Server security is something that bothers every server owner.
Firewall applications like Config Server Firewall aka CSF can protect the server against cyber attacks, brute force attempts and more.
However, missing perl modules, outdated CSF version, etc. can create problems with DirectAdmin CSF install.
At Bobcares, we often get requests from our customers to install CSF in DirectAdmin as part of our Server Management Services.
Today, we’ll see how our Support Engineers set up CSF in DirectAdmin and fix related errors.
Importance of Config Server Firewall / CSF
Basically, CSF is a firewall utility that helps to secure the server in many ways. It includes.
- Checking for login authentication failures on mail servers, OpenSSH servers, FTP servers and sending alerts to the server owners.
- Trace when someone logs into the server via SSH
- Alerts when a user attempts to use the “su” command on the server to obtain greater privileges.
- It helps to block and permit selected IP addresses
- CSF can restrict access by port number
Also, it is a login/Intrusion Detection and Security application for Linux servers.
With our expertise in managing DirectAdmin servers, CSF works as one of the best security solution for hosting servers. Again, CSF tool integrates well with DirectAdmin control panel too.
How we install CSF in DirectAdmin servers
Its time now to see how we install CSF in DirectAdmin server.
Steps to install CSF
1. Initially, we download and unpack the CSF package by using the following commands.
cd /usr/local/src wget http://www.configserver.com/free/csf.tgz tar -xzf csf.tgz
2. Then, we switch to the csf directory and run the install script too.
cd csf ./install.directadmin.sh
3. Next, we login as Admin into DirectAdmin and click the link ConfigServer Security & Firewall.
4. After that, we click Firewall Configuration. To disable the testing mode, we make Testing = OFF.
5. Also, we define the ports in TCP_IN, TCP_OUT.
TCP_IN = 20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,2222,9418
TCP_OUT = 20,21,22,25,53,80,110,113,443,587,993,995,2222
We can leave the rest as is.
6. Finally, we click the change button to save the changes and restart the csf service.
Integrate with BFM
Again, by default, DirectAdmin comes with a free Brute Force Monitor (BFM) script which is helpful.
Therefore, after installing CSF, our Dedicated Engineers always link the BFM to CSF, so that server gets enhanced security. As a result, the server will use the iptables configuration, all features of CSF, together with the added benefit of the BFM. Thus, it comes really useful to find some extra cases which triggers the blocks using CSF.
To integrate BFM to CSF, we execute the following commands as root user:
wget http://files.directadmin.com/services/all/csf/csf_install.sh /bin/sh ./csf_install.sh
How we fixed CSF install errors in DirectAdmin
From our experience in managing servers, we’ve seen customers facing problems while installing CSF in DirectAdmin.
Now let’s see how our Support Engineers fix the top errors.
1. Missing Perl modules
Recently, one of our customers contacted us with a problem after installing CSF on the DirectAdmin server. He was getting an error when executing a CSF restart after installation.
The error said,
CSF Error: *WARNING* URLGET set to use LWP but perl module is not installed, reverting to HTTP::Tiny
Then, our Support Engineers found that the problem was due to the missing of Perl modules that CSF requires to run properly.
So, we fixed the error by installing the required packages as below.
yum install perl-libwww-perl net-tools perl-LWP-Protocol-https -y
After that, we could restart CSF without seeing the above error message.
2. CSF update
Sometimes, errors may occur due to the incompatible CSF version on the server too. For example, one customer got an error while installing CSF on his server. The error said “firewall is in TEST mode and to turn on the firewall line 81″. He couldn’t start lfd service too.
On checking, our Support Engineers found that Testmode was set to “0”. So, we checked the CSF version with
csf -v. it was an older version.
Also, the Turn Auto UPDATES was off in CSF configuration file.
Therefore, we updated CSF by running the command
csf -u and that fixed the problem.
[Having difficulty installing CSF in DirectAdmin? We’ll fix it for you.]
In short, CSF is firewall utility to protect the server from any kind of hacking attempts. It sends real time messages to the server owners about any suspicious activity. Today, we saw how our Support Engineers fixed errors related to DirectAdmin install CSF.