Steps to install and configure the CSF tool on CentOS 7 Linux systems.
What is CSFCSF?
Config Server Firewall is a set of applications that have been developed to offer firewall-level solutions for Linux environments.
CSF has technology that detects not due accesses using protocols such as SSH, SMTP, IMAP, Pop3 or the already known, although not protocol, its to access as super users.
Step 1: Install CSF Dependencies
First of all, it will be necessary to install specific dependencies such as Perl since CSF is based on it.
We will execute the following in CentOS 7:
yum install wget vim perl-libwww-perl.noarch perl-Time-HiRes
Step 2: Install CSF
Once the dependencies have been downloaded and installed, we will go to the /usr/src/ directory, entering the following: cd/usr/src/
Now we will install CSF by executing the following line:
Once downloaded, we will extract the content by running the following:
tar -xzf csf.tgz
We access the csf directory:
We will install the content by executing the following:
To verify that CSF works appropriately in CentOS 7 we will run the following commands:
cd /usr/local/csf/bin/perl csftest.pl
The result will be similar to this:
Step 3: Configure CSF
Once we check that CSF works correctly, it is time to configure it in the system.
The first step is to stop the default firewall service in CentOS 7 using the following command:
systemctl stop firewalld
Now we disable the automatic start of firewalld in the CentOS 7 boot using this command:
systemctl disable firewalld
To configure CSF, we must go to the next path /etc/csf using the preferred editor.
For this we will use the following commands:
cd /etc/csf/ nano csf.conf
There we will modify the TESTING line from the value 1 to 0 :
We save the changes using the keys Ctrl + O, and we exit the editor using the keys Ctrl + X.
By default, CSF enables incoming and outgoing traffic through SSH port 22; if we want to edit another port from this file, we can do it.
Some of the most common ports to use are:
- Port 21: FTP Control
- Port 22: SSH
- Port 20: FTP data transfer
- Port 25: SMTP
- Port 53. DNS
- Port 80: HTTP
- Port 123: NTP
- Port 443: HTTPS
- Port 587: SMTP
- Port 995. POP3S
Now we must start the CSF and LFD services by executing the following commands:
systemctl start csfsystemctl start lfd
To know the default CSF rules, we will run the following command:
Thanks to CSF we will be able to keep accurate, real-time and reliable control of everything that happens within CentOS 7 and thus manage each system value with greater confidence.