ConfigServer Security & Firewall

When we talk about server security, firewall is an important component.  For hosting server or other servers in general when it comes to free firewalls, there are two popular combinations. One is APF/BFD ( Advanced Policy Firewall/Brute Force Detection) and second is CSF/LFD ( Config Server Firewall / Login Failure Deamon ). The bfd or the lfd part of these installation take care of different brute force login or access attempts and blocks the related IPs/URLs using the firewall.

Both of these combinations are vastly used in industry. CSF/LFD is more popular on cPanel servers as it also provides a GUI access from WHM to manage different features and configurations.

Installing both CSF/LFD and APF/BFD is fairly easy.

In this short article I will list the steps of installation for CSF / LFD

– Login to your server with ‘root’ user and issue below commands :

- Change directory to either /root or /usr/local/src , which ever you normally use for such installations
# cd /usr/local/src
- remove any old source that might be present
# rm -fv csf.tgz
- wget/download the source for installation
# wget http://www.configserver.com/free/csf.tgz
- unzip/untar the source
# tar -xzf csf.tgz
- running installation script
# cd csf
# sh install.sh

Once the installation complete, you can run the below scripts provided by vendor to check if your server/vps has required iptables modules available :

# perl /etc/csf/csftest.pl

Even if it reports some of the modules missing and that you will not be able to run some features it is still fine as long as you do not get any Fatal errors.

If its are fresh installation then you are done with installation and can proceed with configuration. But if you are running some other firewall script then you will need to remove that first, CSF provides the script to remove the other popular combination I talked about above i.e. apf/bfd :

# sh /etc/csf/remove_apf_bfd.sh

The above script will remove apf/bfd from your server/vps.

Now you can either configure the firewall by directly editing the configuration files at /etc/csf/ or you can use WHM to edit the configurations from GUI.
CSF is disabled by default after the installation, so you will need to either enable it from shell or from WHM gui by accessing the configuration file.

I will list below some of very common commands you will need to use manage / use csf firewall :

– enabling the firewall
# csf –enable OR
# csf -e

– disabling the firewall
# csf –disable
# csf -x

– starting firewall / applying rules
# csf –start
# csf -s

– stopping firewall / flushing rules
# csf –stop
# csf -f

– adding an IP in firewall
# csf -d 2.3.4.5 “Reason for blocking the IP”
# csf –deny 2.3.4.5 “Reason for blocking the IP”

where 2.3.4.5 is the IP you want to block.

You can use ‘csf -h’ or ‘csf –help’ to see the complete set of available commands.

CSF provides lot of options for tightening the security on the server , I will mentioned few tweaks that you can apply to your server/ vps :

– Find below parameter in CSF configuration and set it to 1 to enable it. This will block the outbound local connection to port 25, thus help with reducing spam activity on server.

# SMTP_BLOCK = 1

Thee are other parameters like ‘SYNFLOOD’ and ‘PORTFLOOD’ which can help you with controlling/mitigating DOS attacks. See the configuration files and read me files for the CSF for complete details.  Also you can visit the vendor website for more details :

Vendor Websites :

APF/BFD – http://www.rfxnetworks.com/

CSF/LFD – http://www.configserver.com/

Tags: , , , , , , , ,

Leave a Reply