Secure & Harden Centos VPS Server (Install CSF Firewall)

Install Config Server Firewall:

There are two top-quality firewalls available: APF (Advanced Firewall Policy) & CSF (Config Server Firewall). There is an unending debate on which is better.

Most people believe that CSF is better because it offers more configuration options.

Only one of the two can be installed at any one time.

Both, CSF & APF works with iptables so you must make sure iptables is installed

You can check the status of iptables with the command

service iptables status

and install it with the command

yum install iptables* -y

Install CSF (Config Server Firewall)

(If APF + BFD is already installed, it should be removed with the command

sh /etc/csf/remove_apf_bfd.sh

Download and install CSF

wget https://download.configserver.com/csf.tgz
tar zxvf csf.tgz
cd csf
./install.sh

Then start CSF

/etc/init.d/csf restart

And edit its configuration file

nano /etc/csf/csf.conf

You can leave all the values at their default but change the testing flag to ‘0’

Restart CSF

/etc/init.d/csf restart

This will cause the firewall to start.

To access various commands such as add / remove an IP address to be blocked/ whitelisted, show configuation, stop, restart etc, type

csf

and all the options will show

Update:

CSF now incorporates a “Login Failure Daemon” (lfd). What this does is to scan the latest log file entries for login attempts. If there are repeated fails, the Daemon assumes that there is a “Brute-force attack” and blocks the IP address from the incoming and outgoing connections. The result is that not only can you not log-into the SSH but you also cannot access the website.

The log file records the details of the IPs that are blocked. It can be accessed here:


nano /var/log/lfd.log

A typical entry is like this


Aug 9 15:17:05 vps lfd[3674]: (sshd) Failed SSH login from 62.141.45.64 (DE/Germany/boemann.de): 5 in the last 3600 secs - *Blocked in csf* [LF_SSHD]

One great thing about the lfd daemon is that you can receive an email every time there is a login attempt. To enable that access the csf config file with the command


nano /etc/csf/csf.conf

Now locate the lines “LF_ALERT_TO” and “LF_ALERT_FROM” and enter your email address.

Restart the lfd daemon with the command


service lfd restart

You can also restart csf with the command


csf -r

Then whenever, there is a You will receive a message like this:


lfd on vps2.me: SSH login alert for user superuser from 103.11.143.88 (IN/India/triband-mum-198.46.144.234.mtnl.net.in)

3 thoughts on “Secure & Harden Centos VPS Server (Install CSF Firewall)

Leave a Reply

Your email address will not be published. Required fields are marked *