{"id":98,"date":"2015-04-27T11:02:43","date_gmt":"2015-04-27T11:02:43","guid":{"rendered":"http:\/\/betakb.veeble.org\/?p=98"},"modified":"2025-03-11T11:38:38","modified_gmt":"2025-03-11T06:08:38","slug":"how-to-install-and-configure-csf-on-cpanel-server","status":"publish","type":"post","link":"https:\/\/www.veeble.com\/kb\/how-to-install-and-configure-csf-on-cpanel-server\/","title":{"rendered":"How to install and configure CSF on cPanel server"},"content":{"rendered":"<div id=\"toc\" class=\"toc\">\n<div id=\"toctitle\">\n<h2>Contents<\/h2>\n<\/div>\n<ul>\n<li class=\"toclevel-1 tocsection-1\"><a href=\"#About\"><span class=\"tocnumber\">1<\/span> <span class=\"toctext\">About<\/span><\/a><\/li>\n<li class=\"toclevel-1 tocsection-2\"><a href=\"#Installation\"><span class=\"tocnumber\">2<\/span> <span class=\"toctext\">Installation<\/span><\/a><\/li>\n<li class=\"toclevel-1 tocsection-3\"><a href=\"#Configuration_Files\"><span class=\"tocnumber\">3<\/span> <span class=\"toctext\">Configuration Files<\/span><\/a><\/li>\n<li class=\"toclevel-1 tocsection-4\"><a href=\"#Final_Steps\"><span class=\"tocnumber\">4<\/span> <span class=\"toctext\">Final Steps<\/span><\/a><\/li>\n<li class=\"toclevel-1 tocsection-5\"><a href=\"#Uninstall_CSF\"><span class=\"tocnumber\">5<\/span> <span class=\"toctext\">Uninstall CSF<\/span><\/a><\/li>\n<\/ul>\n<\/div>\n<h2><span id=\"About\" class=\"mw-headline\">About<\/span><\/h2>\n<p><a class=\"external free\" href=\"http:\/\/configserver.com\/cp\/csf.html\" rel=\"nofollow noopener\" target=\"_blank\">http:\/\/configserver.com\/cp\/csf.html<\/a><\/p>\n<p>CSF firewall commonly known as Configserver Security and Firewall has become one of the popular firewall not just because of its easy of use it also provides a cpanel interface and can be easily installed and tuned by any novice users. If you are running cpanel without firewall then CSF firewall is very much recommended, considering the security aspects of your server.<\/p>\n<p>You can visit the CSF firewall website for more information. You can also download necessary files there.<\/p>\n<p><b>Important Features<\/b><\/p>\n<p>WHM Interface for CPanel<\/p>\n<p>Firewall Running Status<\/p>\n<p>Easy to Install and Administer<\/p>\n<p>Brute Force Attack Prevention<\/p>\n<p>One Click Server Security Checks<\/p>\n<p>Port scan prevention and blocking<\/p>\n<p>Intrusion detection system<\/p>\n<p>Easy Installation and Configuration<\/p>\n<p>IP Blocking and more&#8230;<\/p>\n<p>The CSF comes with the LFD, which would detect any malicious login attempts to the server, via<\/p>\n<ul>\n<li>courier imap and pop3<\/li>\n<\/ul>\n<ul>\n<li>ssh<\/li>\n<\/ul>\n<ul>\n<li>non-ssl cpanel \/ whm \/ webmail<\/li>\n<\/ul>\n<ul>\n<li>pure-pftd<\/li>\n<\/ul>\n<ul>\n<li>password protected web pages (htpasswd)<\/li>\n<\/ul>\n<ul>\n<li>mod_security failures<\/li>\n<\/ul>\n<ul>\n<li>Port Scan<\/li>\n<\/ul>\n<p>This is an additional feature to the packet filtering. With the Firewall installed, the need for manual intervention is reduced.<\/p>\n<p>Let us prepare a linux based server running with cpanel. Note that CSF firewall requires to remove any currently running IP based firewall (APF or other IP tables firewall). It comes with all necessary scripts that will remove APF or IP tables firewall.<\/p>\n<h2><span id=\"Installation\" class=\"mw-headline\">Installation<\/span><\/h2>\n<p>1. Download the package to the server.<\/p>\n<pre>cd \/usr\/local\/src \nwget <a class=\"external free\" href=\"http:\/\/www.configserver.com\/free\/csf.tgz\" rel=\"nofollow noopener\" target=\"_blank\">http:\/\/www.configserver.com\/free\/csf.tgz<\/a> \n<\/pre>\n<p>2. Extract it.<\/p>\n<pre>tar -zxf csf.tar.gz\ncd csf\n<\/pre>\n<p>3. Run the Install script.<\/p>\n<pre>sh install.sh\n<\/pre>\n<p>Or for cPanel Servers\u00a0:<\/p>\n<pre>sh install.cpanel.sh\n<\/pre>\n<p>Or for DirectAdmin Servers\u00a0:<\/p>\n<pre>sh install.directadmin.sh \n<\/pre>\n<p>That&#8217;s it! wait until the script ends!<\/p>\n<p>4. Remove APF or IPTables Firewall<\/p>\n<p>If you have any existing IP tables firewall remove them using uninstall scripts located at \/etc\/csf. In this case i was running <a href=\"https:\/\/www.geeksforgeeks.org\/how-to-install-apf-firewall-on-ubuntu\/\" target=\"_blank\" rel=\"noopener\">APF firewall<\/a> and <a href=\"https:\/\/en.wikipedia.org\/wiki\/Bidirectional_Forwarding_Detection\" target=\"_blank\" rel=\"noopener\">BFD<\/a> in my server so i have to remove it.<\/p>\n<pre>sh \/etc\/csf\/remove_apf_bfd.sh\n<\/pre>\n<p>5. Start the Firewall in Testing Mode<\/p>\n<p>Start the firewall with the following command.<\/p>\n<pre>csf -s \/\/ start the firewall\ncsf -r \/\/ restart the firewall\ncsf -f \/\/ flush the rules or stop the firewall.\n\n<\/pre>\n<p>If you are running a VPS plan, then you might get the error like this<\/p>\n<pre>\"iptables LKM ip_tables missing so this firewall cannot function unless you enable MONOLITHIC_KERNEL in \/etc\/csf\/csf.conf Error: aborted, at line 156\"\n<\/pre>\n<p>To fix:<\/p>\n<pre>Open the \/etc\/csf\/csf.conf and look for a line MONOLITHIC_KERNEL = \"0\" and change to MONOLITHIC_KERNEL = \"1\"\n<\/pre>\n<p>That&#8217;s all! Now restart the firewall.<\/p>\n<p>6. Specify which ports you want to allow.<\/p>\n<p>The default ports will be enabled\/opened when you install using the above mentioned scripts. If you are using any custom ports, you may need to open in it in the CSF.<\/p>\n<p>It is very important to check the firewall on which ports to open and close all remaining port numbers. Open the \/etc\/csf\/csf.conf and edit the following line with port numbers<\/p>\n<pre># Allow incoming TCP ports \nTCP_IN = \"20,21,22,25,53,80,110,143,443,465,953,993,995,2077,2078,2082,2083,2087\"\n# Allow outgoing TCP ports\nTCP_OUT = \"20,21,22,25,37,43,53,80,110,113,443,587,873,953,2087,2089,2703\"\n# Allow incoming UDP ports\nUDP_IN = \"20,21,53,953\"\n# Allow outgoing UDP ports\n# To allow outgoing traceroute add 33434:33523 to this list\nUDP_OUT = \"20,21,53,113,123,873,953,6277\"\n21 =&gt; FTP\n22 =&gt; SSH\n23 =&gt; Telnet\n25 =&gt; SMTP Mail Transfer\n43 =&gt; WHOIS service\n53 =&gt; name server (DNS)\n80 =&gt; HTTP (Web server)\n110 =&gt; POP protocol (for email)\n443 =&gt; HTTP Secure (SSL for https:\/\/ ) \n995 =&gt; POP over SSL\/TLS\n9999 =&gt; Urchin\n3306 = &gt; MysQL Server\n2082 =&gt; CPANEL Default\n2083 =&gt; CPANEL - Secure\/SSL\n2086 =&gt; CPANEL WHM\n2087 =&gt; CPANEL WHM - Secure\/SSL\n2095 =&gt; cpanel webmail\n2096 =&gt; cpanel webmail - secure\/SSL\nPlesk Control Panel =&gt; 8443\nDirectAdmin Control Panel =&gt; 2222\nWebmin Control Panel =&gt; 10000\n\n<\/pre>\n<p>For more information about commonly used port numbers refer to this article\u00a0: <a title=\"Commonly Used Port Numbers\" href=\"http:\/\/kb.veeble.org\/Commonly_Used_Port_Numbers\" target=\"_blank\" rel=\"noopener\">Commonly Used Port Numbers<\/a><\/p>\n<p>7. Disable the Testing Mode and Start the Firewall<\/p>\n<p>Remember by default the firewall is running in testing mode. You might want to disable the firewall running in testing mode.<\/p>\n<pre>vi \/etc\/csf\/csf.conf\n<\/pre>\n<p>Look for the first line and set testing mode to &#8220;0&#8221;<\/p>\n<pre>TESTING = \"0\"\n<\/pre>\n<p>You may also set the following:<\/p>\n<pre>CT_LIMIT = \"100\" \nLF_ALERT_TO =(email id of the customer) \nSYNFLOOD =1 \n<\/pre>\n<p>Now restart the firewall!<\/p>\n<pre>csf -r \n<\/pre>\n<p>In Cpanel:<\/p>\n<p>If you have successfully installed the CSF firewall, then you will find this CSF Security &amp; Firewall option within cpanel WHM at the bottom of the menu. Just click on the link and you can also edit the firewall settings inside Cpanel, which is very easy to do.<\/p>\n<h2><span id=\"Configuration_Files\" class=\"mw-headline\">Configuration Files<\/span><\/h2>\n<pre>\/etc\/csf\/csf.conf CSF Firewall configuration file\n\/etc\/csf\/csf.allow =&gt; Config file to allow IPs\n\/etc\/csf\/csf.deny =&gt; Config file to deny IPs\n\/etc\/csf\/ =&gt; Alert files with TXT extension are stored within this directory\n<\/pre>\n<h2><span id=\"Final_Steps\" class=\"mw-headline\">Final Steps<\/span><\/h2>\n<p>1. Check the status of firewall inside cpanel<\/p>\n<p>2. Harden the firewall security by performing the system security check. To do this go to Cpanel WHM &gt; CSF Firewall &amp; Security &gt; Check System Security. There it will list WARNINGS based on your server.<\/p>\n<h2><span id=\"Uninstall_CSF\" class=\"mw-headline\">Uninstall CSF<\/span><\/h2>\n<p>Just run the uninstall script located at the installation directory.<\/p>\n<pre>sh \/etc\/csf\/uninstall.sh<\/pre>\n\n\n<div style=\"height:25px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div class=\"wp-block-uagb-call-to-action uagb-block-67290ff5 wp-block-button\"><div class=\"uagb-cta__wrap\"><h3 class=\"uagb-cta__title\">Simple, Powerful Windows VPS Hosting<\/h3><p class=\"uagb-cta__desc\">Get started quickly and easily with our intuitive Windows VPS platform. Focus on your business, not server management.<\/p><\/div><div class=\"uagb-cta__buttons\"><a href=\"https:\/\/www.veeble.com\/in\/windows-vps\/\" class=\"uagb-cta__button-link-wrapper wp-block-button__link\" target=\"_blank\" rel=\"noopener noreferrer\">Get Your VPS Now<svg xmlns=\"https:\/\/www.w3.org\/2000\/svg\" viewBox=\"0 0 512 512\"><path d=\"M504.3 273.6l-112.1 104c-6.992 6.484-17.18 8.218-25.94 4.406c-8.758-3.812-14.42-12.45-14.42-21.1L351.9 288H32C14.33 288 .0002 273.7 .0002 255.1S14.33 224 32 224h319.9l0-72c0-9.547 5.66-18.19 14.42-22c8.754-3.809 18.95-2.075 25.94 4.41l112.1 104C514.6 247.9 514.6 264.1 504.3 273.6z\"><\/path><\/svg><\/a><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Contents 1 About 2 Installation 3 Configuration Files 4 Final Steps 5 Uninstall CSF About http:\/\/configserver.com\/cp\/csf.html CSF firewall commonly known as Configserver Security and [&hellip;]<\/p>\n","protected":false},"author":10,"featured_media":7723,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[9],"tags":[],"class_list":["post-98","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-firewallsecurity"],"uagb_featured_image_src":{"full":["https:\/\/www.veeble.com\/kb\/wp-content\/uploads\/2015\/04\/How-to-install-and-configure-CSF-on-cPanel-server.jpg",1366,768,false],"thumbnail":["https:\/\/www.veeble.com\/kb\/wp-content\/uploads\/2015\/04\/How-to-install-and-configure-CSF-on-cPanel-server-150x150.jpg",150,150,true],"medium":["https:\/\/www.veeble.com\/kb\/wp-content\/uploads\/2015\/04\/How-to-install-and-configure-CSF-on-cPanel-server-300x169.jpg",300,169,true],"medium_large":["https:\/\/www.veeble.com\/kb\/wp-content\/uploads\/2015\/04\/How-to-install-and-configure-CSF-on-cPanel-server-768x432.jpg",768,432,true],"large":["https:\/\/www.veeble.com\/kb\/wp-content\/uploads\/2015\/04\/How-to-install-and-configure-CSF-on-cPanel-server-1024x576.jpg",1024,576,true],"1536x1536":["https:\/\/www.veeble.com\/kb\/wp-content\/uploads\/2015\/04\/How-to-install-and-configure-CSF-on-cPanel-server.jpg",1366,768,false],"2048x2048":["https:\/\/www.veeble.com\/kb\/wp-content\/uploads\/2015\/04\/How-to-install-and-configure-CSF-on-cPanel-server.jpg",1366,768,false]},"uagb_author_info":{"display_name":"Vipin Raj","author_link":"https:\/\/www.veeble.com\/kb\/author\/vipin\/"},"uagb_comment_info":0,"uagb_excerpt":"Contents 1 About 2 Installation 3 Configuration Files 4 Final Steps 5 Uninstall CSF About http:\/\/configserver.com\/cp\/csf.html CSF firewall commonly known as Configserver Security and [&hellip;]","_links":{"self":[{"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/posts\/98","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/comments?post=98"}],"version-history":[{"count":6,"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/posts\/98\/revisions"}],"predecessor-version":[{"id":8005,"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/posts\/98\/revisions\/8005"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/media\/7723"}],"wp:attachment":[{"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/media?parent=98"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/categories?post=98"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.veeble.com\/kb\/wp-json\/wp\/v2\/tags?post=98"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}