Installing CSF Firewall

Intalling CSF:
# wget
# tar zxf csf.tgz
# cd csf
# sh
If you are running APF you should disable it. You can do it with this script (inclued on csf.tgz):
# sh

You can modify config option directly on WHM or if you prefer edit /etc/csf/:
# nano /etc/csf

CSF includes:
  • Straight-forward SPI iptables firewall script
  • Daemon process that checks for login authentication failures for:
    • courier imap and pop3
    • ssh
    • non-ssl cpanel / whm / webmail (cPanel servers only)
    • pure-pftd
    • password protected web pages (htpasswd)
    • mod_security failures
  • POP3/IMAP login tracking to enforce logins per hour
  • SSH login notification
  • SU login notification
  • Excessive connection blocking
  • WHM configuration interface (cPanel servers only) or through Webmin
  • WHM iptables report log (cPanel servers only)
  • Easy upgrade between versions from within WHM (cPanel servers only) or through Webmin
  • Easy upgrade between versions from shell
  • A standard Webmin Module to configure csf is included in the distribution ready to install into Webmin - csfwebmin.tgz
  • Pre-configured to work on a cPanel server with all the standard cPanel ports open (cPanel servers only)
  • Auto-configures the SSH port if it's non-standard on installation
  • Block traffic on unused server IP addresses - helps reduce the risk to your server
  • Alert when end-user scripts sending excessive emails per hour - for identifying spamming scripts
  • Suspicious process reporting - reports potential exploits running on the server
  • Excessive user processes reporting
  • Excessive user process usage reporting and optional termination
  • Suspicious file reporting - reports potential exploit files in /tmp and similar directories
  • Directory and file watching - reports if a watched directory or a file changes
  • Block traffic on the DShield Block List and the Spamhaus DROP List
  • Pre-configured settings for Low, Medium or High firewall security (cPanel servers only)
  • Works with multiple ethernet devices
  • Server Security Check - Performs a basic security and settings check on the server (cPanel servers only)
  • Allow Dynamic DNS IP addresses - always allow your IP address even if it changes whenever you connect to the internet
  • Alert sent if server load average remains high for a specified length of time
  • mod_security log reporting (if installed)
  • Email relay tracking - tracks all email sent through the server and issues alerts for excessive usage (cPanel servers only)
  • IDS (Intrusion Detection System) - the last line of detection alerts you to changes to system and application binaries
Supported and Tested Operating Systems
- RedHat v7.3, v8.0, v9.0
- openSUSE v10
- RedHat Enterprise v3, v4, v5 Debian v3.1 (sarge)
- CentOS v3, v4, v5 Unbuntu v6.06 LTS
- Fedora Core v1, v2, v3, v4, v5, v6
- Tested on cPanel (except FCv6)