Installation on CentOS 6/7

Taken mostly from HowtoForge, Tecmint CSF&LFD. See also Linux Brigade CSF & LFD.

yum install wget vim perl-libwww-perl.noarch perl-Time-HiRes
cd /usr/local/src/
tar xvfz csf.tgz
cd csf


perl /etc/csf/

On CentOS 7:

systemctl stop firewalld
systemctl disable firewalld


vi /etc/csf/csf.conf 

Activate & start:

CentOS 7

systemctl start csf
systemctl start lfd

CentOS 6

chkconfig --level 235 csf on
service csf restart

Just in case, verify it's enabled at system start


DirectAdmin: lfd should now appear as a running service

check updates work

# csf -u

This was needed on CentOS 7:

# yum install perl-LWP-Protocol-https

otherwise error: Oops: Unable to download: Protocol scheme 'https' is not supported (LWP::Protocol::https not installed)


Be aware of some limits

Integration with DirectAdmin Brute Force Monitor

Taken mostly from Poralix

Warning: make sure you have alternative access to your server, e.g. several possible IPs, as you can be accidentally blocking yourself!

cd /usr/local/directadmin/scripts/custom/
[ -r ] && cp
[ -r ] && cp
wget -O
wget -O
wget -O
wget -O
chmod 700
touch /root/blocked_ips.txt /root/exempt_ips.txt
chown diradmin:diradmin
touch /root/blocked_ips.txt /root/exempt_ips.txt

Review DirectAdmin settings

In DA main page - Administrator Settings (Extra Features bottom section), there's "Notify Admins after an IP has..." and other settings related to this feature. Review & eventually adjust.


Possible Adjustments

Excessive resource usage notices

You may get email warnings of "Excessive resource usage" for system daemons. This feature is intended for users processes, therefore system daemons should be excluded. The most likely reason for these messages is that the daemon is not included in the whitelist file, or is on a different path. You may alternatively whitelist a (system) user instead of a process (this was needed specifically for the mysql user on CentOS 7.3).

# vi /etc/csf/csf.pignore
# service lfd restart

Relax port scanning blocks

Sometimes the port scanning feature is too sensitive. Specifically when configuring accounts in some email or FTP clients that make tries on several ports: if you use a wrong password a few times, your IP is likely to be temporarily blocked. To avoid this I increase to 30 the PS_LIMIT default value of 10.

Block an entire country

vi /etc/csf/csf.conf

More complex rules using regular expressions

Csf-Lfd (last edited 2017-03-14 18:44:32 by JaumeSola)