csf

1. intro

csf = ConfigServer & Security Firewall
lfd = Login Failure Daemon

2. prereqs

yum -y remove polkit
wget -nv http://d01cid.ddns.net/sharel/etc/udev/rules.d/10-eth1.rules -P /etc/udev/rules.d/
udevadm control --reload

cat /etc/sysconfig/network-scripts/ifcfg-eth0 > /etc/sysconfig/network-scripts/ifcfg-eth1
cube /etc/sysconfig/network-scripts/ifcfg-eth1 'eth0' with 'eth1'
cube /etc/sysconfig/network-scripts/ifcfg-eth1 'IPADDR=10.1.1.10' with 'IPADDR=94.224.249.190'
cube /etc/sysconfig/network-scripts/ifcfg-eth1 'GATEWAY=10.1.1.1' with 'GATEWAY=94.224.240.1'
cube /etc/sysconfig/network-scripts/ifcfg-eth1 'DNS1=10.1.1.2' with 'DNS1=9.9.9.9'
cube /etc/sysconfig/network-scripts/ifcfg-eth1 'PREFIX=16' with 'PREFIX=20'

cube /etc/ssh/sshd_config '#Port 22' with 'Port 10022'
cube /etc/ssh/sshd_config 'PasswordAuthentication yes' with 'PasswordAuthentication no'
cube /etc/ssh/sshd_config '#UseDNS yes' with 'UseDNS no'
systemctl restart sshd.service

cube /etc/sysconfig/network-scripts/ifcfg-eth0 'GATEWAY=' with '#GATEWAY='

systemctl stop xinetd.service
systemctl disable xinetd.service

# insert eth1 and reboot

yum -y install iptables-services
systemctl enable iptables
systemctl start iptables

3. installation

yum -y install perl-libwww-perl perl-LWP-Protocol-https perl-GDGraph
curl -# https://download.configserver.com/csf.tgz | tar xz
cd csf/; ./install.sh; cd

4. configuration

cp -pv /etc/csf/csf.conf /etc/csf/csf.conf-org
cube /etc/csf/csf.conf 'TESTING = "1"' with 'TESTING = "0"'
cube /etc/csf/csf.conf 'UI = "0"' with 'UI = "1"'
cube /etc/csf/csf.conf 'UI_PORT = "6666"' with 'UI_PORT = "8080"'
cube /etc/csf/csf.conf 'UI_USER = "username"' with 'UI_USER = "admin"'
cube /etc/csf/csf.conf 'UI_PASS = "password"' with 'UI_PASS = "Passw0rd"'
cube /etc/csf/csf.conf 'RESTRICT_SYSLOG = "0"' with 'RESTRICT_SYSLOG = "3"'

cube /etc/csf/csf.conf 'LF_POP3D = "0"' with 'LF_POP3D = "1"'
cube /etc/csf/csf.conf 'LF_IMAPD = "0"' with 'LF_IMAPD = "1"'
cube /etc/csf/csf.conf 'SYSLOG_CHECK = "0"' with 'SYSLOG_CHECK = "300"'

echo "10.1.0.0/16" > /etc/csf/ui/ui.allow

systemctl restart csf.service lfd.service

echo 1 > /proc/sys/net/ipv4/ip_forward
echo "net.ipv4.ip_forward = 1" > /etc/sysctl.d/ip_forward.conf
iptables -t "nat" -A "POSTROUTING" -o "eth1" -j "MASQUERADE"

echo "10.1.1.10|*|94.224.249.190|*|tcp" >> /etc/csf/csf.redirect

5. xtra stuff

yum -y install netstat-nat denyhosts
systemctl enable denyhosts.service
systemctl start denyhosts.service

wget http://d01cid.ddns.net/sharel/etc/yum.repos.d/webmin.repo -P /etc/yum.repos.d/
yum -y install webmin

6. testing

https://srv010.d01.net:8080/

7. country

CC_DENY = “RU,CN” CC_ALLOW = "BE,DE"

8. mail

LF_ALERT_TO = "" LF_ALERT_FROM = "" LF_ALERT_SMTP = ""

LF_SSH_EMAIL_ALERT = "1" LF_SU_EMAIL_ALERT = "1" LF_ALERT_TO = "mymail@mydomain.tld"

9. commands

csf -d IP (deny access to the IP)
csf -a IP (allows access to the IP)
csf -r (restore rules)
csf -u (update csf)
csf -e (start the service)

10. debug

journalctl -xe

11. references

https://www.woktron.com/secure/knowledgebase/77/Installation-CSF-Firewall-on-CentOS.html