Install CSF Firewall on Rocky Linux 9 | Easy and Secure

By Posted on

Install CSF Firewall on Rocky Linux 9 | Easy and Secure

Install CSF Firewall on Rocky Linux 9 | Easy and Secure

In this guide, we want to teach you How To Install CSF Firewall on Rocky Linux 9. ConfigServer Firewall, also known as CSF, is a firewall configuration script created to provide better security for your server while giving you an advanced, easy-to-use interface for managing firewall settings. CSF configures your server’s firewall to lock down public access to services and only allows certain connections, such as logging in to FTP, checking email, or loading websites.

ConfigServer Firewall also comes with a service called Login Failure Daemon, or LFD. LFD watches your user activity for excessive login failures which are commonly seen during brute-force attacks.

You can now proceed to the guide steps below on the Orcacore website to set up CSF on Rocky Linux 9.

Install and Configure ConfigServer Firewall CSF on Rocky Linux 9

To complete this guide, you must log in to your server as a non-root user with sudo privileges. To do this, you can follow our guide on Initial Server Setup with Rocky Linux 9.

Install CSF Firewall on Rocky Linux 9

First, you need to update your local package index with the command below:

sudo dnf update -y

Then, you need to install some dependencies on your Rocky Linux 9 with the following command:

sudo dnf install wget vim perl -y

Next, switch to your src directory:

cd /usr/src

Download CSF Installer Script

At this point, use the wget command to download the CSF installer script on Rocky Linux 9:

sudo wget https://download.configserver.com/csf.tgz

Extract your downloaded file:

sudo tar xzf csf.tgz

Move to your CSF directory:

cd csf

Run CSF Installer Script

Finally, run the CSF installer script with the following command:

sudo sh install.sh

When your installation is completed, test that you have required iptables modules:

sudo perl /usr/local/csf/bin/csftest.pl

In your output you will see:

Run CSF Installer Script

Configure ConfigServer Firewall on Rocky Linux 9

At this point, that you have CSF installed on your server, you need to edit the CSF configuration file.

Open the file with your favorite text editor, here we use vi:

sudo vi /etc/csf/csf.conf

Find the Testing line and change its value to 0.

**TESTING = "0"**

When you are done, save and close the file.

Manage CSF and LFD Service

Now use the following commands to start and enable the CSF and LFD on Rocky Linux 9:

#sudo systemctl restart csf && sudo systemctl restart lfd
#sudo systemctl enable csf && sudo systemctl enable lfd

Verify that your CSF and LFD are active and running on your server with the commands below:

sudo systemctl status csf && sudo systemctl status lfd
ConfigServer Firewall & Security - csf
ConfigServer Firewall & Security - lfd

You can check your CSF firewall version on Rocky Linux 9 with the command below:

csf -v
**Output**
csf: v14.17 (generic)

If you want to allow the incoming connection from an IP address, you can use the following syntax:

csf -a [IP Address]

Otherwise, if you want to deny the incoming connection from an IP address, you can use the following syntax:

csf -d [IP Address]

Remove ConfigServer Firewall

Also, if you want to uninstall the ConfigServer firewall from your Rocky Linux 9, you can use the following command:

# cd /etc/csf
# sh uninstall.sh

Conclusion

At this point, you have learned to install and Configure ConfigServer Firewall on Rocky Linux 9. CSF is lightweight, highly configurable, and helps secure your Rocky Linux 9 server efficiently.

Hope you enjoy it. Please subscribe to us on Facebook and YouTube.

You may also like these articles:

How To Install Plesk on Rocky Linux 9

Install Apache Cassandra on Rocky Linux 9

How To Install Netdata on Rocky Linux 9

Alternative Solutions for Firewall Management on Rocky Linux 9

While CSF provides a robust and user-friendly interface for managing your firewall, Rocky Linux 9 offers other powerful options for securing your server. Here are two alternative approaches: using firewalld directly with its command-line interface (firewall-cmd) and employing a more comprehensive security solution like Fail2ban in conjunction with firewalld.

1. Direct firewalld Management

firewalld is the default firewall management tool in Rocky Linux 9. It offers a dynamic firewall management system with support for network zones to assign different trust levels to network interfaces and connections. Instead of relying on a third-party tool like CSF, you can directly configure firewalld to achieve similar security goals. This approach gives you granular control over every aspect of your firewall.

Explanation:

  • Zones: firewalld uses zones to define trust levels for network connections. Common zones include public, private, trusted, drop, and block. You assign network interfaces to zones based on the security requirements.
  • Services: firewalld provides predefined services (e.g., http, ssh, smtp) that represent common network services and their associated ports. You can enable or disable these services in specific zones.
  • Ports: You can also directly open or close specific ports in a zone.
  • IP Addresses: You can allow or block traffic from specific IP addresses or networks.

Code Examples:

  1. Check the default zone:

    sudo firewall-cmd --get-default-zone

  2. List active zones:

    sudo firewall-cmd --get-active-zones

  3. Allow SSH traffic in the public zone:

    sudo firewall-cmd --zone=public --add-service=ssh --permanent

  4. Allow HTTP and HTTPS traffic in the public zone:

    sudo firewall-cmd --zone=public --add-service=http --permanent
sudo firewall-cmd --zone=public --add-service=https --permanent

  5. Allow incoming traffic on port 8080 (for example, for a web application) in the public zone:

    sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent

  6. Allow traffic from a specific IP address (e.g., 192.168.1.100) in the trusted zone:

    sudo firewall-cmd --zone=trusted --add-source=192.168.1.100 --permanent

  7. Block traffic from a specific IP address (e.g., 10.0.0.5) in the drop zone:

    sudo firewall-cmd --zone=drop --add-source=10.0.0.5 --permanent

  8. Reload firewalld to apply the changes:

    sudo firewall-cmd --reload

  9. List all rules in public zone

    sudo firewall-cmd --list-all --zone=public

By understanding firewalld‘s zone-based approach and using firewall-cmd, you can create a tailored firewall configuration for your Rocky Linux 9 server. This eliminates the need for an external tool like CSF, reducing dependencies and simplifying your system management.

2. Fail2ban with firewalld

Fail2ban is an intrusion prevention software framework that protects computer servers from brute-force attacks. It works by monitoring log files for suspicious activity, such as repeated failed login attempts, and automatically banning the offending IP addresses. When combined with firewalld, Fail2ban provides a powerful defense against automated attacks. This is another way to manage CSF Firewall on Rocky Linux 9.

Explanation:

  • Fail2ban Jails: Fail2ban uses "jails" to define the services it monitors and the actions it takes when suspicious activity is detected. Each jail specifies a log file to watch, a regular expression to identify failed login attempts, and a ban action (e.g., blocking the IP address using firewalld).
  • firewalld Integration: Fail2ban can be configured to use firewalld to block IP addresses. This allows Fail2ban to dynamically update the firewall rules based on its analysis of log files.

Steps:

  1. Install Fail2ban:

    sudo dnf install fail2ban -y

  2. Configure Fail2ban to use firewalld:

    Edit the /etc/fail2ban/jail.conf file (it’s recommended to create a /etc/fail2ban/jail.local to override settings and prevent changes from being overwritten by updates):

    sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo vi /etc/fail2ban/jail.local

    Find the [DEFAULT] section and modify the following settings:

    [DEFAULT]
# Ban action
banaction = firewallcmd-ipset

  3. Enable and start Fail2ban:

    sudo systemctl enable fail2ban
sudo systemctl start fail2ban

  4. Configure a specific jail (e.g., SSH):

    Edit the /etc/fail2ban/jail.local file and add or modify the [sshd] section:

    [sshd]
enabled = true
port = ssh
logpath = /var/log/secure
backend = systemd
    • enabled = true: Enables the SSH jail.
    • port = ssh: Specifies the port to protect (SSH).
    • logpath = /var/log/secure: Specifies the log file to monitor.
    • backend = systemd: Selects the systemd backend.

  5. Restart Fail2ban to apply the changes:

    sudo systemctl restart fail2ban

Now, Fail2ban will monitor the /var/log/secure file for failed SSH login attempts and automatically block offending IP addresses using firewalld. You can adapt this approach to protect other services by creating or modifying jails for those services.

By combining Fail2ban with firewalld, you create a proactive security system that automatically responds to potential threats, reducing the risk of successful brute-force attacks on your Rocky Linux 9 server. This can offer a more adaptable security approach than a static firewall configuration.

These two alternative solutions showcase the flexibility of Rocky Linux 9 in terms of firewall management. While install CSF Firewall on Rocky Linux 9 provides a user-friendly interface, understanding and utilizing firewalld directly or in conjunction with Fail2ban can lead to a more customized and robust security posture.

Related posts:

Leave a Reply

Your email address will not be published. Required fields are marked *