ConfigServer Security & Firewall (csf)

Has anyone used Config Server Firewall (CSF) with Virtualmin. It was recommended to me and on its website it says it has a module for Webmin.

Is it worth using? What are the pros and cons? Is it more or less effective than the controls in VM? Would be grateful for +ve and -ve experiences.

Thanks

Hello,

ConfigServer Security & Firewall (csf) has a great support with Virtualmin and default Authentic Theme, simply because I was personally using it.

Is it worth using? What are the pros and cons?

CSF is a great piece of software but it depends on your needs.

Nevertheless, standard Virtualmin setup with FirewallD + fail2ban does all the job pretty well and is more than enough usually.

Thanks @Ilia that is good to know. The reviews I read were mostly positive. And I like that it can work with Webmin. Think I’ll try it.

Interesting topic.
I was reading about the CSF during these days. Is it true with the CSF firewall there is no need for Fail2Ban?

Yes, neither firewalld nor fail2ban can be used alongside with CSF. CSF has its own implementation of login failure daemon called lfd.

Also, you shouldn’t worry about firewalld and fail2ban, as CSF installer would take care disabling them for you.

CSF is great. I always install this after a clean Virtualmin setup. It is very powerful but easy to learn. Just make sure you dont disable/enable options you dont understand, as that may cause some unexpected behaviour. There are some good online FAQs online to get started with the basics. Personal preference but I like CSF a lot.

Thanks @Whoops it’s good to hear from a few folk that they have had good experiences with CSF.

Has anyone had a -ve experience?

I’m just going to try it out on a small test server and see how I get on with it.

CSF = AWESOME! Have used it for years!!

Yup it is OK.

Using for many years to.
While the GUI is also very easy to block or unblock very simple and fast IP’s , and some overview of the logs there.

The country block IP’s you have to take care then , while consumes and mem and make the vps slow network… timeouts. (wasn’t sure but disabled the country blocks function on one and was faster and problems gone there)

@jimdunn and @jotst2 thanks for telling me about your experiences with CSF.

CSF is very good, I’ve used it for years. If allowed it will fill syslog with lots of iptables entries but these can be sent to another log. You have to create the new log and point csf towards it in the csf.conf
look for the paths to the logs.

Now use rsyslog and filter iptables messages to the new log, refer to this Log iptables Messages to a Separate File with rsyslog – Random Bits (shadypixel.com)

Go down the page and look for the new way. I had to use ‘contains’ instead of ‘startswith’ to get it to work.

Now all the iptables entries go into one simple log and syslog is left for more important stuff.

Cheers

@Alecbarnes thanks for this info. It’s really helpful to hear about your experience with this software.

CSF is excellent. Much better than fail2ban in my opinion. I’ve even created an Ansible playbook to update LFD’s regex.custom.pm weekly from the mitchellkrogza badbots list.

also here.
csf is great, i use it from many years without problem.

i used in all my webmin installations, all virtualmin …

i used also in proxmox from protect my server and close all port , except for my ips (office and some vps server).
of course without integration in webmin.

We swear by it. Its a must have.

==== Install csf ====

wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

==== Add csf to Webmin ====

Webmin → Webmin Configuration → Webmin Modules

From local file: /usr/local/csf/csfwebmin.tgz

INSTALL MODULE

Refresh Modules

Select ConfigServer Security a& Firewall

You will see: csf updated to symlink webmin module to /usr/local/csf/lib/webmin/csf/. Click [here](https://:10000/csf/index.cgi) to continue

Click it and continue

In CSF: Quick Allow ALL your home/office IP Ranges (to avoid ever getting blocked out by CSF)

I love CSF! IMHO, it is far better than FirewallD + fail2ban.

LFD (log file watcher daemon) is great. I don’t care for fail2ban, though it can work.

I also really love the clustering feature of CSF. We have about 10 hosts in our CSF cluster. I particularly like the clustered brute force attack protection.

This page is aging, so if you notice any errors or have any specific questions, please ask:

https://virtualarchitects.com/wiki/doku.php?id=networking:firewall:csf

G

@CapstoneWorks and @sonoracomm i really appreciate your thoughts. I’ve set aside some time at the weekend to install and get it working to my satisfaction.

Better not.
If someone from out your IP then try hacking or spamming you have a problem, “hackers” example if a device in office or someone’s home working for you is hacked , or a person at your office connection try to…

Also many forget to “blacklist” the ones after wo ARE FIRED or not working at your company anymore!!! ( get then from whitelist is then also often forgotten)

Also good to know if you do something wrong where csf is triggered if so, you can then use other connection or vpn to reach your BOX is so.!

Hi @CapstoneWorks

I noticed in your link above that you used port 10000, the default for Webmin. I had to change that to another port that Cloudflare doesn’t block. So do I just simply replace the port you have given with the port I use?

Thanks

Probably the most trouble-free piece of software I’ve ever used. Also, if you read all the documentation, it’s like a mini-degree in server security.

Richard