SecureCentos.com

How to install CSF firewall on centos linux

admin — Tue, 12 Oct 2010 09:44:46 +0000

Product Name: CSF (ConfigServer Security & Firewall)
Product Version: 5.12 (using download link, will give you the latest version)
Homepage: http://www.configserver.com/cp/csf.html
Description: Advanced Policy Firewall (APF) is an iptables(netfilter) based firewall system designed around the essential needs of todays Internet deployed servers and the unique needs of custom deployed Linux installations. The configuration of APF is designed to be very informative and present the user with an easy to follow process, from top to bottom of the configuration file. The management of APF on a day-to-day basis is conducted from the command line with the apf command, which includes detailed usage information and all the features one would expect from a current and forward thinking firewall solution.
Links: CSF Readme – Install – Changelog – License

Pre Setup: Make sure perl modules are installed

yum install -y perl-libwww-perl

Step 1: Download, unpack, install of APF from source.

cd /usr/local/src
wget http://www.configserver.com/free/csf.tgz
tar -zxvf csf.tgz
cd csf
./install.sh

Step 1.1: Cleanup source install files.

rm -Rf /usr/local/src/csf* && cd

Step 2: Backup orginal CSF config

cp /etc/csf/csf.conf /etc/csf/csf.conf.bak

Step 3: Edit current CSF config

nano -w /etc/csf/csf.conf

Howto configure OSSEC for APF

admin — Wed, 16 Sep 2009 08:33:26 +0000

A quick howto configure your OSSEC installation for APF Iptables firewall frontend

Step 1: Open OSSEC config for editing

nano -w /var/ossec/etc/ossec.conf

Step 1.1: Locate “Files/directories to ignore”, And add new lines

    /etc/prelink.cache
    /etc/apf/internals/.last.full
    /etc/apf/internals/.apf.restore

Step 2: Restart OSSEC when your done editing

/var/ossec/bin/ossec-control restart

Howto configure OSSEC for CSF

admin — Wed, 16 Sep 2009 08:25:11 +0000

A quick howto configure your OSSEC installation for CSF Iptables firewall frontend

Step 1: Open OSSEC config for editing

nano -w /var/ossec/etc/ossec.conf

Step 1.1: Locate “Files/directories to ignore”, And add new lines

    /etc/prelink.cache
    /etc/csf/csf.temppids
    /etc/csf/csf.tempban
    /etc/csf/csf.tempint
    /etc/csf/stats/iptables_log
    /etc/csf/csf.dshield
    /etc/csf/csf.tempip
    /etc/csf/csf.deny
    /etc/csf/csf.tempfiles
    /etc/csf/csf.spamhaus

This one is optional, might be nice if someone is sneaking their ip in.

    /etc/csf/csf.allow

Step 2: Restart OSSEC when your done editing

/var/ossec/bin/ossec-control restart

Howto configure OSSEC for Directadmin

admin — Wed, 16 Sep 2009 08:10:30 +0000

A quick howto configure your OSSEC installation for Directadmin web hosting panel

Step 1: Open OSSEC config for editing

nano -w /var/ossec/etc/ossec.conf

Step 1.1: Locate “Files/directories to ignore”, And add new lines

    /etc/httpd/conf/extra/directadmin-vhosts.conf
    /etc/httpd/conf/extra/directadmin-vhosts.conf.back
    /etc/virtual/domains
    /etc/virtual/domainowners
    /etc/proftpd.passwd
    /etc/proftpd.vhosts.conf
    /etc/named.conf

Direct Admin also uses these files when creating users, but i do not recommend you adding these files to the ignore list:

/etc/group
/etc/group-
/etc/passwd
/etc/passwd- 
/etc/gshadow
/etc/shadow
/etc/shadow-
/etc/gshadow-

Step 2: Restart OSSEC when your done editing

/var/ossec/bin/ossec-control restart