{"id":53535,"date":"2020-03-10T09:19:05","date_gmt":"2020-03-10T14:19:05","guid":{"rendered":"https:\/\/www.inmotionhosting.com\/support\/?p=53535"},"modified":"2022-03-31T17:46:01","modified_gmt":"2022-03-31T21:46:01","slug":"install-csf-on-ubuntu","status":"publish","type":"post","link":"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/","title":{"rendered":"How to Install ConfigServer Security &#038; Firewall (CSF) on Ubuntu"},"content":{"rendered":"\n<p><a rel=\"noreferrer noopener\" href=\"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf\/\" target=\"_blank\">ConfigServer Security &amp; Firewall (CSF)<\/a> is a stateful packet inspection (SPI) firewall and front-end manager for iptables. CSF is a more advanced alternative to <a href=\"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf\/\">APF<\/a> and has integrations for <a href=\"https:\/\/www.inmotionhosting.com\/support\/product-guides\/cloud-server\/choosing-vesta-control-panel\/\">Vesta Control Panel<\/a>, <a href=\"https:\/\/www.inmotionhosting.com\/support\/product-guides\/cloud-server\/how-to-install-webmin-on-ubuntu-apt\/\">Webmin<\/a>, and more.<\/p>\n\n\n\n<p>Below we cover how to <a href=\"#install\">install CSF on Ubuntu<\/a> and complete basic tasks such as <a href=\"#lfd\">manage ports<\/a>, configure <a href=\"#lfd\">Login Failure Daemon (lfd)<\/a>, and <a href=\"#whitelist\">whitelist IPs<\/a>.<\/p>\n\n\n\n<p class=\"alert alert-info\">If you need help at any time, contact our <a href=\"https:\/\/www.inmotionhosting.com\/managed-hosting\">Managed Hosting team<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"install\">Install CSF<\/h2>\n\n\n\n<ol class=\"article_list wp-block-list\"><li>Download the latest CSF file: <code>wget https:\/\/download.configserver.com\/csf.tgz<\/code><\/li><li>Extract the archive: <code>tar -xzf csf.tgz<\/code><\/li><li>Navigate to the new directory: <code>cd csf<\/code><\/li><li>Start the installation script: <code>sh install.sh<\/code><\/li><li>Test the status of required iptables modules: <code>perl \/usr\/local\/csf\/bin\/csftest.pl<\/code><\/li><\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"basic\">Basic CSF Tasks<\/h2>\n\n\n\n<p>Below are some common tasks to consider post-installation.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"ports\">Open and Close Ports<\/h3>\n\n\n\n<ol class=\"article_list wp-block-list\"><li>Edit your CSF configuration file: <code>nano +137 \/etc\/csf\/csf.conf<\/code> takes you directly to the port settings<\/li><li>Add or remove ports from <code>TCP_IN<\/code> (incoming TCP &#8211; most commonly used), <code>TCP_OUT<\/code> (outgoing TCP), <code>UDP_IN<\/code> (incoming UDP), and <code>UDP_OUT<\/code> (outgoing UDP) as needed<\/li><\/ol>\n\n\n\n<p class=\"alert alert-info\">If installing CSF on a cPanel server, you&#8217;ll want to whitelist the following in TCP_IN: &#8220;20,21,25,53,80,110,143,443,465,587,993,995,2082,2083,2086,2087,2095,2096,3306,30000:35000&#8221;.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"lfd\">lfd for Brute-force Protection<\/h3>\n\n\n\n<p>Login Failure Daemon (lfd) scans log files every X seconds to protect against brute-force login attacks. You can use <code>DENY_IP_LIMIT<\/code> to set how many blocked IP addresses are tracked at once.  <\/p>\n\n\n\n<ol class=\"article_list wp-block-list\"><li>Edit your CSF configuration file: <code>nano +1880 \/etc\/csf\/csf.conf<\/code><\/li><li>Make your changes (We recommend 15000 for dedicated servers and 1000 for VPSs containers)<\/li><li>Save changes<\/li><li>Apply changes: <code>csf -r<\/code><\/li><\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"whitelist\">Whitelist IPs <\/h3>\n\n\n\n<p>This whitelists IPs through iptables: <\/p>\n\n\n\n<pre class=\"wp-block-code\">nano \/etc\/csf\/csf.allow<\/pre>\n\n\n\n<p>The format is tcp\/udp | in\/out | s[ource]\/d[estination]=port | u[ID]\/g[ID]. For example, to allow inbound connections to MySQL on port 3306 from 1.2.3.4:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted wp-block-code\">tcp|in|d=3306|s=1.2.3.4<\/pre>\n\n\n\n<p class=\"alert alert-warning\">TCP and IN are used as default if protocol (TCP\/UDP) and connection direction (in or out) is excluded from a rule.<\/p>\n\n\n\n<p>IPs listed here can still be blocked by lfd. To protect an IP from being blocked, edit the ignore list: <\/p>\n\n\n\n<pre class=\"wp-block-preformatted wp-block-code\">nano \/etc\/csf\/csf.ignore<\/pre>\n\n\n\n<p>To allow outbound TCP connections to port 22 on IP 1.2.3.4:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted wp-block-code\">out|d=22|d=1.2.3.4<\/pre>\n\n\n\n<p class=\"alert alert-info\">Pay only for what you need on your preferred Linux OS with our scalable <a href=\"https:\/\/www.inmotionhosting.com\/cloud-vps\">Cloud Servers<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>ConfigServer Security &amp; Firewall (CSF) is a stateful packet inspection (SPI) firewall and front-end manager for iptables. CSF is a more advanced alternative to APF and has integrations for Vesta Control Panel, Webmin, and more. Below we cover how to install CSF on Ubuntu and complete basic tasks such as manage ports, configure Login Failure<a class=\"moretag\" href=\"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/\"> Read More ><\/a><\/p>\n","protected":false},"author":57014,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4299],"tags":[],"class_list":["post-53535","post","type-post","status-publish","format-standard","hentry","category-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How to Install CSF on Ubuntu | InMotion Hosting<\/title>\n<meta name=\"description\" content=\"Learn how to install ConfigServer Security &amp; Firewall (CSF) on Ubuntu to manage iptables and protect your server against brute-force attacks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Install CSF on Ubuntu | InMotion Hosting\" \/>\n<meta property=\"og:description\" content=\"Learn how to install ConfigServer Security &amp; Firewall (CSF) on Ubuntu to manage iptables and protect your server against brute-force attacks.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/\" \/>\n<meta property=\"og:site_name\" content=\"InMotion Hosting Support Center\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/inmotionhosting\/\" \/>\n<meta property=\"article:published_time\" content=\"2020-03-10T14:19:05+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-03-31T21:46:01+00:00\" \/>\n<meta name=\"author\" content=\"InMotion Hosting Contributor\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/InMotionHosting\" \/>\n<meta name=\"twitter:site\" content=\"@InMotionHosting\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"InMotion Hosting Contributor\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/\"},\"author\":{\"name\":\"InMotion Hosting Contributor\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/f9a4fc454cd1df128ee8e898d30d4644\"},\"headline\":\"How to Install ConfigServer Security &#038; Firewall (CSF) on Ubuntu\",\"datePublished\":\"2020-03-10T14:19:05+00:00\",\"dateModified\":\"2022-03-31T21:46:01+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/\"},\"wordCount\":327,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\"},\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/\",\"name\":\"How to Install CSF on Ubuntu | InMotion Hosting\",\"isPartOf\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#website\"},\"datePublished\":\"2020-03-10T14:19:05+00:00\",\"dateModified\":\"2022-03-31T21:46:01+00:00\",\"description\":\"Learn how to install ConfigServer Security & Firewall (CSF) on Ubuntu to manage iptables and protect your server against brute-force attacks.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.inmotionhosting.com\/support\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Install ConfigServer Security &#038; Firewall (CSF) on Ubuntu\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#website\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/\",\"name\":\"InMotion Hosting Support Center\",\"description\":\"Web Hosting Support &amp; Tutorials\",\"publisher\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.inmotionhosting.com\/support\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#organization\",\"name\":\"InMotion Hosting\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg\",\"contentUrl\":\"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg\",\"width\":696,\"height\":696,\"caption\":\"InMotion Hosting\"},\"image\":{\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/inmotionhosting\/\",\"https:\/\/x.com\/InMotionHosting\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/f9a4fc454cd1df128ee8e898d30d4644\",\"name\":\"InMotion Hosting Contributor\",\"description\":\"InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!\",\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/inmotion-hosting\/\",\"https:\/\/x.com\/https:\/\/twitter.com\/InMotionHosting\"],\"url\":\"https:\/\/www.inmotionhosting.com\/support\/author\/inmotion-hosting-contributor\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Install CSF on Ubuntu | InMotion Hosting","description":"Learn how to install ConfigServer Security & Firewall (CSF) on Ubuntu to manage iptables and protect your server against brute-force attacks.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/","og_locale":"en_US","og_type":"article","og_title":"How to Install CSF on Ubuntu | InMotion Hosting","og_description":"Learn how to install ConfigServer Security & Firewall (CSF) on Ubuntu to manage iptables and protect your server against brute-force attacks.","og_url":"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/","og_site_name":"InMotion Hosting Support Center","article_publisher":"https:\/\/www.facebook.com\/inmotionhosting\/","article_published_time":"2020-03-10T14:19:05+00:00","article_modified_time":"2022-03-31T21:46:01+00:00","author":"InMotion Hosting Contributor","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/InMotionHosting","twitter_site":"@InMotionHosting","twitter_misc":{"Written by":"InMotion Hosting Contributor","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/#article","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/"},"author":{"name":"InMotion Hosting Contributor","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/f9a4fc454cd1df128ee8e898d30d4644"},"headline":"How to Install ConfigServer Security &#038; Firewall (CSF) on Ubuntu","datePublished":"2020-03-10T14:19:05+00:00","dateModified":"2022-03-31T21:46:01+00:00","mainEntityOfPage":{"@id":"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/"},"wordCount":327,"commentCount":0,"publisher":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#organization"},"articleSection":["Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/","url":"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/","name":"How to Install CSF on Ubuntu | InMotion Hosting","isPartOf":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#website"},"datePublished":"2020-03-10T14:19:05+00:00","dateModified":"2022-03-31T21:46:01+00:00","description":"Learn how to install ConfigServer Security & Firewall (CSF) on Ubuntu to manage iptables and protect your server against brute-force attacks.","breadcrumb":{"@id":"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.inmotionhosting.com\/support\/security\/install-csf-on-ubuntu\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.inmotionhosting.com\/support\/"},{"@type":"ListItem","position":2,"name":"How to Install ConfigServer Security &#038; Firewall (CSF) on Ubuntu"}]},{"@type":"WebSite","@id":"https:\/\/www.inmotionhosting.com\/support\/#website","url":"https:\/\/www.inmotionhosting.com\/support\/","name":"InMotion Hosting Support Center","description":"Web Hosting Support &amp; Tutorials","publisher":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.inmotionhosting.com\/support\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.inmotionhosting.com\/support\/#organization","name":"InMotion Hosting","url":"https:\/\/www.inmotionhosting.com\/support\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/","url":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg","contentUrl":"https:\/\/www.inmotionhosting.com\/support\/wp-content\/uploads\/2023\/02\/inmotion-hosting-logo-yoast.jpg","width":696,"height":696,"caption":"InMotion Hosting"},"image":{"@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/inmotionhosting\/","https:\/\/x.com\/InMotionHosting"]},{"@type":"Person","@id":"https:\/\/www.inmotionhosting.com\/support\/#\/schema\/person\/f9a4fc454cd1df128ee8e898d30d4644","name":"InMotion Hosting Contributor","description":"InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!","sameAs":["https:\/\/www.linkedin.com\/company\/inmotion-hosting\/","https:\/\/x.com\/https:\/\/twitter.com\/InMotionHosting"],"url":"https:\/\/www.inmotionhosting.com\/support\/author\/inmotion-hosting-contributor\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"primary_category":null,"_links":{"self":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/53535","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/users\/57014"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/comments?post=53535"}],"version-history":[{"count":12,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/53535\/revisions"}],"predecessor-version":[{"id":95528,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/posts\/53535\/revisions\/95528"}],"wp:attachment":[{"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/media?parent=53535"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/categories?post=53535"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inmotionhosting.com\/support\/wp-json\/wp\/v2\/tags?post=53535"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}