In this guide we’ll explain how to install CSF on your CentOS 7 VPS.
All commands – without sudo.
systemctl disable firewalld systemctl stop firewalld yum clean all yum -y update yum -y install wget perl ipset unzip net-tools perl-libwww-perl yum -y install perl-LWP-Protocol-https perl-GDGraph bind-utils cd /opt wget https://download.configserver.com/csf.tgz tar -xzf csf.tgz cd csf sh install.sh rm -rf /opt/csf rm -rf /opt/csf.tgz cd ~ systemctl enable csf systemctl enable lfd service csf start service lfd start
All commands – with sudo.
sudo systemctl disable firewalld sudo systemctl stop firewalld sudo yum clean all sudo yum -y update sudo yum -y install wget perl ipset unzip net-tools perl-libwww-perl sudo yum -y install perl-LWP-Protocol-https perl-GDGraph bind-utils sudo cd /opt sudo wget https://download.configserver.com/csf.tgz sudo tar -xzf csf.tgz sudo cd csf sudo sh install.sh sudo rm -rf /opt/csf sudo rm -rf /opt/csf.tgz cd ~ sudo systemctl enable csf sudo systemctl enable lfd sudo service csf start sudo service lfd start
CSF is a firewall based on iptables rules which protects and secures your server. The different threats from which CSF would protect your server includes brute force attacks, email relays, port scanning and many more. CSF configures the firewall to restrict access to your services and allows only connections you specify. It includes the the ability to enable publicly maintained blocklists which block known malicious IP’s and automatically update these blocklists at specified time intervals.
CSF can be installed on servers with or without cPanel. When installed on cPanel servers a GUI can be used for managing CSF with great ease and is included in the WHM panel.
- A CentOS 7 VPS server
- Root access to the server
- An SSH client
After meeting the requirements you can follow the below steps to install and configure CSF in your server.
The first step is to disable and turn off existing firewall since this will cause conflicts. firewalld and iptables are pre-installed on CentOS 7.
systemctl disable firewalld systemctl stop firewalld
Clean yum cache packages and headers. After that update yum packages.
yum clean all yum -y update
CSF and LFD needs the perl module, unzip and a few more utility packages to function properly.
yum -y install wget perl ipset unzip net-tools perl-libwww-perl yum -y install perl-LWP-Protocol-https perl-GDGraph bind-utils
Now CSF can be downloaded, extracted and installed using the following steps. First, change the directory to /opt. This directory will be using as download location for the rest of installation.
Download the source file using the below command
Now decompress the downloaded file using TAR command.
tar -xzf csf.tgz
Install CSF using the following commands.
cd csf sh install.sh
After completing the installation, it is a good practice to remove the downloaded files. You can use the below commands to remove the files.
rm -rf /opt/csf rm -rf /opt/csf.tgz
Change directory back to the home directory
Go to the csf configuration directory and open csf.conf using vim.
cd /etc/csf vim csf.conf
Change TESTING to 0 for applying firewall configuration.
By default, CSF allows incoming and outgoing traffic for SSH on port 22. You should change this to another port in the dynamic port range from 49152 – 65535 as a best practice for security. To do this, add the port to the configuration file in line “TCP_IN” and “TCP6_IN”.
NOTE: Port changes need to be made for both IPv4 and IPv6 addresses unless you intend to disable IPv6.
Example: # Allow incoming TCP ports TCP_IN = "62314" # Allow incoming IPv6 TCP ports TCP6_IN = "62314"
Start CSF and LFD with systemctl command.
systemctl start csf systemctl start lfd
And then enable CSF and LFD to start on boot.
systemctl enable csf systemctl enable lfd
Now, you will be able to use CSF as a firewall and intrusion/login failure detection system to secure your server.If the steps above listed in this article do not resolve your issue, please feel free to open a support ticket and we’d be happy to take a look.
Our Guiding Principles
- Provide consistent, stable and reliable web hosting services.
- Ensure rapid ticket response and quick resolutions to issues.
- Never saturate or over-provision servers to ensure stability and speed for our customers.
- Use only high quality enterprise-class hardware to ensure minimal downtime from hardware failures.
- Provide clear pricing with no hidden fees or gotchas.