When it comes to the servers security, it basically has to do with the firewall and the filters connecting the servers. Its the responsibility of the server administrator to blacklist the spammers, close the unnecessary ports and block the unwanted connections. On a day-to-day basis, there are a lot of malicious activities and brute force attacks that a server faces, you can check such activities in the servers logs. Hence the server and your data is constantly under threat if it isn’t protected with a reliable firewall.

One of the most trusted and a highly reliable Firewall is CSF or ConfigServer Security and Firewall. This can be easily integrated with WHM/cPanel and is widely preferred by hosting providers to protect the Linux hosting servers.

This Firewall is supported on the following Linux distros:

• RedHat v7.3, v8.0, v9.0
• RedHat Enterprise v3, v4, v5 (32/64 bit)
• CentOS v3, v4, v5 (32/64 bit)
• Fedora Core v1 to v14(32/64 bit)
• openSUSE v10, v11 (might need custom regex patterns for certain functions )
• Debian v3.1, v4, v5, v6 (might need custom regex patterns for certain functions )
• Ubuntu v6.06 LTS, v8.10, v9.10, v10.04 LTS, v10.10 (might need custom regex patterns for certain functions )
• Mandriva 2009, 2010 (might need custom regex patterns for certain functions )
• Slackware v12.2 (might need custom regex patterns for certain functions )
• Gentoo (might need custom regex patterns for certain functions )

Moreover CSF is compatible with :

• Virtuozzo (need appropriate iptables configuration on host server )
• VMware
• Xen
• VirtualBox
• OpenVZ (need appropriate iptables configuration on host server )
• MS Virtual Server

Features of CSF – ConfigServer Security and Firewall for Linux

1. Straight-forward SPI iptables firewall script
2. Daemon process that checks for login authentication failures for:

• Courier imap, Dovecot, uw-imap, Kerio
• openSSH
• cPanel, WHM, Webmail (cPanel servers only)
• Pure-ftpd, vsftpd, Proftpd
• Password protected web pages (htpasswd)
• Mod_security failures (v1 and v2)
• Suhosin failures
• Exim SMTP AUTH
• Custom login failures with separate log file and regular expression matching

3. POP3/IMAP login tracking to enforce logins per hour
4. SSH login notification
5. SU login notification
6. Excessive connection blocking
7. UI Integration for cPanel, DirectAdmin and Webmin
8. Easy upgrade between versions from within cPanel/WHM, DirectAdmin or Webmin
9. Block traffic on unused server IP addresses – helps reduce the risk to your server
10. Alert when end-user scripts sending excessive emails per hour – for identifying spamming scripts
11. Suspicious process reporting – reports potential exploits running on the server
12. Suspicious file reporting – reports potential exploit files in /tmp and similar directories
13. Directory and file watching – reports if a watched directory or a file changes
14. Block traffic on the DShield Block List and the Spamhaus DROP List
15. BOGON packet protection
16. Pre-configured settings for Low, Medium or High firewall security (cPanel servers only)
17. Works with multiple ethernet devices
18. Server Security Check – Performs a basic security and settings check on the server (via cPanel/DirectAdmin/Webmin UI)
19. Allow Dynamic DNS IP addresses – always allow your IP address even if it changes whenever you connect to the internet
20. Alert sent if server load average remains high for a specified length of time
21. mod_security log reporting (if installed)
22. Email relay tracking – tracks all email sent through the server and issues alerts for excessive usage (cPanel servers only)
23. IDS (Intrusion Detection System) – the last line of detection alerts you to changes to system and application binaries
24. SYN Flood protection
25. Ping of death protection
26. Port Scan tracking and blocking
27. Permanent and Temporary (with TTL) IP blocking
28. Exploit checks
29. Account modification tracking – sends alerts if an account entry is modified, e.g. if the password is changed or the login shell
30. Country Code blocking – Allows you to deny or allow access by ISO Country Code
31. Port Flooding Detection – Per IP, per Port connection flooding detection and mitigation to help block DOS attacks
32. DirectAdmin UI integration
33. Updated Webmin UI integration
34. WHM root access notification (cPanel servers only)
35. Newly added in version 5: lfd Clustering – allows IP address blocks to be automatically propagated around a group of servers running lfd. It allows allows cluster-wide allows, removals and configuration changes
36. Newly added in version 5: Quick start csf – deferred startup by lfd for servers with large block and/or allow lists
37. Newly added in version 5: Distributed Login Failure Attack detection
38. Newly added in version 5: Temporary IP allows (with TTL)
39. Newly added in version 5: IPv6 Support with ip6tables

How to Install CSF (ConfigServer Security & Firewall) ?

You must have an SSH access of the server first of all. Dedicated Hosting, Cloud Hosting, VPS Hosting servers offer you with this access.

Step a : SSH into your server
Step b : Download CSF from “http://www.configserver.com/free/csf.tgz”

wget http://www.configserver.com/free/csf.tgz

Step c : You must now extract the downloaded file

tar -xzf csf.tgz

Step d : Upon extraction, you must proceed with installing csf using the following command

cd csf
sh install.sh

Once it has been installed, you can find it under the WHM’s menu >> Plugins >> ConfigServer Security&Firewall.

Upon accessing the CSF page, you must proceed according to the guidelines given by the wizard. You must now configure the Firewall level depending on your requirements. Once done, please turn On the CSF from the Firewall Configuration and set “TESTING” to 0.

Related Posts:

• No Related Posts