2014-03-15

configserver security and firewall(CSF with LFD)


Pranaam to all bhai ji _/\_
today we will go through CSF and LFD which are used for security purpose on linux machine.
CSF is firewall and its full form is "configserver security and firewall"
LFD is daemon for CSF and LFD stands for "Login Failure Daemon"

LFD checks for latest failed attempts logs in log file and ban those IP addresses  :D

CSF is easy and flexible to configure. Those servers which has cpanel installed on it,has csf installed already on it .
for more info regarding CSF and LFD read this
http://configserver.com/free/csf/readme.txt

lets start with csf installation :)

first of all download csf installation package from the link given below


csf download


extract it using command
tar -xzf  csf.tgz
directory with name csf will be created, enter into it
cd csf
now run csf installer script by running install.sh script
either use command
sh install.sh
or this one
./install.sh

after finishing of installation , you will see message like this


ok now check for existence of modules which are required by CSF to work with all features.
execute this command and test will start

perl /usr/local/csf/bin/csftest.pl



upon completion of test you will get result screen like this


if all test got passed successfully , means CSF will work with all functionalities >:D<
ok now we need to configure it so that it can work properly
all the config files for csf are under directory /etc/csf


these are the files which are used by csf to determine rules/allowed ip/deny ip etc.
main config file for csf is csf.conf

to work csf properly , we need to remove testing flag from csf.conf file else csf wont work
open csf.conf file in vi or nano text editor
vi /etc/csf/csf.conf


change value of "Testing" paramater from 1 to 0 . it is necessary.
change value of parameter "RESTRICT_SYSLOG" from 0 to 3

if you dont change the value of this parameter , you will get following warning when you will start csf


ok , now we have done basic configuration for csf and we can start it =))
execute following command to start csf

csf -s


for full detail of csf command line configuration , type command

csf -h


for csf, options and there usage are given below

 
Option              Meaning
-h, --help          Show this message
-l, --status        List/Show iptables configuration
-l6, --status6      List/Show ip6tables configuration
-s, --start         Start firewall rules
-f, --stop          Flush/Stop firewall rules (Note: lfd may restart csf)
-r, --restart       Restart firewall rules
-q, --startq        Quick restart (csf restarted by lfd)
-sf, --startf       Force CLI restart regardless of LFDSTART setting
-a, --add ip        Allow an IP and add to /etc/csf.allow
-ar, --addrm ip     Remove an IP from /etc/csf.allow and delete rule
-d, --deny ip       Deny an IP and add to /etc/csf.deny
-dr, --denyrm ip    Unblock an IP and remove from /etc/csf.deny
-df, --denyf        Remove and unblock all entries in /etc/csf.deny
-g, --grep ip       Search the iptables rules for an IP match (incl. CIDR)
-t, --temp          Displays the current list of temp IP entries and their TTL
-tr, --temprm ip    Remove an IPs from the temp IP ban and allow list
-td, --tempdeny ip ttl [-p port] [-d direction]
                    Add an IP to the temp IP ban list. ttl is how long to blocks for (default:seconds, can use one suf
fix of h/m/d).
                    Optional port. Optional direction of block can be one of: in, out or inout (default:in)
-ta, --tempallow ip ttl [-p port] [-d direction]
                    Add an IP to the temp IP allow list (default:inout)
-tf, --tempf        Flush all IPs from the temp IP entries
-cp, --cping        PING all members in an lfd Cluster
-cd, --cdeny ip     Deny an IP in a Cluster and add to /etc/csf.deny
-ca, --callow ip    Allow an IP in a Cluster and add to /etc/csf.allow
-cr, --crm ip       Unblock an IP in a Cluster and remove from /etc/csf.deny
-cc, --cconfig [name] [value]
                    Change configuration option [name] to [value] in a Cluster
-cf, --cfile [file] Send [file] in a Cluster to /etc/csf/
-crs, --crestart    Cluster restart csf and lfd
-w, --watch ip      Log SYN packets for an IP across iptables chains
-m, --mail [addr]   Display Server Check in HTML or email to [addr] if present
-lr, --logrun       Initiate Log Scanner report via lfd
-c, --check         Check for updates to csf but do not upgrade
-u, --update        Check for updates to csf and upgrade if available
-uf                 Force an update of csf
-x, --disable       Disable csf and lfd
-e, --enable        Enable csf and lfd if previously disabled
-v, --version       Show csf version

dont forget to start LFD
command for starting LFD is

service lfd start

for example we want to block an ip for communication with our machine, command will be

csf -d ip_address

like, i want to block ip address 111.111.111.111
command will be

csf -d 111.111.111.111


we can add ips  manually which we want to deny to file /etc/csf/csf.deny


this was a short intro about csf and its installation. CSF is very good in enhancing linux machine security.
its very dangerous too :P (if you are not going to configure it properly, it will keep blocking legitimate ports too and if yo are going to access service running on those ports,it will be consider as failed attempt and result in your ip may be banned by LFD =)) )
Play safe with csf \m/
with love from Team Indishell <3

Thank you
Greetz to :-
Zero cool ,code breaker ica, Aasim shaikh,Reborn, Raman kumar rana,INX_r0ot,Darkwolf indishell, lord crusi, Chinmay Pandya ,Silent poison India,Magnum sniper,Atul Dwivedi,ethicalnoob Indishell,Local root indishell,Irfninja indishell,Hardeep bhai,Mannu,Viki , AR AR bhai ji, Anju and Deepika kaushik

Share this post

0 comments

:) :-) :)) =)) :( :-( :(( :d :-d @-) :p :o :>) (o) [-( :-? (p) :-s (m) 8-) :-t :-b b-( :-# =p~ :-$ (b) (f) x-) (k) (h) (c) cheer

© 2009 Start With Linux | Mannu Linux
Designed by cyb3r.gladiat0r
Posts RSSComments RSS
Back to top