The first Step you should do to connect to your server via SSH. You will need to know the IP address and the SSH port of your server.
There are different ways to connect to your server, depending on the operating system you use.
For Windows, you can use a free open source application called PuTTY.
For Linux or Mac, you can use the Terminal.
For a more guide on how to connect you can check out https://www.newdelhihosting.co.in/blog/how-to-vps-login-via-ssh/
After successfully connecting to your server, is to update your server. On CentOS you can do this with the following command:
This will update the already installed packages on your system and install the latest security updates.
You should regularly update your server. Try to set up a reminder for yourself to do it at least once a month or optionally you can enable automatic updates, so you don’t have to do it manually.
If you are using a centos 7 VPS, you should follow the instructions below:
# yum -y install yum-cron
Once yum-cron is installed it is time to configure it. The default configuration file is /etc/yum/yum-cron.conf. You can edit the file using your favorite text editor. The following options should be set:
# update_cmd = default # apply_updates = yes
Save the file and restart the service
# systemctl restart yum-cron
Enable the service on system boot:
# systemctl enable yum-cron
Securing your server properly is one of the most important steps you need to do after getting a new VPS.
To get more knowledge for securing server click here https://www.newdelhihosting.co.in/blog/tips-for-securing-your-cpanel-server/
Installation of CFS dependencies.
1)CSF is based on Perl, so we need to install Perl on the server first.
#yum install wget perl-libwww-perl.noarch perl-Time-HiRes
2) Installing CSF.
Go to the “/usr/src/” directory and download CSF with wget command.
#cd /usr/src/ #wget https://download.configserver.com/csf.tgz
Now, extract the tar.gz file and go to the csf directory, then install it
#tar -xzf csf.tgz #cd csf #sh install.sh
You will get the information that CSF installation is completed at the end as below.
‘csf/configserver.css’ -> ‘webmin/csf/images/configserver.css’ ‘csf/csf-loader.gif’ -> ‘webmin/csf/images/csf-loader.gif’ ‘csf/csf_small.png’ -> ‘webmin/csf/images/csf_small.png’ ‘csf/csf.svg’ -> ‘webmin/csf/images/csf.svg’ ‘csf/jquery.min.js’ -> ‘webmin/csf/images/jquery.min.js’ ‘csf/LICENSE.txt’ -> ‘webmin/csf/images/LICENSE.txt’ ‘csf/loader.gif’ -> ‘webmin/csf/images/loader.gif’ ‘/etc/csf/csfwebmin.tgz’ -> ‘/usr/local/csf/csfwebmin.tgz’ Installation Completed
Now, we should check that CSF really works on this server. Go to the “/usr/local/csf/bin/” directory, and run “csftest.pl”.
#cd /usr/local/csf/bin/ #perl csftest.pl
If you see the test results as ,
“RESULT: csf should function on this server” then CSF is running without problems on your server.
[root@newdelhihosting csf]# cd /usr/local/csf/bin/ [root@newdelhihosting bin]# perl csftest.pl Testing ip_tables/iptable_filter...OK Testing ipt_LOG...OK Testing ipt_multiport/xt_multiport...OK Testing ipt_REJECT...OK Testing ipt_state/xt_state...OK Testing ipt_limit/xt_limit...OK Testing ipt_recent...OK Testing xt_connlimit...OK Testing ipt_owner/xt_owner...OK Testing iptable_nat/ipt_REDIRECT...OK Testing iptable_nat/ipt_DNAT...OK RESULT: csf should function on this server [root@newdelhihosting bin]#
3)Configure CSF on CentOS 7
Before stepping into the CSF configuration process, the first thing we must know is that “CentOS 7” has a default firewall application called “firewalld”. We have to stop firewalld and remove it from the startup.
Stopping the firewalld and Removing it from the startup:
#systemctl stop firewalld #systemctl disable firewalld
Now, we can step into the CSF Configuration directory “/etc/csf/” and edit the file “csf.conf”
#cd /etc/csf/ #nano csf.conf
Change line 11 “TESTING “ to “0” for applying the firewall configuration.
TESTING = “0”
By default CSF allows incoming and outgoing traffic for the SSH standard port 22, if you use a different SSH port then please add your SSH port to the configuration in line 139 “TCP_IN”.
Note : Save “csf.conf” once you configured .
Now, we can start CSF and LFD.
#systemctl start csf #systemctl start lfd
After starting csf and lfd, we need to enable csf and lfd services to be started at boot time.
#systemctl enable csf #systemctl enable lfd
4) – Advanced Configuration
Here are some tweaks about CSF, so you can configure as you need.
Back to the csf configuration directory, and edit the csf.conf configuration file
1. Don’t Block IP addresses that are in the csf.allow files.
By default lfd also will block an IP under csf.allow files, so if you want that an IP in csf.allow files never get blocked by lfd, then please go to the line 272 and change “IGNORE_ALLOW” to “1”. This is useful when you have a static IP at home or in office premises and want to ensure that your IP never gets blocked by the firewall on your internet server.
IGNORE_ALLOW = "1"
2. Allow Incoming and Outgoing ICMP.
Go to the line 152 for incoming ping/ICMP.
ICMP_IN = "1" . . . ICMP_OUT = "1"
3. Block Certain Countries
CSF provide an option to allow and deny access by country using the CIDR (Country Code). Go to line 836 and add the country codes that shall be allowed and denied
CC_DENY = "PK,UK,US" CC_ALLOW = "IN,ID,MY,DE"
4. Send the Su and SSH Login log by Email.
You can set an email address that is used by LFD to send an email about “SSH Login” events and users that run the “su” command, go to the line 1069 and change the value to “1”.
LF_SSH_EMAIL_ALERT = "1" ... LF_SU_EMAIL_ALERT = "1"
define the email address you want to use in line 588.
LF_ALERT_TO = “firstname.lastname@example.org”
If you want more tweaks, read the options in the “/etc/csf/csf.conf” configuration file.
Once you done the tweaks, save the file and reload the firewall rules with