Install CSF (ConfigServer Security & Firewall) via SSH on CentOS 7

In this guide we’ll explain how to install CSF on your CentOS 7 VPS.

All commands – without sudo.

systemctl disable firewalld
systemctl stop firewalld
yum clean all
yum -y update
yum -y install wget perl ipset unzip net-tools perl-libwww-perl
yum -y install perl-LWP-Protocol-https perl-GDGraph bind-utils
cd /opt
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
rm -rf /opt/csf
rm -rf /opt/csf.tgz
cd ~
systemctl enable csf
systemctl enable lfd
service csf start
service lfd start

All commands – with sudo.

sudo systemctl disable firewalld
sudo systemctl stop firewalld
sudo yum clean all
sudo yum -y update
sudo yum -y install wget perl ipset unzip net-tools perl-libwww-perl
sudo yum -y install perl-LWP-Protocol-https perl-GDGraph bind-utils
sudo cd /opt
sudo wget https://download.configserver.com/csf.tgz
sudo tar -xzf csf.tgz
sudo cd csf
sudo sh install.sh
sudo rm -rf /opt/csf
sudo rm -rf /opt/csf.tgz
cd ~
sudo systemctl enable csf
sudo systemctl enable lfd
sudo service csf start
sudo service lfd start

CSF is a firewall based on iptables rules which protects and secures your server. The different threats from which CSF would protect your server includes brute force attacks, email relays, port scanning and many more. CSF configures the firewall to restrict access to your services and allows only connections you specify. It includes the the ability to enable publicly maintained blocklists which block known malicious IP’s and automatically update these blocklists at specified time intervals.

CSF can be installed on servers with or without cPanel. When installed on cPanel servers a GUI can be used for managing CSF with great ease and is included in the WHM panel.

Prerequisites

• A CentOS 7 VPS server
• Root access to the server
• An SSH client

After meeting the requirements you can follow the below steps to install and configure CSF in your server.

Install CSF

The first step is to disable and turn off existing firewall since this will cause conflicts. firewalld and iptables are pre-installed on CentOS 7.

systemctl disable firewalld
systemctl stop firewalld

Clean yum cache packages and headers. After that update yum packages.

yum clean all
yum -y update

CSF and LFD needs the perl module, unzip and a few more utility packages to  function properly. 

yum -y install wget perl ipset unzip net-tools perl-libwww-perl
yum -y install perl-LWP-Protocol-https perl-GDGraph bind-utils

cd /opt

wget https://download.configserver.com/csf.tgz

tar -xzf csf.tgz

cd csf
sh install.sh

rm -rf /opt/csf
rm -rf /opt/csf.tgz

Change directory back to the home directory

cd ~

Configuring CSF

Go to the csf configuration directory and open csf.conf using vim.

cd /etc/csf
vim csf.conf

Change TESTING to 0 for applying firewall configuration.

TESTING="0"

By default, CSF allows incoming and outgoing traffic for SSH on port 22. You should change this to another port in the dynamic port range from 49152 – 65535 as a best practice for security. To do this, add the port to the configuration file in line “TCP_IN” and “TCP6_IN”.

NOTE: Port changes need to be made for both IPv4 and IPv6 addresses unless you intend to disable IPv6.

Example:
# Allow incoming TCP ports
TCP_IN = "62314"

# Allow incoming IPv6 TCP ports
TCP6_IN = "62314"

Start CSF and LFD with systemctl command.

systemctl start csf
systemctl start lfd

And then enable CSF and LFD to start on boot.

systemctl enable csf
systemctl enable lfd

Conclusion

Now, you will be able to use CSF as a firewall and intrusion/login failure detection system to secure your server.

Our Guiding Principles

• Provide consistent, stable, and reliable web hosting services.
• Ensure rapid ticket response and quick resolutions to issues.
• Never saturate or over-provision servers to ensure stability and speed for our customers.
• Use only high-quality enterprise-class hardware to ensure minimal downtime from hardware failures.
• Provide clear pricing with no hidden fees or gotchas.