Tag: csf

Install and configure CSF/LFD

CSF is one of the popular firewall which is based on iptables.  CSF can be used and managed with UI of control panels like cPanel, DirectAdmin and Webmin. Here we can see how we can install and do basic configuration of CSF ( ConfigServer Security & Firewall ) & LFD ( Login Failure Daemon )  on a linux server.

How to install ?

For downloading all the csf package.

# cd /usr/local/src/
# wget http://www.configserver.com/free/csf.tgz

Uncompress the packages.

# tar -xvzf csf.tgz

Running the installation script

# cd csf
# sh install.sh


a) Main part of configuration is opening up the needed ports

below command will give you an idea of  current listening ports and processes in the server

# netstat -pln
# ps aux

find out the ports of services that you want to open and specific them on file /etc/csf/csf.conf with directives

TCP_IN  —> incoming TCP ports
TCP_OUT —> outgoing TCP ports
UDP_IN —> incoming UDP ports
UDP_OUT —> outgoing UDP ports

b) Read through the configuration, if you feel everything is okay you can disable testing by setting the first directive on configuration /etc/csf/csf.conf as below


restart csf with

# csf -r

Control Panels
CSF currently has UI for cPanel, DirectAdmin and Webmin. No specific installation changes required for cPanel and DirectAdmin, once CSF is installed you can view and manage it with cPanel/DA. You can find webmin CSF module installation instructions here.


On cPanel servers:
cd /etc/csf
sh uninstall.sh

On DirectAdmin servers:
cd /etc/csf
sh uninstall.directadmin.sh

On generic linux servers:
cd /etc/csf
sh uninstall.generic.sh

Minimal hosting control panel with Webmin

If you have a VPS server it is always good to have a very thin control panel which will not create resource overhead. Webmin minimal, is such an ideal thin control panel. Here we can see how we can build a hosting environment with webmin-minimal and other  softwares from source.

Initial Control panel setup and Firewall Installation.

We are using a fresh centos VPS. Login to the VPS as root user

1) Webmin Minimal Installation

We must install the minimal version of webmin, replace X.xxx with the webmin version you download.

# cd /usr/local/src/
# wget http://prdownloads.sourceforge.net/webadmin/webmin-X.xxx-minimal.tar.gz
# tar -zxvf webmin-X.xxx-minimal.tar.gz
# cd webmin-X.xxx/
# ./setup.sh

You will be prompted with the below questions, you can use default values itself . Please use a good password.

Config file directory [/etc/webmin]:
Log file directory [/var/webmin]:
Full path to perl (default /usr/bin/perl):
Web server port (default 10000):
Login name (default admin): nixwind
Login password:
Password again:
Start Webmin at boot time (y/n): y

Make sure that firwewall is disabled ( temporarily, we will be installing CSF later in this article) .

# /etc/init.d/iptables stop

You can access webmin with

Username and Password you have given during installation

2) Install a Theme ( Optional )

I’m going to use Vitualmin Framed theme. To Install a theme, click on Webmin Configuration

Click on Webmin Themes

On Webmin Themes menu, select From ftp or http url and specific the exact theme file there.
VirtualMin Framed Theme url :  http://download.webmin.com/download/virtualmin/virtual-server-theme-X.x.wbt.gz

Click on Install Theme

Then go to Webmin Themes again and select VirtualMin Framed Theme as current theme.

Click on Change, that’s all


3) Install Config Server Firewall for firewall management with Webmin.

Install CSF

Login to server as root and execute the below commands.

# cd /usr/src/
# wget http://www.configserver.com/free/csf.tgz
# tar -zxvf csf.tgz
# cd csf/
# sh install.sh

Install Webmin module of CSF

Select Webmin Configuration from left menu and click on Webmin Modules

Select Install From local file and specific path as /etc/csf/csfwebmin.tgz

Click on “Install Module”

You need to configure CSF, Find it on Webmin under System >> ConfigServer Security & Firewall

Configure firewall with, Firewall Configuration and Check Server Security . Disable  testing mode after properly configuring the firewall.