Advance

How to Install CSF on Ubuntu 22.04

How to Install CSF on Ubuntu 22.04

CSF is a very powerful and free software firewall released by the Way to the Web team and made available to the public. You can secure your server by installing CSF (Config Server Firewall). This firewall is a popular security tool for server security. In this article, we are going to show you step by step How to Install CSF on Ubuntu 22.04. You can check out the packages offered on the Eldernode website if you would like to purchase an Ubuntu VPS server.

Tutorial Install CSF on Ubuntu VPS

Recommended Article: Tutorial Install SysStat On Ubuntu 20.04 LTS

What is CSF?

CSF or Config Server Firewall is a free software firewall that can be easily installed on Redhat, CentOS and Ubuntu servers. To increase efficiency of this service, you must configure it after installation. The firewall automatically scans your server and control panel and shows vulnerabilities in the check server security section.

The use of CSF is to configure and establish a simple connection between the server user and core of the Linux firewall, which is iptables. Experts therefore consider CSF to be a script for configuring iptables.

Prerequisites for Installing CSF on Ubuntu 22.04

–> A server that works with Ubuntu 18.04, 20.04, 22.04 and any Debian-based distribution.

–> Act as a non-rooted sudo user or access the root user.

–> Use a newly installed operating system.

Installing CSF on Ubuntu 22.04

First update your system packages:

sudo apt update 
sudo apt upgrade

Now download the latest CSF archive source code from the official CSF site:

wget http://download.configserver.com/csf.tgz

After extracting downloaded file, run install script:

tar -xvzf csf.tgz 
cd csf 
sudo bash install.sh

To install the required iptables modules on your system, run the following command:

sudo perl /usr/local/csf/bin/csftest.pl

Then you will see the following output:

RESULT: csf should function on this server

Now configure the CSF according to the following command:

nano /etc/csf/csf.conf

Depending on your needs, you can make changes in the following line:

TESTING = "0" RESTRICT_SYSLOG = "3" TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"
# Allow outgoing TCP ports TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995"
# Allow incoming UDP ports UDP_IN = "20,21,53,80,443"
# Allow outgoing UDP ports # To allow outgoing traceroute add 33434:33523 to this list UDP_OUT = "20,21,53,113,123"
# Allow incoming PING. Disabling PING will likely break external uptime # monitoring ICMP_IN = "1"

After saving the file, restart the CSF with the following command:

csf -r 
csf -l

Then you will see the following output:

iptables mangle table
Chain PREROUTING (policy ACCEPT 55 packets, 3332 bytes) num pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 48 packets, 3054 bytes) num pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 24 packets, 15822 bytes) num pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 24 packets, 15822 bytes) num pkts bytes target prot opt in out source destination

 

iptables raw table
Chain PREROUTING (policy ACCEPT 51 packets, 3321 bytes) num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 24 packets, 15966 bytes) num pkts bytes target prot opt in out source destination

 

iptables nat table
Chain PREROUTING (policy ACCEPT 12 packets, 1410 bytes) num pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1 packets, 69 bytes) num pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1 packets, 23 bytes) num pkts bytes target prot opt in out source destination

Then we access the CSF web interface. To do this, first edit the original CSF configuration file with the following command:

nano /etc/csf/csf.conf

Then add the following lines:

#Enable Web UI UI = "1"
#Listening Port UI_PORT = "8080"
#Admin username UI_USER = "admin"
#Admin user password
UI_PASS = "your-password"
#Listening Interface UI_IP = ""

Then save the file and edit it according to the following command:

nano /etc/csf/ui/ui.allow

Now add your server IP and remote machine IP:

your-server-ip
remote-machine-ip

After saving the file, restart the CSF and LFD service to apply the changes:

csf -r
service lfd restart

Finally search for the server’s IP address and then port 8080 from your browser:

http://your-server-ip:8080

Conclusion

At the beginning of this article, we first introduced you to CSF. This way your server is secured by installing and configuring CSF on Ubuntu 22.04, and the firewall automatically scans your server and control panel. Thank you for joining us. If you have any questions or problems, please contact us through the comments section.

We Are Waiting for your valuable comments and you can be sure that it will be answered in the shortest possible time.

    Leave Your Comment

    Your email address will not be published.

    We are by your side every step of the way

    Think about developing your online business; We will protect it compassionately

    We are by your side every step of the way

    +8595670151

    7 days a week, 24 hours a day