March 2010
« Feb   Apr »

Installing CSF on WHM/Cpanel for Centos

CSF (ConfigServer Security & Firewall) is a excellent and easily configurable firewall solution for WHM/Cpanel servers. But I would recomend to use APF is possible but there is no any GUI to manage it.

Here are the quick steps to install it,

# mkdir /home/installation && cd /home/installation
#tar -zxvf csf.tgz
-bash-3.2# cd csf
-bash-3.2# service iptables start
-bash-3.2# service iptables -F
-bash-3.2# sh
-bash-3.2# csf -s
-bash-3.2# vi /etc/csf/csf.conf

Specify which ports you want to allow. Find the lines as shown below and add the port you want to open.

Here is showing standard Cpanel port list.

# Allow incoming TCP ports
TCP_IN = “20,21,22,25,53,80,110,143,443,465,953,993,995,2077,2078,2082,2083,2087”
# Allow outgoing TCP ports
TCP_OUT = “20,21,22,25,37,43,53,80,110,113,443,587,873,953,2087,2089,2703”
# Allow incoming UDP ports
UDP_IN = “20,21,53,953”
# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list
UDP_OUT = “20,21,53,113,123,873,953,6277”

Now you need to make the CSF rule to become active rather than testing,
Disable the Testing Mode and Start the Firewall.
a. Edit csf config file /etc/csf/csf.conf and update the following lines.

Now restart the CSF service,

-bash-3.2# csf -r
-bash-3.2# chkconfig iptables on
 -bash-3.2# chkconfig csf on

That’s it.

Now you can see and Option ” ConfigServer Security&Firewall ” enabled on the WHM under ‘plugins” tree at the bottom of the right side panel.

Now you may need to restart the cpanel services.

 root@aim-host [/home/installation/csf]# service cpanel start
Starting cPanel services:                                  [  OK  ]
Starting cPanel brute force detector services:             [  OK  ]
Starting cPanel dav services:                              [  OK  ]
Starting pop3 services: Waiting for cppop to shutdown ... ...Done
Waiting for cppop-ssl to shutdown ... ...Done
                                                           [  OK  ]
Starting cPanel Chat services:
Starting Melange Chat services:
Starting cPanel ssl services: Using Native SSL support (stunnel not needed)
                                                           [  OK  ]
Starting cPanel Queue services:                            [  OK  ]
Starting tailwatchd:
Starting cPanel Log services: ==> cPanel Log Daemon version 25.0
                                                           [  OK  ]
Starting mailman services:                                 [  OK  ]
root@aim-host [/home/installation/csf]#

Feel free to make the changes/updates over web interface on WHM/Cpanel 🙂


1 comment to Installing CSF on WHM/Cpanel for Centos

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>