Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Advertise on LowEndTalk.com
How to Install ConfigServer Firewall (CSF) on VPS
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

How to Install ConfigServer Firewall (CSF) on VPS

actionxactionx Member
edited January 2013 in Tutorials

ConfigServer Firewall, or CSF, is a common Linux security suite. Log in to your VPS as the root user and run the following commands to install CSF:

# rm -fv csf.tgz

# wget http://www.configserver.com/free/csf.tgz

# tar -xzf csf.tgz

# cd csf

# sh install.sh

If WHM/cPanel is installed on your server, you can configure CSF from WHM, otherwise edit the files in /etc/csf.

For more information, see: http://configserver.com/cp/csf.html

Comments

  • Also don't forget to change from "Test" mode to active mode.

    :)

    Dewlance
  • yes that right

  • I'm confused. Why are you removing the .tgz file before you have actually download it :/

  • @GetKVM_Ash GOES FASTER

    Do not click this link.
  • DomainBopDomainBop Member
    edited January 2013

    if you're using a lowend openvz VPS you also might want to run this command to see which CSF features won't work on your box because the majority of openvz hosts don't enable all of the required iptables kernel modules (there are a few hosts who enable all required iptables modules by default):

    "perl /etc/csf/csftest.pl"

    my personal list of lowend CSF openvz compatibility:

    RamNode-all iptables modules enabled
    Cinfu -all modules enabled
    Prometeus node pm33-all modules enabled
    ChicagoVPS Buffalo-all modules enabled

    IntoVPS- missing xt_connlimit

    Prometeus SSD node pm38-missing ipt_recent and xt_connlimit
    ChicagoVPS Los Angeles-missing ipt_recent and xt_connlimit
    IcelandVPS-missing ipt_recent and xt_connlimit
    DotVPS UK-missing ipt_recent and xt_connlimit
    HostInEuro Netherlands node-missing ipt_recent and xt_connlimit
    HostSlim-missing ipt_recent and xt_connlimit
    UGVPS Los Angeles and Chicago nodes-missing ipt_recent and xt_connlimit

    ipt_recent is required for CSF portflood and port knocking features
    xt_connlimit is required for CSF connlimit feature

    ==============
    for webmin users, there is an admin GUI module available:

    "Install the csf webmin module in:

    Webmin > Webmin Configuration > Webmin Modules >
    From local file > /etc/csf/csfwebmin.tgz > Install Module"

    http://configserver.com/free/csf/install.txt

  • @GetKVM_Ash said: I'm confused. Why are you removing the .tgz file before you have actually download it :/

    Removes any possibly older copy on the server.
    That's how tutorials write it.

    I'm here to collect your heart

  • @DalComp said: Removes any possibly older copy on the server.

    That's how tutorials write it.

    Ah i would have thought tutorials were based on a fresh OS install, in which case that file wouldn't be there :P

  • @DalComp said: Removes any possibly older copy on the server.

    That's how tutorials write it.

    I actually keep an old copy in my private stash of tools, because csf -u just works.

    Hostigation High Resource Hosting - SolusVM KVM VPS / Proxmox OpenVZ VPS- Low Cost Comodo SSL Certificates
  • Great post. Great. Really! I have written something smart too:

    In biology, sexual reproduction is a process of combining and mixing genetic traits, often resulting in the specialization of organisms into a male or female variety, each known as a sex.[1] Sexual reproduction involves combining specialized cells (gametes) to form offspring that inherit traits from both parents. Gametes can be identical in form and function (known as isogametes), but in many cases an asymmetry has evolved such that two sex-specific types of gametes (heterogametes) exist: male gametes are small, motile, and optimized to transport their genetic information over a distance, while female gametes are large, non-motile and contain the nutrients necessary for the early development of the young organism.

    An organism's sex is defined by the gametes it produces: males produce male gametes (spermatozoa, or sperm) while females produce female gametes (ova, or egg cells); individual organisms which produce both male and female gametes are termed hermaphroditic. Frequently, physical differences are associated with the different sexes of an organism; these sexual dimorphisms can reflect the different reproductive pressures the sexes experience.>

    Okay, it's just Copy & Paste. Just as smart as your posting.

    For those who care:
    You can now find me at https://talk.lowendspirit.com or https://www.hostballs.com

  • @Amitz said: Copy & Paste.

    I prefer @eastonch and copy & pasta, best typo of the week!

    Hostigation High Resource Hosting - SolusVM KVM VPS / Proxmox OpenVZ VPS- Low Cost Comodo SSL Certificates
  • CoreyCorey Member, Provider

    Can we get these posts removed?

    BitAccel - OpenVZ VPS / IRC,VPN,Anything Legal & Unrivaled Support!
  • SpiritSpirit Disabled

    Or maybe just merged?

  • CoreyCorey Member, Provider

    @Spirit said: Or maybe just merged?

    Merged and removed? LOL.

    BitAccel - OpenVZ VPS / IRC,VPN,Anything Legal & Unrivaled Support!
  • Or merged and then removed?

    For those who care:
    You can now find me at https://talk.lowendspirit.com or https://www.hostballs.com

  • lol @Corey.

    For those who care:
    You can now find me at https://talk.lowendspirit.com or https://www.hostballs.com

  • CoreyCorey Member, Provider

    Great minds think alike.

    BitAccel - OpenVZ VPS / IRC,VPN,Anything Legal & Unrivaled Support!
  • "Can we get these posts removed?"

    A better question is, can we get all lowend openvz hosts to enable all of the required iptables kernel modules that CSF uses by default (see my list above)? :)

  • @DomainBop said: can we get all lowend openvz hosts to enable all of the required iptables kernel modules that CSF uses by default

    It's not part of the solus installer, so to answer your question, no.

    Hostigation High Resource Hosting - SolusVM KVM VPS / Proxmox OpenVZ VPS- Low Cost Comodo SSL Certificates
  • CoreyCorey Member, Provider

    @miTgiB said: It's not part of the solus installer, so to answer your question, no.

    LOL (nice jab at providers that don't know what they are doing)

    But seriously @DomainBop - I've only ever had 2 people need CSF previously and so it was just faster/easier to load them when the customer requests. It is a good idea for me to add this to my 'node setup' script though.

    BitAccel - OpenVZ VPS / IRC,VPN,Anything Legal & Unrivaled Support!
  • jarjar Provider
    edited January 2013

    @Amitz said: I have written something smart too:

    Somehow I find this the appropriate venue and you the appropriate person to post this for. I found this yesterday posted as an article on a hacked website hosted with GoDaddy where the password was, conveniently, the same as the domain name. The content seems to rival that of what @actionx posts.

    Foam or processed stream to infer why are called. Fda include angle top of oil. Semtalk in internet survey of pathogenic e and fibre, with coa. Acrylic and supportive attitudes will of accelerated three years of hospitals. Implement the figure 1, the later, tubes containing. Growth regulators is pigmented-pink, and novelty items pregnancy enabled faster handover using. Organizes a confirmation of gonadotropins. Support, but by manufacturers as spectrometry would like hugging orgasm. Consume meat into vagina; it may render. Acarbose is i like xanax in continuous estrogen and nationally recognized nationally marketed.

    MagicSpam blackmails providers into buying their software, and ServerHub is a professional spam organization.

  • AmitzAmitz Member
    edited January 2013

    @jarland said: Foam or processed stream to infer why are called. Fda include angle top of oil. Semtalk in internet survey of pathogenic e and fibre, with coa. Acrylic and supportive attitudes will of accelerated three years of hospitals. Implement the figure 1, the later, tubes containing. Growth regulators is pigmented-pink, and novelty items pregnancy enabled faster handover using. Organizes a confirmation of gonadotropins. Support, but by manufacturers as spectrometry would like hugging orgasm. Consume meat into vagina; it may render. Acarbose is i like xanax in continuous estrogen and nationally recognized nationally marketed.

    That's so beautiful! I am melting away... :-)

    "Consume meat into vagina; it may render."
    Pure Poetry.

    For those who care:
    You can now find me at https://talk.lowendspirit.com or https://www.hostballs.com

  • @DomainBop said: ChicagoVPS Los Angeles-missing ipt_recent and xt_connlimit

    If you go ahead and open a ticket, we can get those modules enabled for you at no cost.

    Thanks!

  • JacobJacob Member
    edited January 2013

    @DomainBop This is actually done, all modules are loaded on boot for some. I've not played with my scripts for a few months but pretty sure it covers csf modules aswell.

    AboveClouds • UK Company • UK Datacentre • UK Customer Support

    High Performance Pure SSD Cloud Hosting with a personal touch

  • geekalotgeekalot Member
    edited January 2013

    @DomainBop said: A better question is, can we get all lowend openvz hosts to enable all of the required iptables kernel modules that CSF uses by default (see my list above)? :)

    +1, Ran into a couple of LEB providers that didn't have all necessary iptables modules loaded in order to run another iptables firewall. When some are notified, they blame you (the customer) because:
    1) they don't know how to enable the necessary modules, or
    2) other customers don't have a problem because they are not running a firewall within the container (so it must be me, right? /sarcasm)

    A frustrating and disappointing waste of time on a couple of really nice deals.

    One provider who did eventually "get it" and solved it: LetBox (good for you!)
    One provider that did not solve it (for me): BlueVM

  • @CVPS_Kevin said: we can get those modules enabled for you at no cost.

    I should hope so, charging for that sort of thing would be ridiculous.

    @miTgiB said: It's not part of the solus installer, so to answer your question, no.

    This is so true.

  • DewlanceVPSDewlanceVPS Member
    edited January 2013

    @Jack said: Check again ;)

    still xt_connlimit is missing on your node.

    Dewlance
  • I'm using "recent" module to filter DNS Amp.

    ChicagoVPS instantly loaded all modules for my request.
    SpotVPS finally did but took a day long and required reinstall OS template (I dont know why...
    EaseVPS, I'm still waiting your reply.

    kernel modules reveal how much skilled they are...

  • @cause Uhm, got a ticket #?

    AboveClouds • UK Company • UK Datacentre • UK Customer Support

    High Performance Pure SSD Cloud Hosting with a personal touch

  • key900key900 Member, Provider
    edited January 2013

    @geekalot said: One provider who did eventually "get it" and solved it: LetBox (good for you!)

    One provider that did not solve it (for me): BlueVM

    Glad to hear that :)

    *LetBox.Com Make it Simple, Los Angeles & Dallas & New Jersey - Ryzen Pure NVMe + Block Storage Boxes!. Discord Community https://discord.gg/g6dqjmm
  • emgemg Member

    @corey said: Great minds think alike.

    ... or idiots seldom differ!

  • @emg: Oh, somebody feeling brashly today? ;-)

    For those who care:
    You can now find me at https://talk.lowendspirit.com or https://www.hostballs.com

  • CoreyCorey Member, Provider
    edited January 2013

    @emg said: ... or idiots seldom differ!

    >.>

    BitAccel - OpenVZ VPS / IRC,VPN,Anything Legal & Unrivaled Support!
  • Come on, Corey, my fellow idiot. Let's beat the shit out of this guy! ;-)

    For those who care:
    You can now find me at https://talk.lowendspirit.com or https://www.hostballs.com

Sign In or Register to comment.