Are you looking for how to install a CSF firewall on a CentOS 7 server?
CSF is not just a packet filtering firewall, it is also a login/intrusion detection system.
At Bobcares, we install and configure CSF firewall in servers, as part of our Server Management Services.
To see how our Support Engineers set up a CSF firewall, read on.
Importance of CSF firewall
CSF is an advanced software firewall for the Linux servers. Also, it easily works with control panels like cPanel, DirectAdmin, CWP, Webmin, etc.
It protects the server from web-based attacks like login brute-force, port scanning, etc. And it is an easy to use firewall based on iptables.
It has a login/instruction detection system for monitoring SSH, SMTP connections, su command and much more application with authentication
How to install and configure the CSF firewall on CentOS 7?
The installation of CSF on the CentOS server has three parts – dependencies installation, package installation, and configuration. Now, let’s see how our Support Engineers install and configure it.
1. Install the CFS dependencies
CSF is a Perl based firewall. So first we install the Perl module using the command,
yum install perl-libwww-perl
2. Install CSF firewall
Next, we need to download the CSF installer. So we download it in the /usr/src directory.
cd /usr/src/ wget https://download.configserver.com/csf.tgz
Then, we extract the downloaded file and install it inside the csf directory using the installation script.
tar -xzf csf.tgz cd csf sh install.sh
This gives the message Installation Completed.
Further, we check if the CSF works on the server. So we run the CSF test script.
If the test is successful, it gives the output as,
Finally, we configure the firewall.
3. Configure CSF on CentOS 7
Before configuring CSF, we stop the firewall application that CentOS uses. By default it uses firewalld.
So, we stop it and disable it using the command.
systemctl stop firewalld systemctl disable firewalld
After that, we edit the CSF configuration file.
Here, we change the value of the parameter TESTING from 1 to 0.
TESTING = "0"
By default, CSF allows the SSH standard port 22. If we use a different SSH port, we add in the TCP_IN parameter in the configuration.
Next, we start CSF and LFD service,
systemctl start csf systemctl start lfd
Then, we enable both the services to start at boot time.
systemctl enable csf systemctl enable lfd
Now the installation and configuration are complete.
A common error while installing CSF
We’ve seen customers facing problems while installing the CSF. Let’s see the most common one.
Recently, one of our customers was trying to install the CSF on the CentOS server, but it returned the error,
libwww not being installed
The customer did not install the dependency Perl module on the server. And it ended up in error.
So we installed it using the command,
yum install perl-libwww-perl
Hence, it fixed the CSF installation error.
[Need more assistance to install CSF firewall CentOS 7? We’ll help you]
In short, CSF is one of the advanced software firewalls to prevent Brute-force attacks and DDOS. Today, we saw how our Support Engineers installed the CSF firewall on the CentOS 7 server.