David Kitchen

The information on this is to be found here:
http://www.configserver.com/cp/csf.html

In a very brief summary though, it’s a simplified configuration manager for iptables (the Linux firewall) and also provides things like log file watching, alerts, authentication failures, login tracking, suspicious process reporting, etc.

This guide was written for Ubuntu 9.10 Karmic Koala, but I’m sure it will work on most Linux with possibly only minor adjustments.

1. Installation

Install pre-requisites:
sudo apt-get install libwww-perl

Get CSF:
wget http://www.configserver.com/free/csf.tgz
tar -xvf csf.tgz
rm csf.tgz
cd csf

Install the software:
sudo sh install.sh

2. Configuration

Go to the config folder as root:
sudo su
cd /etc/csf

The main configuration can be found in csf.conf, but you’ll also find additional configuration in the other files in that folder.

To activate CSF and LFD, you will need to set the value for TESTING in csf.conf to zero, ’0′.

A quick overview of the files you might need to edit (from the readme.txt):

• csf.conf – the main configuration file, it has helpful comments explaining what each option does
• csf.allow – a list of IP’s and CIDR addresses that should always be allowed through the firewall
• csf.deny – a list of IP’s and CIDR addresses that should never be allowed through the firewall
• csf.ignore – a list of IP’s and CIDR addresses that lfd should ignore and not not block if detected
• csf.*ignore – various ignore files that list files, users, IP’s that lfd should ignore. See each file for their specific purpose and syntax

Useful ports to know about:
MySql = TCP 3306
Memcached = TCP 11211
Web = TCP 80 & TCP 443

Once configured as you want, restart the services:
/etc/csf/csf.pl --restart
/etc/init.d/lfd restart

And without closing your current SSH session, login to confirm that you haven’t done something silly like locked yourself out before you disconnect from your primary session.