status: Enabled but in Test Mode”. Confirm the configuration and remove the test mode. (If you see “Firewall Status: Disabled and Stopped”, click on Enable and proceed.)
Enhance your server security with ConfigServer Firewall
Make sure to remove the test mode from your ConfigServer Firewall main page when you are satisfied with the configuration and have confirmed that it is working correctly. You can monitor the firewall activity by clicking on the “Watch System Logs” button located on the main page. You can also read the log file /var/log/lfd.log if you access it via SSH. For assistance installing and configuring ConfigServer Firewall and security, contact HostAfrica today.