Search the forums:

UnderHost Networks Ltd

RegisterNav Seperator FAQNav Seperator Members ListNav Seperator CalendarNav Seperator SearchNav Seperator Today's PostsNav Seperator Mark Forums ReadNav Seperator Navigation Right

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.


UnderHost Networks Ltd » Technical Support » Tutorials / How to? (Cpanel/WHM) » Install CSF Firewall for Cpanel

Reply
LinkBack Thread Tools Display Modes
 
  #1 (permalink)  
Old 04-18-2009, 03:30 AM
UnderHost's Avatar
UnderHost Management
  
Join Date: Jul 2008
Posts: 598
Default Install CSF Firewall for Cpanel
CSF firewall commonly known as Configserver Security and Firewall has become one of the popular firewall not just because of its easy of use it also provides a cpanel interface and can be easily installed and tuned by any novice users. If you are running cpanel without firewall then CSF firewall is very much recommended, considering the security aspects of your server.

You can visit the CSF firewall website for more information.
You can also download necessary files there.
Important Features

* WHM Interface for CPanel
* Firewall Running Status
* Easy to Install and Administer
* Brute Force Attack Prevention
* One Click Server Security Checks
* Port scan prevention and blocking
* Intrusion detection system
* Easy Installation and Configuration
* IP Blocking and more..

Let us prepare a linux based server running with cpanel. Note that CSF firewall requires to remove any currently running IP based firewall (APF or other IP tables firewall). It comes with all necessary scripts that will remove APF or IP tables firewall.
Installation Steps

1. Download the package here

Code:
wget <<path_of_tgz_file>>
2. Untar it

Code:
tar -zxf csf.tgz
3. Run the Install script.

Code:
sh csf/install.sh
Thats it! wait until the script ends!

4. Remove APF or IPTables Firewall

If you have any existing IP tables firewall remove them using uninstall scripts located at /etc/csf. In this case i was running APF firewall and BFD in my server so i have to remove it.

Code:
sh /etc/csf/remove_apf_bfd.sh
5. Start the Firewall in Testing Mode

Start the firewall with the following command.

Code:
csf -s
// start the firewall
csf -r
// restart the firewall
csf -f
// flush the rules or stop the firewall.
If you are running a VPS plan, then you might get the error like this

"iptables LKM ip_tables missing so this firewall cannot function unless you enable MONOLITHIC_KERNEL in /etc/csf/csf.conf
Error: aborted, at line 156"

To fix:
Open the /etc/csf/csf.conf and look for a line MONOLITHIC_KERNEL = "0" and change to MONOLITHIC_KERNEL = "1"

Thats all! Now restart the firewall.

7. Specify which ports you want to allow.

It is very important to check the firewall on which ports to open and close all remaining port numbers. Open the /etc/csf/csf.conf and edit the following line with port numbers

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,953,993,995,207 7,2078,2082,2083,2087"
# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,953,2 087,2089,2703"
# Allow incoming UDP ports
UDP_IN = "20,21,53,953"
# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list
UDP_OUT = "20,21,53,113,123,873,953,6277"

21 => FTP
22 => SSH
23 => Telnet
25 => SMTP Mail Transfer
43 => WHOIS service
53 => name server (DNS)
80 => HTTP (Web server)
110 => POP protocol (for email)
443 => HTTP Secure (SSL for https:// )
995 => POP over SSL/TLS
9999 => Urchin
3306 = > MysQL Server
2082 => CPANEL Default
2083 => CPANEL - Secure/SSL
2086 => CPANEL WHM
2087 => CPANEL WHM - Secure/SSL
2095 => cpanel webmail
2096 => cpanel webmail - secure/SSL
Plesk Control Panel => 8443
DirectAdmin Control Panel => 2222
Webmin Control Panel => 10000


6. Disable the Testing Mode and Start the Firewall

Remember by default the firewall is running in testing mode. You might want to disable the firewall running in testing mode.

Code:
vi /etc/csf/csf.conf
//Look for the first line and set testing mode to "0"
TESTING = "0"

//Now restart the firewall!
Code:
csf -r
In Cpanel

If you have successfully installed the CSF firewall, then you will find this CSF Security & Firewall option within cpanel WHM at the bottom of the menu. Just click on the link and you can also edit the firewall settings inside Cpanel, which is very easy to do.

CSF Firewall in Cpanel
Config Files

/etc/csf/csf.conf CSF Firewall configuration file
/etc/csf/csf.allow => Config file to allow IPs
/etc/csf/csf.deny => Config file to deny IPs
/etc/csf/ => Alert files with TXT extension are stored within this directory
Final Steps

1. Check the status of firewall inside cpanel
2. Harden the firewall security by performing the system security check. To do this go to Cpanel WHM > CSF Firewall & Security > Check System Security. There it will list WARNINGS based on your server.
Frequently Asked Questions
1. How do i know whether the firewall is running or not?

Just login to Cpanel WHM > Config Security & Firewall > Status: Running

Another good idea is to check and see which ports have been opened and closed by firewall.

To look for open ports, just use the following commands in linux and observe which ports are open.

netstat -nap
OR
nmap fuser localhost
2. How do i Remove the CSF Firewall

Just run the uninstall script located at /etc/csf/ directory

Code:
sh /etc/csf/uninstall.sh
__________________

UnderHostProviding Affordable and Quality Web Hosting & Offshore Hosting
24/7 Fast Support / 99.9% Uptime Guarantee
UHVPSVirtual Private Servers & Premium Offshore VPS
Hong Kong - Singapore - USA - Canada - Netherlands - United Kingdom - Germany
Reply With Quote
underhost.us
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Loading...


All times are GMT -4. The time now is 07:19 PM.
Copyright © 2009 UnderHost Networks Ltd

Contact Us - UnderHost - Archive - Privacy Statement - Top


Registered Member Login
Forgot Password?

Our Site

idAffiliates
id
 Affiliates  Affiliate program

id
id Networks
id
HostingNetwork Status
HostingHosting Blog
HostingHosting Forum
Hosting@UnderHost

id
id Domains Tools
id
HostingSEO Tools
HostingWeb Traffic

HostingDomains Transfer
HostingDomains Registration
HostingDomains Management

id
id Client Area

HostingMy Account
HostingClient Area
HostingSubmit Ticket
HostingGet a quotes!

id

Our Services



Get Your Domain Now!

underhost.us


underhost.us
RegisterNav Seperator FAQNav Seperator Members ListNav Seperator CalendarNav Seperator SearchNav Seperator Today's PostsNav Seperator Navigation Right