Escolar Documentos
Profissional Documentos
Cultura Documentos
Login Tracking
Process Tracking
Directory Watching
Block Reporting
The first step involves removing any previous version of csf that might have been
downloaded and then downloading the latest version. To perform these use the
following two commands:
rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
Now we extract the tar file in the home directory and move into the csf directory.
tar -xzf csf.tgz
cd csf
Now we are ready to install, but before we can, we will need to have root privileges else
we will not be able to install. So, use the following command to gain root privilege and
type in the password if asked.
sudo su
Once the installation is over successfully, the output will look similar to the image below.
Once the installation is complete, we can do the verification.To do so, we test if our
system has all the required iptables modules. Now when this is run, it might indicate
that you might not be able to run all the features but that is alright. This test can be
considered as PASS as long as the script doesn't report any FATAL errors. To test it, use
the following command:
perl /usr/local/csf/bin/csftest.pl
I didn't have it pre-installed , so the output of the command in my system looked like
the image below:
5 The configuration
CSF is automatically preconfigured for cPanel and DirectAdmin and will work with all the
standard ports open. CSF also csf auto-configures your SSH port on installation where
it's running on a non-standard port. CSF also auto-whitelists your connected IP address
where possible on installation. But however full control can be taken by the admin and
csf can be manually configured to suit the needs of the type of server.
CSF is installed in the "/etc/csf" directory and the user requires root privileges even to
access the directory. This directory consists of all the files required to configure and run
the csf. Firstly, "csf.conf" is the file that helps enabling/disabling and managing every
possible use and feature of csf. It handles all the configurations. The directory also
contains various files like "csf.syslog" that contains where the log files will be kept,
"csf.allow" file that is used to allow IP address through the firewall, and many more.
the "-w" or the "--watch" option can be used to watch and log packets from a specified
source as they traverse the iptables chains. This feature becomes extremely useful
when in tracking where that IP address is being dropped or accepted by iptables. Do
note that at any time time, only a few IP addresses should be watched and for a short
period of time, else the log file gets flooded with these entries. To end the watch you will
have to restart csf, as watches do not survive restarts.
The steps to watch are:
Go to the config file present in /etc/csf called "csf.conf" this is the config file.
Search for "WATCH_MODE" and make the value "1". This enables it.
use the following command to watch the ip. Make sure you change the IP shown
below to what you want.
csf -w 11.22.33.44
Watch the kernel iptables log for hits from the watched IP address
Once done, disable WATCH_MODE and restart the csf and lfd. The following is a trimmed
down example log watch of 192.168.254.4 connecting to port 22: