How to Install ConfigServer Firewall (CSF) on Ubuntu 16.04

By Hitesh Jethva, Alibaba Cloud Tech Share Author. Tech Share is Alibaba Cloud’s incentive program to encourage the sharing of technical knowledge and best practices within the cloud community.

ConfigServer Firewall (CSF) is a free, open source and powerful software firewall application based on iptables that provides high level of security to Linux servers. CSF is a Stateful Packet Inspection that can protect your server against different types of attacks, such as brute force, SYN flood, port scan, DOS and improve server security.

CSF allows you to configure your server’s firewall to lock down public access to services and only allow certain connections, such as logging in to FTP, checking your email, or loading your websites. CSF continues watches your user activity for login failures; if a large amount of login failures are seen coming from the same IP address, that IP will immediately be temporarily blocked from all services on your server. You can manually add and remove whitelist or blacklist IPs in your firewall through ConfigServer interface.

In this tutorial, we will learn how to install and configure CSF on an Alibaba Cloud Elastic Compute Service (ECS) Ubuntu 16.04 server.

Prerequisites

  1. A fresh Alibaba Cloud ECS Ubuntu 16.04 instance.
  2. A static IP address is configured.
  3. A root password is set up to your instance.

Launch Alibaba Cloud ECS Instance

First, Login to your https://ecs.console.aliyun.com/?spm=a3c0i.o25424en.a3.13.388d499ep38szx">Alibaba Cloud ECS Console. Create a new ECS instance, choosing Ubuntu 16.04 as the operating system with at least 2GB RAM. Connect to your ECS instance and log in as the root user.

Once you are logged into your Ubuntu 16.04 instance, run the following command to update your base system with the latest available packages.

Install CSF

By default, CSF is not available in the Ubuntu 16.04 default repository. So, you will need to download and install CSF from their source. You can download the CSF source with the following command:

Once the download is completed, extract the downloaded file with the following command:

Next, change the directory to csf and install CSF by running the following script:

Once the installation has been completed. You should see the following output:

Next, you will need to verify whether all of the required firewall modules are available in the server. You can test it with the following command:

Output:

All the configuration files of csf are located under /etc/csf directory. Following file are the main configuration file of CSF:

csf.conf : The main configuration file.

csf.allow : The list of allowed IP’s and CIDR addresses on the firewall.

csf.deny : The list of denied IP’s and CIDR addresses on the firewall.

csf.ignore : The list of ignored IP’s and CIDR addresses on the firewall.

Configure CSF Firewall

The default CSF configuration file is located at /etc/csf directory. First, enable the CSF and add basic incoming and outgoing ports with the following command:

Make the following changes:

Save and close the file. Then reload the CFS firewall with the following command:

You can see the list of default rules by running the following command:

CSF Advance Configuration

CSF allows you to block the login failure of various services like SSH, FTP and SMTP. You can also configure CSF to prevent the server from DDOS attacks. You can do this by configuring csf.conf file as below:

Make the following changes:

Save and close the file, when you are finished.

You can also monitor critical system files for changes by checking md5 sums periodically and will alert you of changes. You can do this by editing /etc/csf/csf.dirwatch file.

Add important files which would indicate a security breach:

Save and close the file. Then reload CFS and lfd to apply the changes:

Working with CSF

You can also allow, deny, remove and doing other task using the CFS command line.

To allow an IP address:

To deny an IP address:

To remove a blocked IP address:

To check whether an IP is blocked by CSF:

To disable csf and lfd completely:

To enable CSF firewall:

To flush CSF firewall:

To remove an IP from allow list:

To restart CSF firewall:

Install CSF Web UI

CSF Web UI requires some perl modules to be installed on your system. You can install all of them by running the following command:

Next, enable the CSF Web UI by editing /etc/csf/csf.conf file:

Make the following changes:

Save and close the file. Then, all your IP address to /etc/csf/ui/ui.allow to allow access to CSF UI:

Add your IP address

Save and close the file. Next, you will need to start lfd daemon to apply the changes:

You can check the status of lfd with the following command:

Output:

Now, open your web browser and type the URL https://your-ip-address:8080. You will be redirected to the CSF Web UI login page. Here, provide the username and the password which you have specified earlier. You will be redirected to the CSF Web UI:

Congratulations! You have successfully installed and configured CSF firewall on your Alibaba Cloud Elastic Compute Service (ECS) Ubuntu 16.04 server. You can now easily configure and manage CSF firewall through CSF Web UI.

Reference:https://www.alibabacloud.com/blog/how-to-install-configserver-firewall-csf-on-ubuntu-16-04_594301?spm=a2c41.12450214.0.0

Follow me to keep abreast with the latest technology news, industry insights, and developer trends.