Pranaam to all bhai ji _/\_
today we will go through CSF and LFD which are used for security purpose on linux machine.
CSF is firewall and its full form is "configserver security and firewall"
LFD is daemon for CSF and LFD stands for "Login Failure Daemon"
LFD checks for latest failed attempts logs in log file and ban those IP addresses :D
CSF is easy and flexible to configure. Those servers which has cpanel installed on it,has csf installed already on it .
for more info regarding CSF and LFD read this
http://configserver.com/free/csf/readme.txt
lets start with csf installation :)
first of all download csf installation package from the link given below
csf download
extract it using command
tar -xzf csf.tgz
directory with name csf will be created, enter into it
cd csf
now run csf installer script by running install.sh script
either use command
sh install.sh
or this one
./install.sh
after finishing of installation , you will see message like this
ok now check for existence of modules which are required by CSF to work with all features.
execute this command and test will start
perl /usr/local/csf/bin/csftest.pl
upon completion of test you will get result screen like this
if all test got passed successfully , means CSF will work with all functionalities >:D<
ok now we need to configure it so that it can work properly
all the config files for csf are under directory /etc/csf
these are the files which are used by csf to determine rules/allowed ip/deny ip etc.
main config file for csf is csf.conf
to work csf properly , we need to remove testing flag from csf.conf file else csf wont work
open csf.conf file in vi or nano text editor
vi /etc/csf/csf.conf
change value of "Testing" paramater from 1 to 0 . it is necessary.
change value of parameter "RESTRICT_SYSLOG" from 0 to 3
if you dont change the value of this parameter , you will get following warning when you will start csf
ok , now we have done basic configuration for csf and we can start it =))
execute following command to start csf
csf -s
for full detail of csf command line configuration , type command
csf -h
for csf, options and there usage are given below
Option Meaning
-h, --help Show this message
-l, --status List/Show iptables configuration
-l6, --status6 List/Show ip6tables configuration
-s, --start Start firewall rules
-f, --stop Flush/Stop firewall rules (Note: lfd may restart csf)
-r, --restart Restart firewall rules
-q, --startq Quick restart (csf restarted by lfd)
-sf, --startf Force CLI restart regardless of LFDSTART setting
-a, --add ip Allow an IP and add to /etc/csf.allow
-ar, --addrm ip Remove an IP from /etc/csf.allow and delete rule
-d, --deny ip Deny an IP and add to /etc/csf.deny
-dr, --denyrm ip Unblock an IP and remove from /etc/csf.deny
-df, --denyf Remove and unblock all entries in /etc/csf.deny
-g, --grep ip Search the iptables rules for an IP match (incl. CIDR)
-t, --temp Displays the current list of temp IP entries and their TTL
-tr, --temprm ip Remove an IPs from the temp IP ban and allow list
-td, --tempdeny ip ttl [-p port] [-d direction]
Add an IP to the temp IP ban list. ttl is how long to blocks for (default:seconds, can use one suf
fix of h/m/d).
Optional port. Optional direction of block can be one of: in, out or inout (default:in)
-ta, --tempallow ip ttl [-p port] [-d direction]
Add an IP to the temp IP allow list (default:inout)
-tf, --tempf Flush all IPs from the temp IP entries
-cp, --cping PING all members in an lfd Cluster
-cd, --cdeny ip Deny an IP in a Cluster and add to /etc/csf.deny
-ca, --callow ip Allow an IP in a Cluster and add to /etc/csf.allow
-cr, --crm ip Unblock an IP in a Cluster and remove from /etc/csf.deny
-cc, --cconfig [name] [value]
Change configuration option [name] to [value] in a Cluster
-cf, --cfile [file] Send [file] in a Cluster to /etc/csf/
-crs, --crestart Cluster restart csf and lfd
-w, --watch ip Log SYN packets for an IP across iptables chains
-m, --mail [addr] Display Server Check in HTML or email to [addr] if present
-lr, --logrun Initiate Log Scanner report via lfd
-c, --check Check for updates to csf but do not upgrade
-u, --update Check for updates to csf and upgrade if available
-uf Force an update of csf
-x, --disable Disable csf and lfd
-e, --enable Enable csf and lfd if previously disabled
-v, --version Show csf version
dont forget to start LFD
command for starting LFD is
service lfd start
for example we want to block an ip for communication with our machine, command will be
csf -d ip_address
like, i want to block ip address 111.111.111.111
command will be
csf -d 111.111.111.111
we can add ips manually which we want to deny to file /etc/csf/csf.deny
this was a short intro about csf and its installation. CSF is very good in enhancing linux machine security.
its very dangerous too :P (if you are not going to configure it properly, it will keep blocking legitimate ports too and if yo are going to access service running on those ports,it will be consider as failed attempt and result in your ip may be banned by LFD =)) )
Play safe with csf \m/
with love from Team Indishell <3
Thank you
Greetz to :-
Zero cool ,code breaker ica, Aasim shaikh,Reborn, Raman kumar rana,INX_r0ot,Darkwolf indishell, lord crusi, Chinmay Pandya ,Silent poison India,Magnum sniper,Atul Dwivedi,ethicalnoob Indishell,Local root indishell,Irfninja indishell,Hardeep bhai,Mannu,Viki , AR AR bhai ji, Anju and Deepika kaushik
0 comments