One of the most important security aspect of any server is to have properly installed and configured firewall. Firewall can really be dangerous if it is not configured properly and might lead to blocking real traffic and visitors. Hence it is important to work with firewall only if you know everything about it. Afterall, partial knowledge is more harmful then knowing nothing.
In this tutorial, I will be discussing about installing the widely used and stable firewall called ConfigServer. This firewall script is opensource and binds itself with ip tables of your linux OS. I have been using it for several years without any problem and I must say that this is one of the best tools that you can have to secure your servers!
Installing ConfigServer on centOS with cpanel/whm:
- Here is the list of commands you should be following:rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install-cpanel.sh
Once installed, Configserver firewall is in “testing mode”. So next thing you would want to do is enabling the firewall to make sure that it starts filtering your traffic.List of commands to enable configserver firewall
- Connect to your server using ssh
- vi /etc/csf/csf.conf
- In this configuration file, you just have to change the text “TESTING=’1′” to “TESTING=’0′”.
- Login to your whm and open configserver firewall which can be found at the very left bottom in the left navigation bar.
- That will give you an option to Start the firewall, just click on it and it will be done.
One of the main benefits of configserver firewall is it will NOT allow any IP to login to any cPanel, whm unless you have added it to the “safe list”. Which will ensure that unknown people are not even allowed to take a look at your cPanel. Agreed it might be pain sometimes to add all of your clients IPs one by one. But hell, its better to be safe then sorry
. Also, make sure to check all the configuration and tweak them according to your requirements. I might cover more on configuring this firewall in future posts.