Admin Books

DOWNLOAD Free e-Books for Linux Admin Servers :
Browse » Home » All posts

Virtualmin/Webmin + CentOS Installing Config Server Firewall (CSF/LFD)


Virtualmin/Webmin + CentOS Installing Config Server Firewall (CSF/LFD)



These are the simple instructions on how to install CSF. You will want to make sure you’ve also installed the perl prerequisites with the following command:

yum  install perl-libwww-perl

You can do this with the following commands:



cd /tmp

wget -c http://www.configserver.com/free/csf.tgz

tar xzf csf.tgz

cd csf

sh install.sh


This will install CSF, but by default, CSF is in “testing” mode, which means that it doesn’t really protect you from anything as it normally would. There are some settings that must be changed before you will want to disable testing mode. Open the file /etc/csf/csf.conf like this:

nano /etc/csf/csf.conf

Find the TCP_IN variable and set it to:

TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,3000:3050,10000"

This will enable all of the default ports that are used on a web server. Now, we will need to find the UDP_IN variable and change it to read:

UDP_OUT = "20,21,53,113,123,33434:33523"

This will allow the use of the “Traceroute” command, without the “33434:33523″, traceroute will not work.

Before you go ahead and change the TESTING variable to 0, I highly recommend reading the entire CSF readme located here: http://configserver.com/free/csf/readme.txt

Like I mentioned, to disable TESTING change the TESTING variable to:

TESTING = "0"

Now you can save the file. Now you’re ready to restart the csf daemon:

service csf restart

To make sure CSF starts on reboot:

chkconfig --level 235 csf on

You’ve successfully configured CSF!

Next, test whether you have the required iptables modules:

perl /etc/csf/csftest.pl
In webmin, follow this route:

Webmin > Webmin Configuration > Webmin Modules >
  From local file > /etc/csf/csfwebmin.tgz > Install Module
 
  If you've installed the Webmin CSF module - then you can manage your CSF firewall in your browser (via Webmin >> System >> ConfigServer Security & Firewall).

Other than that, the only option I know of is to use the command line.
0 comments
Labels: , , ,
Subscribe to: Posts (Atom)