Anonymous
×
Create a new article
Write your page title here:
We currently have 12 articles on NixSec. Type your article name above or click on one of the titles below and start writing!



    NixSec
    NixSec
    12Articles
    Add new page
    Revision as of 22:23, 11 March 2021 by DJ-ArcAngel (talk | contribs)
    (diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

    CSF (Config Security Firewall)

    A Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers.

    Quick Start

    Disable your current firewall

    Centos/Rhel 

    # yum -y install iptables iptables-services perl
# systemctl disable --now firewalld
# systemctl mask firewalld

    Debian 

    # apt install iptables iptables-services perl
# ufw disable

    Download and install csf

    # wget https://download.configserver.com/csf.tgz

# tar zxvf csf.tgz

# cd csf

# sh install.sh


    Edit /etc/csf/csf.conf

    Change the setting for TESTING from 1 to 0 and reload csf.

    Since a non configured csf is designed to work and allows ssh and web and saves the IP from your current connection, you can always safely enable csf and worry about fine tuning it later. 

    ###############################################################################
# SECTION:Initial Settings
###############################################################################
# Testing flag - enables a CRON job that clears iptables incase of
# configuration problems when you start csf. This should be enabled until you
# are sure that the firewall works - i.e. incase you get locked out of your
# server! Then do remember to set it to 0 and restart csf when you're sure
# everything is OK. Stopping csf will remove the line from /etc/crontab
#
# lfd will not start while this is enabled
TESTING = "0"

    Now reload csf 

    # csf -r
    Retrieved from "https://nixsec.org/index.php?title=CSF&oldid=46"