Install and Configure CSF Firewall on AlmaLinux 9

In this article, you will learn to Install and Configure CSF Firewall on AlmaLinux 9.

Config Server Firewall (CSF) is a Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection, and Security application for Linux servers.
It is a security tool that can protect your server against attacks, such as brute force, and improve server security.

Steps To Install and Configure CSF Firewall on AlmaLinux 9

To complete this guide, you must log in to your server as a non-root user with sudo privileges. To do this, you can follow our guide the Initial Server Setup with AlmaLinux 9.

Install CSF on AlmaLinux 9

First, you need to update your local package index with the command below:

sudo dnf update -y

Then, you need to install some dependencies on your AlmaLinux 9 with the following command:

sudo dnf install wget vim perl -y

Next, switch to your src directory:

cd /usr/src

At this point, use the wget command to download the CSF installer script on AlmaLinux 9:

sudo wget https://download.configserver.com/csf.tgz

Extract your downloaded file:

sudo tar xzf csf.tgz

Move to your CSF directory:

cd csf

Finally, run the CSF installer script with the following command:

sudo sh install.sh

When your installation is completed, test that you have required iptables modules:

sudo perl /usr/local/csf/bin/csftest.pl

In your output you will see:

Output
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK

RESULT: csf should function on this server

Configure CSF on AlmaLinux 9

At this point, that you have CSF installed on your server, you need to edit the CSF configuration file.

Open the file with your favorite text editor, here we use vi:

sudo vi /etc/csf/csf.conf

Find the Testing line and change its value to 0.

TESTING = "0"

When you are done, save and close the file.

Now use the following commands to start and enable the CSF and LFD on AlmaLinux 9:

#sudo systemctl restart csf && sudo systemctl restart lfd
#sudo systemctl enable csf && sudo systemctl enable lfd

Verify that your CSF and LFD are active and running on your server with the commands below:

sudo systemctl status csf && sudo systemctl status lfd
Output
● csf.service - ConfigServer Firewall & Security - csf
     Loaded: loaded (/usr/lib/systemd/system/csf.service; enabled; vendor preset: disabled)
     Active: active (exited) since Thu 2022-09-22 09:26:14 EDT; 31s ago
   Main PID: 11375 (code=exited, status=0/SUCCESS)
        CPU: 505ms
...
Output
● lfd.service - ConfigServer Firewall & Security - lfd
     Loaded: loaded (/usr/lib/systemd/system/lfd.service; enabled; vendor preset: disabled)
     Active: active (running) since Thu 2022-09-22 09:26:23 EDT; 39s ago
   Main PID: 11421 (lfd - sleeping)
      Tasks: 1 (limit: 23609)
     Memory: 138.9M
        CPU: 4.233s
     CGroup: /system.slice/lfd.service
...

You can check your CSF firewall version on AlmaLinux 9 with the command below:

csf -v
Output
csf: v14.17 (generic)

If you want to allow the incoming connection from an IP address, you can use the following syntax:

csf -a [IP Address]

Otherwise, if you want to deny the incoming connection from an IP address, you can use the following syntax:

csf -d [IP Address]

Remove ConfigServer Firewall

Also, if you want to uninstall the CSF firewall from your AlmaLinux 9, you can use the following command:

# cd /etc/csf
# sh uninstall.sh

Conclusion

At this point, you have learned to Install and Configure CSF Firewall on AlmaLinux 9.

Hope you enjoy it.

Please subscribe to us on Facebook and Twitter.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

POPULAR TAGS

Most Popular