Install and Configure CSF Firewall on AlmaLinux 9 | Secure Server

By Posted on

Install and Configure CSF Firewall on AlmaLinux 9 | Secure Server

Install and Configure CSF Firewall on AlmaLinux 9 | Secure Server

In this article, you will learn to Install and Configure CSF Firewall on AlmaLinux 9. Config Server Firewall (CSF) is a Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection, and Security application for Linux servers.

It is a security tool that can protect your server against attacks, such as brute force, and improve server security. You can now proceed to the guide steps below on the Orcacore website to set up CSF on AlmaLinux 9.

To complete this guide, you must log in to your server as a non-root user with sudo privileges. To do this, you can follow our guide on the Initial Server Setup with AlmaLinux 9

1. Install CSF on AlmaLinux 9

First, you need to update your local package index with the command below:

sudo dnf update -y

Then, you need to install some dependencies on your AlmaLinux 9 with the following command:

sudo dnf install wget vim perl -y

Next, switch to your src directory:

cd /usr/src

At this point, use the wget command to download the CSF installer script on AlmaLinux 9:

sudo wget https://download.configserver.com/csf.tgz

Extract your downloaded file:

sudo tar xzf csf.tgz

Move to your CSF directory:

cd csf

Finally, run the CSF installer script with the following command:

sudo sh install.sh

When your installation is completed, test that you have the required iptables modules:

sudo perl /usr/local/csf/bin/csftest.pl

In your output, you will see:

Check required iptables modules for CSF

2. Configure CSF on AlmaLinux 9

At this point, since you have CSF installed on your server, you need to edit the CSF configuration file. Open the file with your favorite text editor, here we use vi:

sudo vi /etc/csf/csf.conf

Find the Testing line and change its value to 0.

**TESTING = "0"**

When you are done, save and close the file.

Now use the following commands to start and enable the CSF and LFD on AlmaLinux 9:

# sudo systemctl restart csf && sudo systemctl restart lfd
# sudo systemctl enable csf && sudo systemctl enable lfd

Verify that your CSF and LFD are active and running on your server with the commands below:

sudo systemctl status csf && sudo systemctl status lfd
Check CSF Status
Check LFD Status

You can check your CSF firewall version on AlmaLinux 9 with the command below:

csf -v
**Output**
csf: v14.17 (generic)

If you want to allow the incoming connection from an IP address, you can use the following syntax:

csf -a [IP Address]

Otherwise, if you want to deny the incoming connection from an IP address, you can use the following syntax:

csf -d [IP Address]

3. Remove ConfigServer Firewall

Also, if you want to uninstall the CSF firewall from your AlmaLinux 9, you can use the following command:

# cd /etc/csf
# sh uninstall.sh

Conclusion

Installing and configuring CSF (ConfigServer Security & Firewall) on AlmaLinux 9 is an effective way to enhance server security. CSF provides an advanced, yet user-friendly interface for managing iptables and offers features like login tracking, IP blocking, and alerting. With a few simple steps, you can set up CSF to monitor and protect your server, making it a valuable tool for system administrators seeking better control over network traffic and security.

Hope you enjoy it. Please subscribe to us on Facebook and Twitter.

You may also like to read the following articles:

Secure Alpine Linux Using CSF Firewall

Fix CSF Error: Warning Binary Location for HOST Incorrect

Fix CSF Error Path to iptables Not Set or Incorrect

Install Config Server Firewall CSF on Debian 12

Alternative Solutions for Securing AlmaLinux 9

While CSF provides a comprehensive security solution, other approaches can be used to enhance the security of your AlmaLinux 9 server. Here are two alternative methods: using firewalld directly and using a cloud-based WAF.

1. Using Firewalld Directly

Firewalld is the default firewall management tool in AlmaLinux 9. It offers a dynamic firewall management solution with support for network zones to assign different levels of trust to network connections. Instead of relying on a third-party tool like CSF, you can configure firewalld directly to achieve similar security goals.

Explanation:

Firewalld uses zones, which are predefined sets of rules. Common zones include public, private, trusted, drop, and block. You can assign network interfaces or source IP addresses to specific zones, effectively controlling the traffic allowed.

Configuration Steps:

  1. Check the Default Zone:

    sudo firewall-cmd --get-default-zone

  2. List Active Zones:

    sudo firewall-cmd --get-active-zones

  3. Allow Specific Services:

    To allow SSH (port 22) and HTTP (port 80) through the firewall:

    sudo firewall-cmd --zone=public --add-service=ssh --permanent
sudo firewall-cmd --zone=public --add-service=http --permanent

  4. Allow Specific Ports:

    To allow traffic on a custom port (e.g., 3000):

    sudo firewall-cmd --zone=public --add-port=3000/tcp --permanent

  5. Block Specific IP Addresses:

    To block all traffic from a specific IP address:

    sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="203.0.113.10" reject'

  6. Reload Firewalld:

    After making changes, reload firewalld to apply them:

    sudo firewall-cmd --reload

  7. Verify Changes:

    List all rules in the public zone:

    sudo firewall-cmd --zone=public --list-all

Code Example:

Here’s a script to automate some of the firewalld configuration:

#!/bin/bash

# Allow SSH and HTTP
sudo firewall-cmd --zone=public --add-service=ssh --permanent
sudo firewall-cmd --zone=public --add-service=http --permanent

# Allow custom port 3000
sudo firewall-cmd --zone=public --add-port=3000/tcp --permanent

# Block a specific IP address
IP_TO_BLOCK="203.0.113.10"
sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='$IP_TO_BLOCK' reject"

# Reload firewalld
sudo firewall-cmd --reload

echo "Firewalld configuration complete."

This approach requires a deeper understanding of firewalld’s zone-based system but offers more granular control over network traffic and eliminates the need for additional software installation. Securing your server using Install and Configure CSF Firewall on AlmaLinux 9 provides the benefit of a tailored security suite, but using firewalld directly can also be effective.

2. Using a Cloud-Based Web Application Firewall (WAF)

Another alternative is to use a cloud-based Web Application Firewall (WAF). A WAF sits between your server and the internet, inspecting incoming HTTP traffic and blocking malicious requests before they reach your server. This approach is particularly useful for protecting web applications from common attacks like SQL injection, cross-site scripting (XSS), and DDoS attacks.

Explanation:

Cloud-based WAFs offer several advantages, including ease of deployment, automatic updates, and scalability. They typically provide a user-friendly interface for configuring security rules and monitoring traffic.

Configuration Steps (Example with Cloudflare WAF):

  1. Sign Up for a WAF Service:

    Choose a cloud-based WAF provider like Cloudflare, Sucuri, or AWS WAF.

  2. Add Your Domain:

    Add your domain to the WAF service. The provider will guide you through changing your DNS records to point to their servers.

  3. Configure Security Rules:

    Use the WAF’s dashboard to configure security rules. This typically involves enabling pre-configured rulesets for common web application attacks and customizing rules based on your specific needs.

  4. Enable DDoS Protection:

    Most WAF providers offer DDoS protection features. Enable these to protect your server from volumetric attacks.

  5. Monitor Traffic:

    Regularly monitor the WAF’s traffic logs to identify and respond to potential threats.

Code Example (Illustrative – Cloudflare API):

While you configure most settings through the WAF provider’s web interface, you can often use their API for automation. Here’s an illustrative example of how you might use the Cloudflare API to create a WAF rule (this is a simplified example and requires proper API authentication):

import requests
import json

# Replace with your Cloudflare API key, email, and zone ID
API_KEY = "YOUR_CLOUDFLARE_API_KEY"
API_EMAIL = "your@email.com"
ZONE_ID = "YOUR_ZONE_ID"

# Define the rule
rule_data = {
    "description": "Block requests from known malicious IP",
    "filter": {
        "expression": "ip.src eq 192.0.2.1", #Example IP
    },
    "action": "block"
}

# API endpoint
url = f"https://api.cloudflare.com/client/v4/zones/{ZONE_ID}/firewall/rules"

# Headers
headers = {
    "X-Auth-Email": API_EMAIL,
    "X-Auth-Key": API_KEY,
    "Content-Type": "application/json"
}

# Make the API request
response = requests.post(url, headers=headers, data=json.dumps(rule_data))

# Print the response
print(response.json())

This approach offloads the responsibility of managing firewall rules to a specialized service, allowing you to focus on other aspects of server administration. It is especially beneficial for web applications facing a high volume of traffic or complex security threats. Properly implementing the steps to Install and Configure CSF Firewall on AlmaLinux 9 or utilizing a WAF are useful approaches. The alternative solutions provide a different solution for server security, by either using the built-in firewalld tool, or a cloud based WAF.

Related posts:

Leave a Reply

Your email address will not be published. Required fields are marked *