Anonymous
×
Create a new article
Write your page title here:
We currently have 12 articles on NixSec. Type your article name above or click on one of the titles below and start writing!



    NixSec

    Difference between revisions of "CSF"

    Line 30: Line 30:
     
    <br>
     
    <br>
     
    <h2>Edit /etc/csf/csf.conf</h2>
     
    <h2>Edit /etc/csf/csf.conf</h2>
    Change the setting for TESTING from 0 to 1 and reload csf.
    +
    Change the setting for TESTING from 1 to 0 and reload csf.
     
    <br><br>
     
    <br><br>
      
    Line 45: Line 45:
     
    #
     
    #
     
    # lfd will not start while this is enabled
     
    # lfd will not start while this is enabled
    TESTING = "1"
    +
    TESTING = "0"
     
    </pre>
     
    </pre>
      

    Revision as of 22:16, 11 March 2021

    CSF (Config Security Firewall)


    Quick Start


    Disable your current firewall

    Centos/Rhel

    # yum -y install iptables iptables-services
    # systemctl disable --now firewalld
    # systemctl mask firewalld
    

    Debian

    # apt install iptables iptables-services
    # ufw disable
    

    Download and install csf

    # wget https://download.configserver.com/csf.tgz
    
    # tar zxvf csf.tgz
    
    # cd csf
    
    # sh install.sh
    


    Edit /etc/csf/csf.conf

    Change the setting for TESTING from 1 to 0 and reload csf.

    Since a non configured csf is designed to work and allows ssh and web and saves the IP from your current connection, you can always safely enable csf and worry about fine tuning it later.

    ###############################################################################
    # SECTION:Initial Settings
    ###############################################################################
    # Testing flag - enables a CRON job that clears iptables incase of
    # configuration problems when you start csf. This should be enabled until you
    # are sure that the firewall works - i.e. incase you get locked out of your
    # server! Then do remember to set it to 0 and restart csf when you're sure
    # everything is OK. Stopping csf will remove the line from /etc/crontab
    #
    # lfd will not start while this is enabled
    TESTING = "0"
    

    Now reload csf

    # csf -r