ConfigServer firewall is a popular linux firewall security suite. It is easy to install, flexible to configure and secure with extra checks. CSF helps to control exactly what traffic is allowed in and out of the server and protect the server from malicious attack.
The CSF installation includes control panel user interface available via WHM and login failure daemon process (lfd) that runs periodically to scan the latest log file entries for login attempts that continually fail within a short period of time. Such attempts are often called “Brute-force attacks” and the daemon process responds very quickly to such patterns and blocks offending IPs quickly.
Download into your SSH and install
ConfigServer Firewall CSF installation
-
wget http://configserver.com/free/csf.tgz
-
tar xfz csf.tgz
-
cd csf
-
sh install.sh
By default, CSF gets started as “Testing” mode, which means that firewall rules are not fully in effect. To disable this “Testing” mode
vi /etc/csf/csf.conf
change
TESTING = “1″
to
TESTING = “0″
save and exit.
restart CSF firewall
csf -r
Goto WHM->Plugins->ConfigServer Firewall
Once your login WHM check CSF configuration.
Customize firewall rules, modify a CSF configuration via command line.
vi /etc/csf/csf.conf
# Change to 0 to disable TESTING mode TESTING = "0" . . . # Allow incoming TCP ports TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"
# Allow outgoing TCP ports TCP_OUT = "20,21,22,25,53,80,110,113,443"
# Allow incoming UDP ports UDP_IN = "20,21,53"
# Allow outgoing UDP ports UDP_OUT = "20,21,53,113,123" . . .
After modifying /etc/csf/csf.conf, make sure to restart CSF.
If you want to uninstall CSF at any point, simply run the following.
#/etc/csf/uninstall.sh
