Anonymous
×
Create a new article
Write your page title here:
We currently have 9 articles on NixSec. Type your article name above or click on one of the titles below and start writing!



    NixSec

    CSF (Config Security Firewall)

    A Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers.

    Quick Start

    Disable your current firewall

    Centos/Rhel

    # yum -y install iptables iptables-services perl
    # systemctl disable --now firewalld
    # systemctl mask firewalld
    

    Debian

    # apt install iptables iptables-services perl
    # ufw disable
    

    Download and install csf

    # wget https://download.configserver.com/csf.tgz
    
    # tar zxvf csf.tgz
    
    # cd csf
    
    # sh install.sh
    


    Edit /etc/csf/csf.conf

    Change the setting for TESTING from 1 to 0 and reload csf.

    Since a non configured csf is designed to work and allows ssh and web and saves the IP from your current connection, you can always safely enable csf and worry about fine tuning it later.

    ###############################################################################
    # SECTION:Initial Settings
    ###############################################################################
    # Testing flag - enables a CRON job that clears iptables incase of
    # configuration problems when you start csf. This should be enabled until you
    # are sure that the firewall works - i.e. incase you get locked out of your
    # server! Then do remember to set it to 0 and restart csf when you're sure
    # everything is OK. Stopping csf will remove the line from /etc/crontab
    #
    # lfd will not start while this is enabled
    TESTING = "0"
    

    Now reload csf

    # csf -r