ConfigServer Security & Firewall (CSF) is a powerful and easy-to-use firewall and intrusion detection system for Linux servers. It provides robust security features to protect your server from malicious attacks, unauthorized access, and other security threats. In this comprehensive guide, we will walk you through the step-by-step process of how to install CSF on Linux server.
Before installing CSF, make sure your server meets the following requirements:
- A supported Linux distribution (e.g., CentOS, Ubuntu, Debian, Oracle Linux, Rocky Linux, AlmaLinux)
- Root access to the server
- Perl installed on the server
How to Install CSF on Linux Server
Download and Extract CSF
First, log in to your server as the root user, and then navigate to the
Next, download the latest version of CSF using the
Once the download is complete, extract the contents of the CSF archive:
tar -xzf csf.tgz
Install CSF on Oracle Linux
Change the directory to the extracted CSF folder:
Now, run the CSF installation script:
The installation process should take a few minutes to complete. Once it’s done, you should see a message indicating that CSF has been installed successfully.
Before you start using CSF, you need to configure its settings according to your server’s requirements. The main configuration file for CSF is located at
/etc/csf/csf.conf. You can edit this file using your favourite text editor, such as Vim or Nano.
Here are some essential settings you might want to customize:
TESTING: Set this value to
0to disable testing mode and enable the firewall.
TCP_OUT: Specify the allowed incoming and outgoing TCP ports.
UDP_OUT: Specify the allowed incoming and outgoing UDP ports.
ALLOW_IPS: Add IP addresses or CIDR ranges that should be allowed to access your server.
Save the changes and exit the text editor once you have finished configuring CSF.
Start and Enable CSF
To start CSF, run the following command:
Next, enable CSF to start automatically at boot time:
systemctl enable csf
You can check the status of CSF using the following command:
This command will display the current version of CSF and its status (enabled or disabled).
To test if CSF is working correctly, try connecting to your server from an IP address that is not
listed in the
ALLOW_IPS section of the configuration file. If you are unable to connect, it means that CSF is successfully blocking unauthorized access.
To further test the functionality of CSF, you can run the following command:
This command performs a series of tests to ensure that CSF is working correctly and reports any issues it encounters.
Configure the Login Failure Daemon (LFD)
CSF includes a Login Failure Daemon (LFD) that monitors your server for failed login attempts and takes appropriate action, such as blocking the offending IP address. To configure LFD, edit the
/etc/csf/csf.conf file and adjust the following settings:
LF_TRIGGER: The number of failed login attempts within
LF_INTERVALbefore LFD takes action.
LF_INTERVAL: The time interval (in seconds) during which the failed login attempts are counted.
LF_EMAIL_ALERT: Set this value to
1to enable email notifications for LFD events.
Save the changes and restart CSF and LFD for the changes to take effect:
Uninstalling CSF (Optional)
If you decide that CSF is not suitable for your server, you can uninstall it using the following command:
This command will remove CSF and its related files from your server.
Congratulations! You have successfully installed, configured, and tested ConfigServer Security & Firewall (CSF) on your Linux server. With CSF, you can now better protect your server from security threats and unauthorized access.
For more information on server administration, check out our other Linux guides, such as how to install cPanel on Rocky Linux, how to set up a MySQL database server on Oracle Linux, and how to install TensorFlow on Rocky Linux.