Install Config Server Firewall:
There are two top-quality firewalls available: APF (Advanced Firewall Policy) & CSF (Config Server Firewall). There is an unending debate on which is better.
Most people believe that CSF is better because it offers more configuration options.
Only one of the two can be installed at any one time.
Both, CSF & APF works with iptables so you must make sure iptables is installed
You can check the status of iptables with the command
service iptables status
and install it with the command
yum install iptables* -y
Install CSF (Config Server Firewall)
(If APF + BFD is already installed, it should be removed with the command
sh /etc/csf/remove_apf_bfd.sh
Download and install CSF
wget https://download.configserver.com/csf.tgz
tar zxvf csf.tgz
cd csf
./install.sh
Then start CSF
/etc/init.d/csf restart
And edit its configuration file
nano /etc/csf/csf.conf
You can leave all the values at their default but change the testing flag to ‘0’
Restart CSF
/etc/init.d/csf restart
This will cause the firewall to start.
To access various commands such as add / remove an IP address to be blocked/ whitelisted, show configuation, stop, restart etc, type
csf
and all the options will show
Update:
CSF now incorporates a “Login Failure Daemon” (lfd). What this does is to scan the latest log file entries for login attempts. If there are repeated fails, the Daemon assumes that there is a “Brute-force attack” and blocks the IP address from the incoming and outgoing connections. The result is that not only can you not log-into the SSH but you also cannot access the website.
The log file records the details of the IPs that are blocked. It can be accessed here:
nano /var/log/lfd.log
A typical entry is like this
Aug 9 15:17:05 vps lfd[3674]: (sshd) Failed SSH login from 62.141.45.64 (DE/Germany/boemann.de): 5 in the last 3600 secs - *Blocked in csf* [LF_SSHD]
One great thing about the lfd daemon is that you can receive an email every time there is a login attempt. To enable that access the csf config file with the command
nano /etc/csf/csf.conf
Now locate the lines “LF_ALERT_TO” and “LF_ALERT_FROM” and enter your email address.
Restart the lfd daemon with the command
service lfd restart
You can also restart csf with the command
csf -r
Then whenever, there is a You will receive a message like this:
lfd on vps2.me: SSH login alert for user superuser from 103.11.143.88 (IN/India/triband-mum-198.46.144.234.mtnl.net.in)
Can you help? I tried to install it, but every time receive error, how to fix this?
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LC_CTYPE = "UTF-8",
LANG = "C"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
[…] (b) Install CSF Firewall; […]