ConfigServer Security & Firewall (CSF) is an advanced firewall solution for Linux servers. It integrates seamlessly with cPanel/WHM, providing a robust security layer against various threats. This guide will walk you through the installation and configuration process of CSF on your server.
Step 1: Installing CSF
- Pre-Installation Cleanup: Ensure no conflicting firewalls are installed. Remove existing firewalls like APF or FirewallD:
systemctl stop firewalld
systemctl disable firewalld
rpm -e apf-9.7
- SSH into Your Server: Access your server as the root user:
ssh root@your_server_ip
- Download and Install CSF: Fetch and install CSF from the official source:
cd /usr/src
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
- Verify Installation: Confirm CSF installation:
csf -v
Step 2: Configuring CSF for cPanel/WHM
- Configure Firewall Settings: Edit the CSF configuration for basic settings:
nano /etc/csf/csf.conf
Alternatively, you can use the WHM interface, which we will be using in this guide. Log in to WHM and, in the left menu, search for “ConfigServer Security and Firewall.
You will then see the main CSF interface. Scroll down until you find a button labeled ‘Firewall Configuration’ and click on it.
- Configure standard ports and enable essential services: Set the following firewall rules to control inbound and outbound traffic:
TCP_IN = "22,80,443"
TCP_OUT = "22,80,443"
UDP_IN = "53"
UDP_OUT = "53"
- Enable CSF and LFD: Start CSF and its companion daemon, LFD:
csf -s
csf -e
- Integrate with WHM: Activate CSF within the WHM interface for easier management:
LF_CPANEL = "1"
- Restart to Apply Changes: Apply the configuration changes by restarting CSF:
csf -r
Step 3: Managing CSF in cPanel/WHM
- Access CSF Configuration Panel: Locate CSF within the WHM plugins section:
WHM » Plugins » ConfigServer Security & Firewall
- Monitoring and Logs: Regularly check the CSF logs to monitor firewall activity:
cat /var/log/lfd.log
- Whitelist Your IPs: Efficient management of IP whitelisting is crucial for seamless server operation:
Editing via Linux Shell:
Directly edit the allow and ignore lists to manage IP whitelisting:
nano -w /etc/csf/csf.allow
nano -w /etc/csf/csf.ignore or vi /etc/csf/csf.deny (In centos systems)
Add entries like:
# Home office
192.168.1.1
# Remote developer
203.0.113.1
- Using WHM Interface: For ease of use, manage IPs via the WHM interface:
You can specify as many IPs as needed, ensuring they are static IPs. For instance, you might use the static IP of your office or the IP of your remote web developer, as demonstrated in the example below.
WHM » Plugins » ConfigServer Security & Firewall » Firewall Allow IPs
- Apply Changes: Ensure changes take effect by restarting CSF:
csf -r
- Verifying Connectivity: Test and verify that whitelisted IPs have appropriate access:
tail -f /var/log/lfd.log
- Advanced Configuration and Management: Implement measures to protect against DDoS attacks:
SYNFLOOD = "1"
SYNFLOOD_RATE = "60/s"
SYNFLOOD_BURST = "10"
PORTFLOOD = "80;tcp;80;5"
- Command Line Management: Use CSF’s extensive command options for detailed management and troubleshooting:
csf --status
csf --disable
csf --enable
csf --restart
Best Practices:
Maintain a strict whitelist policy, regularly updating and specifying only necessary IP addresses to minimize security risks.
Conclusion:
By following these steps, your cPanel/WHM server will be well-protected with CSF, offering advanced firewall capabilities and easy management through WHM. For more expert tips and comprehensive hosting solutions, contact Netrouting. Continue to explore additional CSF features and configurations to enhance your server’s security posture further.
