How to Install CSF (ConfigServer Security & Firewall) on Ubuntu 22.04

ConfigServer Security & Firewall (CSF) is a highly regarded tool for securing Linux servers against varying cyberattacks. Its robust functionality and simple interface proves that it is the best choice for system administrators. Whether you're managing a small server or large network, this tool provides an effective defense mechanism which is easy to deploy and manage.

The below manual discusses the installation process and configuration of this tool on Ubuntu 22.04 LTS to maximize protection and performance of the server. You can check it by using our low-latency US based VPS.

Advantages of Usage of CSF Firewall on Ubuntu 22.04 LTS

Copy link

This versatile security solution has a variety of benefits tailored for servers using Linux as an operating system.

• User-Friendly Management

With an easy-to-edit configuration file and simple command-line utilities, it ensures even novice administrators can quickly implement server security measures.

• Powerful Security Features

  • Port Restrictions: Secure sensitive services like MySQL (port 3306) and SSH (port 22) by allowing or denying specific traffic.

  • DDoS Attack Mitigation: Safety against high-traffic denial-of-service attempts.

  • False Login Notifications: Automatically blocks IPs after repeated false login attempts to protect from brute force attacks.

  • GeoIP Filtering: Restriction ofentry from certain geographic regions which gives enhanced security

• Effortless Update

Integrated with the system's package manager, CSF updates seamlessly, making sure that firewall contains the latest security patches.

• Low Resource Consumption

Optimized for performance, this tool works without placing unnecessary strain on system resources.

• Custom Alerts and Logs

Receive real-time notifications for security events and go through detailed logs to monitor server activity.

Step-by-Step Guide to Install CSF on Ubuntu 22.04 LTS

Copy link

Below is a detailed manual which explains installing it on Ubuntu 22.04 LTS.

Step 1: Updating the System

Copy link

First, update the system’s package repository to make sure you have the latest software. To update the system’s package repository, use the following command:

sudo apt update && sudo apt upgrade -y

Step 2: Installation of Dependencies

Copy link

CSF relies on some dependencies to function appropriately. To install dependencies, use command below:

sudo apt install -y perl libwww-perl liblwp-protocol-https-perl iptables nano

Essential Dependencies:

• Perl: It is a programming language. Many of the CSF scripts and configuration tools are written in Perl. Installing perl will ensure that the system will run necessary scripts to manage firewall operations properly.

• libwww-perl and liblwp-protocol-https-perl: These libraries handle HTTP & HTTPS requests. CSF uses them to fetch updates, download remote blocklists, and securely manage real-time threat data feeds over HTTPS, enhancing firewall’s ability to keep itself updated with the new security information.

• iptables: Serving as the foundation for the Linux firewall functionality, iptables is integral for operations. It allows to define and implement traffic filtering rules, block specific ports, and restrict connectivity by IP addresses at the kernel level.

• nano: While optional, it is included to simplify the method of editing the configuration files directly from the terminal. It enables system administrators for doing quick modifications to firewall settings while staying in terminal.

Step 3: Download and install CSF

Copy link

The package is available to download through its official website. For downloading, run these commands:

cd /usr/src
sudo wget https://download.configserver.com/csf.tgz

Extract the files:

sudo tar -xvzf csf.tgz

For installation, go to the extracted directory: 

cd csf

And execute the installer by running the following command:

sudo sh install.sh

When the installation is complete, it will look like the following:

To confirm installation, check the CSF version by running:

sudo csf -v

CSF version will appear on the screen:

Step 4: Configure CSF Firewall Settings

Copy link

CSF needs to be configured according to the user’s needs. There are two ways to configure it, through GUI and through terminal.

By Terminal

For this, we will perform changes in csf.conf located at /etc/csf/csf.conf. Use the following command to open the csf.conf file:

sudo nano /etc/csf/csf.conf

Output:

Do the following changings for basic firewall protection:

• Testing mode (TESTING = "1") temporarily clears firewall rules to prevent being locked out during configuration. Enable it until you verify all settings, then disable it (TESTING = "0") to activate full protection.

TESTING = "0"

• Allow MySQL Port: If you need to allow using MySQL, update csf.conf as below:

TCP_IN = "22,3306"

After modifications have been done in configuration, apply them, using:

sudo csf -r
sudo systemctl restart csf

By GUI

This tool already has a GUI mode built in. It needs to be configured through the csf.conf and a few commands. Following is the procedure of enabling it.

1. Install prerequisites:

To install prerequisites, use the following command:

apt-get install libio-socket-ssl-perl libcrypt-ssleay-perl \
                    libnet-libidn-perl libio-socket-inet6-perl libsocket6-perl

2. Perform amendments in csf.conf:

Perform edits in csf.conf to enable the UI mode and allow endpoints. Also update the username and password for UI. Note that the default username and password have to be updated. So to access the csf.conf, use the following command:

sudo nano /etc/csf/csf.conf

Now find ui = "0" and convert it to "1".

This will enable the UI mode.

Then find UI_PORT =  and write an entry of 7171. This will be the specific gateway on which you can interact with the GUI. Be sure that the port number is always bigger than 1024.

After these, also edit the UI_USER and UI_PASSWORD.

Place the same port in TCP_IN and TCP_OUT. 

Enter this command to add your IP address to ui.allow file:

sudo echo "your_IP_adress" >> /etc/csf/ui/ui.allow

In this command you have to paste your IP address. If you do not know your IP address, then you can just google "Whats my IP" and it will show you your IP. Just copy and paste in the above command and hit enter.

Then in the terminal, type:

csf -r
systemctl restart csf
systemctl restart lfd

This will properly apply the ammendmets you have performed. Now, your UI has been set up. Now you need to enter your IP address with the endpoint you allowed (7171).

Finally, interact with the UI. To connect with the GUI, you need to type the IP of the server along with the port that you set (7171) in your browser. In my case it was the following:

195.133.93.222:7171

• 195.133.93.222: The public IP address of the server

• 7171: Gateway number which I set

Now you have the GUI.

Additional CSF Firewall Commands

Copy link

With the tool now installed, you can make additional commands that can be highly useful for enhancing firewall management. Following is some detail:

To block an IP address:

sudo csf -d <IP_ADDRESS>

To allow an IP address:

sudo csf -a <IP_ADDRESS>

To view status:

sudo csf -l

To restart:

sudo csf -r

Setting Up Alerts in CSF

Copy link

Activating notifications allows the admins of the server to get timely updates on important events, such as IP blocks, failed login attempts, and other security incidents. These are important in quickly detecting, as well as addressing safety risks. Below is the explanation about setting up notifications via email.

Updating the Configuration File

Copy link

Use a text editor like Nano to open the tool’s main configuration file by writing:

sudo nano /etc/csf/csf.conf

Search for the line starting with LF_EMAIL_ALERT. This setting determines whether CSF sends email notifications.

LF_EMAIL_ALERT = "0"

Change the value from 0 to 1 to enable email notifications.

LF_EMAIL_ALERT = "1"

Find the LF_ALERT_TO option in the file, which defines the recipient email for alerts. Add the preferred email here:

LF_ALERT_TO = "admin@example.com"

Define email of the sender by utilizing the option LF_ALERT_FROM. The notifications will be sent from this email address:

LF_ALERT_FROM = "csf-alerts@example.com"

Press CTRL + O to save changes and CTRL + X to exit Nano.

Restart CSF and LFD:

sudo csf -r
sudo systemctl restart lfd

Customizing Alert Types

Copy link

You can customize which types of events would trigger email notifications. A few common options in the config are below:

• Login Failures: Controlled by LF_ALERT_LOGIN.

• Blocked IP Alerts: Enabled by LF_EMAIL_ALERT.

• Excessive Resource Usage: Configured via LF_ALERT_RESOURCE.

For example, to enable login failure notifications, set:

LF_ALERT_LOGIN = "1"

Benefits of Email Notifications

Copy link

• Real-Time Monitoring: Immediate awareness of suspicious activities or potential threats.

• Quick Response: Reduces the time between detecting and mitigating safety issues.

• Audit Trail: Email warnings provide a record of important safety events.

By enabling notifications, it becomes an even more proactive tool in managing server safety.

Example: Configuring CSF for WordPress

Copy link

Here's how to configure CSF to meet the requirements for a server hosting WordPress (WP), MySQL, and Redis:

1: Open the CSF configuration file:

sudo nano /etc/csf/csf.conf

2: Allow endpoints 80 (HTTP) and 443 (HTTPS). These are required for serving the WordPress site.

Find the line that starts with TCP_IN and modify it as follows:

TCP_IN = "22,80,443,3306,6379"

Explanation:

• 22: SSH access

• 80: HTTP for WordPress

• 443: HTTPS for WordPress

• 3306: MySQL gateway

• 6379: Redis gateway

3: Add a custom rule to limit interaction to Redis (port 6379) from the internal network only.

Find the csf.allow file and add:

192.168.1.0/24 6379 # Internal network access to Redis

Replace 192.168.1.0/24 with your internal network's CIDR notation.

4: Restrict MySQL connectivity.

Allow MySQL authorization from internal network. In the csf.allow file, add:

192.168.1.0/24 3306 # Internal network access to MySQL

Allow MySQL access from an external developer IP. In the same csf.allow file, add:

203.0.113.5 3306 # Developer IP access to MySQL

Replace 203.0.113.5 with the developer's external IP address.

5: Restrict SSH Access. To allow SSH visibility only from a specific subnet, add the subnet to csf.allow:

192.168.1.0/24  # SSH access from the specific subnet

Also, explicitly deny SSH visibility from all other IPs in csf.deny:

ALL 22 # Block SSH for all except explicitly allowed IPs

6: Apply changes by restarting CSF and LFD:

sudo csf -r
sudo systemctl restart lfd

7: Verify that the connections points are correctly opened:

sudo csf -l

Check specific IP connectivity using:

csf -g <IP_ADDRESS>

Conclusion

Copy link

Using ConfigServer Security & Firewall on Ubuntu 22.04 LTS significantly improves the safety of the server. Along with its advanced functions like managing gateways, DDoS protection, and warnings in real-time, it also provides a comprehensive solution for safeguarding servers of Linux. To find more about different options and settings of this tool, check its official website.

By utilizing this guide, you'll establish a robust firewall infrastructure capable of defending against modern cyber threats while maintaining optimal server performance.

In addition, you can install Ubuntu on our cloud VPS server.