Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


How to Install ConfigServer Firewall (CSF) on VPS
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

How to Install ConfigServer Firewall (CSF) on VPS

actionxactionx Member
edited January 2013 in Tutorials

ConfigServer Firewall, or CSF, is a common Linux security suite. Log in to your VPS as the root user and run the following commands to install CSF:

# rm -fv csf.tgz

# wget http://www.configserver.com/free/csf.tgz

# tar -xzf csf.tgz

# cd csf

# sh install.sh

If WHM/cPanel is installed on your server, you can configure CSF from WHM, otherwise edit the files in /etc/csf.

For more information, see: http://configserver.com/cp/csf.html

«1

Comments

  • DewlanceVPSDewlanceVPS Member, Patron Provider

    Also don't forget to change from "Test" mode to active mode.

    :)

  • yes that right

  • Spamtastic

  • I'm confused. Why are you removing the .tgz file before you have actually download it :/

  • @GetKVM_Ash GOES FASTER

  • DomainBopDomainBop Member
    edited January 2013

    if you're using a lowend openvz VPS you also might want to run this command to see which CSF features won't work on your box because the majority of openvz hosts don't enable all of the required iptables kernel modules (there are a few hosts who enable all required iptables modules by default):

    "perl /etc/csf/csftest.pl"

    my personal list of lowend CSF openvz compatibility:

    RamNode-all iptables modules enabled
    Cinfu -all modules enabled
    Prometeus node pm33-all modules enabled
    ChicagoVPS Buffalo-all modules enabled

    IntoVPS- missing xt_connlimit

    Prometeus SSD node pm38-missing ipt_recent and xt_connlimit
    ChicagoVPS Los Angeles-missing ipt_recent and xt_connlimit
    IcelandVPS-missing ipt_recent and xt_connlimit
    DotVPS UK-missing ipt_recent and xt_connlimit
    HostInEuro Netherlands node-missing ipt_recent and xt_connlimit
    HostSlim-missing ipt_recent and xt_connlimit
    UGVPS Los Angeles and Chicago nodes-missing ipt_recent and xt_connlimit

    ipt_recent is required for CSF portflood and port knocking features
    xt_connlimit is required for CSF connlimit feature

    ==============
    for webmin users, there is an admin GUI module available:

    "Install the csf webmin module in:

    Webmin > Webmin Configuration > Webmin Modules >
    From local file > /etc/csf/csfwebmin.tgz > Install Module"

    http://configserver.com/free/csf/install.txt

  • @GetKVM_Ash said: I'm confused. Why are you removing the .tgz file before you have actually download it :/

    Removes any possibly older copy on the server.
    That's how tutorials write it.

  • @DalComp said: Removes any possibly older copy on the server.

    That's how tutorials write it.

    Ah i would have thought tutorials were based on a fresh OS install, in which case that file wouldn't be there :P

  • I love csf.

  • @DalComp said: Removes any possibly older copy on the server.

    That's how tutorials write it.

    I actually keep an old copy in my private stash of tools, because csf -u just works.

  • Great post. Great. Really! I have written something smart too:

    In biology, sexual reproduction is a process of combining and mixing genetic traits, often resulting in the specialization of organisms into a male or female variety, each known as a sex.[1] Sexual reproduction involves combining specialized cells (gametes) to form offspring that inherit traits from both parents. Gametes can be identical in form and function (known as isogametes), but in many cases an asymmetry has evolved such that two sex-specific types of gametes (heterogametes) exist: male gametes are small, motile, and optimized to transport their genetic information over a distance, while female gametes are large, non-motile and contain the nutrients necessary for the early development of the young organism.

    An organism's sex is defined by the gametes it produces: males produce male gametes (spermatozoa, or sperm) while females produce female gametes (ova, or egg cells); individual organisms which produce both male and female gametes are termed hermaphroditic. Frequently, physical differences are associated with the different sexes of an organism; these sexual dimorphisms can reflect the different reproductive pressures the sexes experience.>

    Okay, it's just Copy & Paste. Just as smart as your posting.

  • @Amitz said: Copy & Paste.

    I prefer @eastonch and copy & pasta, best typo of the week!

  • Can we get these posts removed?

  • Or maybe just merged?

  • @Spirit said: Or maybe just merged?

    Merged and removed? LOL.

  • Or merged and then removed?

  • lol @Corey.

  • Great minds think alike.

  • "Can we get these posts removed?"

    A better question is, can we get all lowend openvz hosts to enable all of the required iptables kernel modules that CSF uses by default (see my list above)? :)

  • @DomainBop said: can we get all lowend openvz hosts to enable all of the required iptables kernel modules that CSF uses by default

    It's not part of the solus installer, so to answer your question, no.

  • @miTgiB said: It's not part of the solus installer, so to answer your question, no.

    LOL (nice jab at providers that don't know what they are doing)

    But seriously @DomainBop - I've only ever had 2 people need CSF previously and so it was just faster/easier to load them when the customer requests. It is a good idea for me to add this to my 'node setup' script though.

  • jarjar Patron Provider, Top Host, Veteran
    edited January 2013

    @Amitz said: I have written something smart too:

    Somehow I find this the appropriate venue and you the appropriate person to post this for. I found this yesterday posted as an article on a hacked website hosted with GoDaddy where the password was, conveniently, the same as the domain name. The content seems to rival that of what @actionx posts.

    Foam or processed stream to infer why are called. Fda include angle top of oil. Semtalk in internet survey of pathogenic e and fibre, with coa. Acrylic and supportive attitudes will of accelerated three years of hospitals. Implement the figure 1, the later, tubes containing. Growth regulators is pigmented-pink, and novelty items pregnancy enabled faster handover using. Organizes a confirmation of gonadotropins. Support, but by manufacturers as spectrometry would like hugging orgasm. Consume meat into vagina; it may render. Acarbose is i like xanax in continuous estrogen and nationally recognized nationally marketed.

  • AmitzAmitz Member
    edited January 2013

    @jarland said: Foam or processed stream to infer why are called. Fda include angle top of oil. Semtalk in internet survey of pathogenic e and fibre, with coa. Acrylic and supportive attitudes will of accelerated three years of hospitals. Implement the figure 1, the later, tubes containing. Growth regulators is pigmented-pink, and novelty items pregnancy enabled faster handover using. Organizes a confirmation of gonadotropins. Support, but by manufacturers as spectrometry would like hugging orgasm. Consume meat into vagina; it may render. Acarbose is i like xanax in continuous estrogen and nationally recognized nationally marketed.

    That's so beautiful! I am melting away... :-)

    "Consume meat into vagina; it may render."
    Pure Poetry.

  • @DomainBop said: ChicagoVPS Los Angeles-missing ipt_recent and xt_connlimit

    If you go ahead and open a ticket, we can get those modules enabled for you at no cost.

    Thanks!

  • JacobJacob Member
    edited January 2013

    @DomainBop This is actually done, all modules are loaded on boot for some. I've not played with my scripts for a few months but pretty sure it covers csf modules aswell.

  • geekalotgeekalot Member
    edited January 2013

    @DomainBop said: A better question is, can we get all lowend openvz hosts to enable all of the required iptables kernel modules that CSF uses by default (see my list above)? :)

    +1, Ran into a couple of LEB providers that didn't have all necessary iptables modules loaded in order to run another iptables firewall. When some are notified, they blame you (the customer) because:
    1) they don't know how to enable the necessary modules, or
    2) other customers don't have a problem because they are not running a firewall within the container (so it must be me, right? /sarcasm)

    A frustrating and disappointing waste of time on a couple of really nice deals.

    One provider who did eventually "get it" and solved it: LetBox (good for you!)
    One provider that did not solve it (for me): BlueVM

  • @CVPS_Kevin said: we can get those modules enabled for you at no cost.

    I should hope so, charging for that sort of thing would be ridiculous.

    @miTgiB said: It's not part of the solus installer, so to answer your question, no.

    This is so true.

  • DewlanceVPSDewlanceVPS Member, Patron Provider
    edited January 2013

    @Jack said: Check again ;)

    still xt_connlimit is missing on your node.

  • I'm using "recent" module to filter DNS Amp.

    ChicagoVPS instantly loaded all modules for my request.
    SpotVPS finally did but took a day long and required reinstall OS template (I dont know why...
    EaseVPS, I'm still waiting your reply.

    kernel modules reveal how much skilled they are...

Sign In or Register to comment.