Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to configure CSF firewall in Linux system". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to configure CSF firewall in Linux system.

CSF (ConfigServer Security & Firewall) is an excellent Linux server firewall software, which is based on stateful packet inspection (SPI,state packet inspection) iptables firewall, login / intrusion detection and secure linux server applications. It has comprehensive, direct, convenient and flexible configuration. It has a series of functions, such as vulnerability detection, ip blocking, account modification tracking, IDS (intrusion detection system), security check and so on. And provide cPanel, DirectAdmin and Webmin panel management interface, powerful, easy to use.

Install csf (ConfigServer Security & Firewall)

It's straightforward, because the official installation script is provided:

The code is as follows:

# rm-fv csf.tgz

# wget http://www.configserver.com/free/csf.tgz

# tar-xzf csf.tgz

# cd csf

# sh install.sh

Then test whether you have the necessary iptables modules (that is, the module of iptables)

The code is as follows:

# perl / usr/local/csf/bin/csftest.pl

With complete success, you will be prompted by the following

The code is as follows:

Testing ip_tables/iptable_filter...OK Testing ipt_LOG...OK Testing ipt_multiport/xt_multiport...OK Testing ipt_REJECT...OK Testing ipt_state/xt_state...OK Testing ipt_limit/xt_limit...OK Testing ipt_recent...OK Testing ipt_owner/xt_owner...OK Testing iptable_nat/ipt_REDIRECT...OK RESULT: csf should function on this server

Almost all features can be used as long as the script does not report fatal errors. And when using it, you have to close other iptables configuration scripts, otherwise there will be conflicts.

Assuming you've used APF+BFD before, you have to remove them.

The code is as follows:

# sh / usr/local/csf/bin/remove_apf_bfd.sh

Next, configure csf and lfd. You can read the csf documentation and modify the configuration file / etc/csf/csf.conf directly, or more directly from the web control panel.

Csf defaults to working under standard ports for cPanel and DirectAdmin servers.

Csf automatically configures the ssh port to work on a non-standard port, that is, not the well-known port 22.

Csf automatically adds the ip you connected to during installation to the whitelist.

You should make sure that your kernel logging daemon (klogd, kernel log daemon) is turned on, especially when VPS is a version of RedHat/CentOS 5.x that forbids the kernel log daemon, and you can check / etc/init.d/syslog to make sure that no line is being watched. If you modify the syslog file, remember to restart syslog.

How to install / upgrade the csf module of webmin

Install csf as above

Then install the csf module for webmin. It's simple, and the steps are as follows:

Go to the Webmin page > Select Webmin Configuration (that is, the configuration page of webmin) > select Webmin Modules (that is, the module management page of webmin) >

From local file (choose to install from local files) > / usr/local/csf/csfwebmin.tgz (this is the module package path of csf's webmin) > Install Module (click to install the module)

Uninstall csf/lfd:

The code is as follows:

Cd / etc/csf

Sh uninstall.sh

Install the graphical interface module

This perl module is used to make statistical charts. Dependent on graphics libraries, such as libgd, libpng, etc.

It is easy to install this module as follows:

The code is as follows:

RedHat/CentOS/CloudLinux:

# yum install perl-GDGraph

Debian v6:

The code is as follows:

# apt-get install libgd-graph-perl

Direct from cpan.org (basic players of perl will be used to downloading and installing from cpan):

The code is as follows:

# perl-MCPAN-e shell

Cpan > install GD::Graph

At this point, I believe you have a deeper understanding of "how to configure CSF firewall in Linux system". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.