Installation and Configuration of ConfigServer Security & Firewall (CSF) on a VPS/Dedicated Linux Server

Operating system: CentOS 6 or 7
Control Panel: cPanel
Note: All the below commands are to be run via SSH as root.

iptables-save > iptables_backup_$(date +"%d")_$(date +"%m")_$(date +"%y")
iptables -F

 

cd /usr/src
rm -fv csf.tgz
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
csf -r

Null route CSF and LFD notifications

CSF generates a lot of notifications regarding IPs blocked which are sent to the root user by default. You can use the below commands to null route the CSF notifications.

echo 'devnull: /dev/null' >> /etc/aliases
sed 's/To\: root/To\: devnull/g' -i /etc/csf/alerts/*
csf -r

 

Disabling the Testing Mode

The above script ideally initiates CSF in testing mode and this has to be disabled for firewall to work effectively in the production environment. 

Therefore, edit the CSF configuration file /etc/csf/csf.conf to the below parameter: 

TESTING = “0”

Once the configuration file has been edited you may restart CSF by running the below command:

csf -r

Now, the complete working version of CSF plugin would be visible in WHM » Home » Plugins » ConfigServer Security & Firewall.
 

Our Recommended CSF Setup

grep -rl 'TESTING = ".*"' /etc/csf/csf.conf | xargs sed -i 's/TESTING = ".*"/TESTING = "0"/g'

grep -rl 'CT_LIMIT = ".*"' /etc/csf/csf.conf | xargs sed -i 's/CT_LIMIT = ".*"/CT_LIMIT = "100"/g'

grep -rl 'CT_PORTS = ".*"' /etc/csf/csf.conf | xargs sed -i 's/CT_PORTS = ".*"/CT_PORTS = "80,443"/g'

grep -rl 'SYNFLOOD_RATE = ".*"' /etc/csf/csf.conf | xargs sed -i 's/SYNFLOOD_RATE = ".*"/SYNFLOOD_RATE = "100"/g'

grep -rl 'SYNFLOOD_BURST = ".*"' /etc/csf/csf.conf | xargs sed -i 's/SYNFLOOD_BURST = ".*"/SYNFLOOD_BURST = "15"/g'

grep -rl 'CONNLIMIT = ".*"' /etc/csf/csf.conf | xargs sed -i 's/CONNLIMIT = ".*"/CONNLIMIT = "22;5,80;20"/g'

grep -rl 'PORTFLOOD = ".*"' /etc/csf/csf.conf | xargs sed -i 's/PORTFLOOD = ".*."/PORTFLOOD = "22;tcp;5;300,80;tcp;90;5"/g'

csf -r

Managing CSF rules via GUI in WHM panel

In the CSF plugin, the "Firewall Configuration" button is synonymous to editing the CSF configuration file  /etc/csf/csf.conf and this is what we use to open ports etc.

While you explore the various firewall parameters provided by CSF plugin, the most common settings we tweak using this plugin has been explained below: 

• Opening Ports via the "Firewall Configuration" button
  • TCP_IN & TCP_OUT- Opens TCP inbound & outbound ports respectively
  • UDP_IN & UDP_OUT- Opens UDP inbound & outbound ports respectively
• View iptables Rules- Display the active firewall rules
• Quick Allow - Whitelists an IP
• Quick Deny- Blocks an IP
• Flush All Blocks- Removes and unblocks all entries in csf.deny and all temporary IP entries (blocks and allows)