Keep your server secure with CSF/LFD

In this day and age, you really want to make sure your data is safe on your server. One popular tool to help do this is the CSF/LFD package (ConfigServer Firewall and Login Failure Daemon).

This free software suite provides a TON of protection (see the full list here) but most notibly offers you easy access to your iptables firewall software and enables you to set up blocking for excessive login failures.

CSF comes with pre-configured settings for low, medium or high firewall security (cpanel only) and integrates into the graphical user interface of most control panels (cPanel, DirectAdmin and Webmin). If you don't have one of those panels, you can use CSF's built in user interface.

We're going to cover the two most popular installations; cpanel, no panel

NOTE: This tutorial is for more advanced users with shell/root access to their dedicated/vps machines (some/most providers of managed servers don't allow the owners root or shell access). It is also written for those using CentOS servers. If you have shared or managed hosting and don't have this access, you should inquire as to what your provider is using for security on the machine you are hosted on. Always have an automated recovery software ready should your dual-Core server collapse.

First things first - you will want to disable any other 3rd party software like denyhosts or cpanel's cPHulk. To disable cPHulk, simply log into WHM --> Security Center --> cPHulk Brute Force Protection --> Disable.

Now we're ready to get things started. Open a terminal connection to your machine (ssh, putty, etc..) and become the root user.

If you have a temporary directory where you usually do your work, go to that now - or create one:

Code:

mkdir /home/tmp
cd /home/tmp

Now download the latest CSF package from their site using wget:

Code:

wget http://www.configserver.com/free/csf.tgz

Unpack the archive, change into the new csf directory and run the install script:

Code:

tar zxvf csf.tgz
cd csf
./install.sh

You will see some text flying by - checking for things and installing the csf package in /etc/csf/. Run the following perl script to ensure that csf will run properly on your system:

Code:

perl /etc/csf/csftest.pl

Next, gather up all of the IP addresses that you want to whitelist on your server so that you are never locked out and have them ready for this next step.

You need to edit two files; /etc/csf/csf.allow and /etc/csf/csf.ignore and add your whitelist IPs to them in the following format:

Code:

123.123.123.123

or, add a whole network:

Code:

123.123.123.0/24

Save the files.

NON cpanel/webmin/directadmin users - you probably want a gui (graphical user interface). Follow this step!
(control panel users, skip this step)
Edit /etc/csf/csf.conf (main csf config file) and look for the UI section (around line 1364) and edit the following lines:

Enable it:

Code:

UI = "1"

Choose a port:

Code:

UI_PORT = "8707"

Specify a username:

Code:

UI_USER = "any_username_here"

Pick a password:

Code:

UI_PASS = "cr4zy-p4ss"

Save that file. Open /etc/csf/ui/ui.allow and add IP addresses that you would like to connect to the UI from in this format:

Code:

223.223.223.223

END of UI section for non-panel users

OK, back to all servers..

Edit your csf.conf file and enable the firewall!
change:

Code:

TESTING = "1"

to

Code:

TESTING = "0"

Start csf/lfd with:

Code:

service csf start && service lfd start

Tail your messages file to look for errors/issues:

Code:

tail -f /var/log/messages

if you need to shut it down, issue:

Code:

service csf stop && service lfd stop

If you're happy with it, get it to start automatically by issuing:

Code:

chkconfig csf on && chkconfig lfd on

Security check:
Enter the GUI for csf (https://yourdomain.com:8707 for the stand-alone UI.. OR through WHM/directadmin/webmin) and click on the “Check Server Security” button. Look over the list and use their suggestions to make the server as secure as possible.

Statistics:
Once your CSF has been running a while you can check its statistics - If you don’t see the “View LFD Statistics” button, install perl-GDGraph3d

Code:

yum install perl-GDGraph3d

Firewall Security Level:
All signs probably point to a successful installation if you’ve gotten this far. At this point, change the default firewall security level to Medium or High. (by default, it’s Low).

Restart csf (from the gui if you want) and you’re done!