How to install the ConfigServer and Security Firewall combo on Ubuntu Server

2 years ago 543

If you'd similar a almighty firewall for your Ubuntu Server, but 1 that offers a reasonably straightforward configuration, Jack Wallen thinks CSF mightiness beryllium the close instrumentality for the job.

windows-11-security-1.jpg

Illustration: Lisa Hornung/TechRepublic

Although Uncomplicated Firewall is an outstanding information work connected Ubuntu Server, determination mightiness beryllium times erstwhile you request more. But if you don't person the clip (or the inclination) to larn the highly analyzable iptables, you mightiness privation an enactment that lies determination successful between. Such an enactment is the ConfigServer/Security Firewall combination, which offers a coagulated firewall solution that tin beryllium expanded with add-ons for things specified arsenic login/intrusion detection, exploit checks, ping of decease protection, and more.

I'll locomotion you done the installation of CSF connected Ubuntu Server 20.04.

SEE: Password breach: Why popular civilization and passwords don't premix (free PDF) (TechRepublic)

What you'll request

In bid to instal CSF, you'll request a moving lawsuit of Ubuntu Server and a idiosyncratic with sudo privileges. That's it. Let's dive in.

How to instal ConfigServer connected Ubuntu Server 20.04

The archetypal happening to beryllium done is to instal the indispensable dependencies. Log into your Ubuntu Server and contented the command:

sudo apt instal wget libio-socket-ssl-perl git perl iptables libnet-libidn-perl libcrypt-ssleay-perl libio-socket-inet6-perl libsocket6-perl sendmail dnsutils unzip -y

When that bid completes, download the latest mentation of CSF with the command:

wget http://download.configserver.com/csf.tgz

Unpack that recently downloaded tar record with:

tar -xvfz csf.tgz

Change into the recently created directory with:

cd csf

Install CSF by moving the included publication with:

sudo bash install.sh

Before we proceed on, let's marque definite iptables is loaded with:

sudo perl /usr/local/csf/bin/csftest.pl

You should see:

Testing ip_tables/iptable_filter...OK Testing ipt_LOG...OK Testing ipt_multiport/xt_multiport...OK Testing ipt_REJECT...OK Testing ipt_state/xt_state...OK Testing ipt_limit/xt_limit...OK Testing ipt_recent...OK Testing xt_connlimit...OK Testing ipt_owner/xt_owner...OK Testing iptable_nat/ipt_REDIRECT...OK Testing iptable_nat/ipt_DNAT...OK RESULT: csf should relation connected this server

How to configure CSF connected Ubuntu Server 20.04

We're acceptable to configure CSF. Open the configuration record with:

sudo nano /etc/csf/csf.conf

The archetypal happening we indispensable bash is alteration the line:

TESTING = "1"

to 

TESTING = "0"

Next, we request to restrict rsyslog/syslog entree to members of a circumstantial group. For this, find the line:

RESTRICT_SYSLOG = "0"

Change that enactment to:

RESTRICT_SYSLOG = "3"

Now comes the amusive part. Scroll down until you spot the enactment starting with:

TCP_IN

This is wherever you tin configure ports to beryllium allowed done the firewall. By default CSF volition let ports 20, 21, 22, 25, 53, 80, 110, 143, 443, 465, 587, 993 and 995. Change that enactment to lone the ports you request unfastened for the server successful question.

Next, find the lines starting with TCP_OUT, UDP_IN, and UDP_OUT and bash the aforesaid happening (configuring lone the ports you privation unfastened for incoming and outgoing traffic).

Once you've completed that task, prevention and adjacent the file. 

Start and alteration CSF with the command:

sudo systemctl alteration --now csf

How to artifact and let IP addresses with CSF

This is 1 of the ways CSF stands retired among the competition. Let maine amusement you however casual it is to artifact oregon let an IP address. To artifact an IP address, unfastened the contradict record with:

sudo nano /etc/csf/csf.deny

At the bottommost of that file, adhd the IP addresses you privation to artifact (one per line), similar so:

192.168.1.100 192.168.1.101

You tin besides artifact an full subnet similar this:

192.168.1.0/24

To let an IP address, unfastened the let record with:

sudo nano /etc/csf/csf.allow

In that file, adhd the IP addresses oregon subnets (in the aforesaid mode you did for deny) and past prevention the file.

Finally, you tin acceptable CSF to exclude an IP code successful the csf.ignore record (which is configured successful the aforesaid mode you configured the contradict and let files).

And that's each determination is to installing and configuring the ConfigServer Security Firewall operation connected Ubuntu Server. If you're looking for a powerful, yet simple, firewall for your servers, this mightiness beryllium precisely what you're looking for.

Subscribe to TechRepublic's How To Make Tech Work connected YouTube for each the latest tech proposal for concern pros from Jack Wallen.

Cybersecurity Insider Newsletter

Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and Thursdays

Sign up today

Also spot

Read Entire Article