How to install ConfigServer Security and Firewall (CSF) on Alpine Linux

Introduction

ConfigServer Security and Firewall (CSF) is a powerful and flexible firewall solution for Linux servers. It protects your server from threats like:

• Brute-force attacks
• DDoS attacks
• Port scanning

Key Features

• Email Alerts
• DDoS Protection
• Country Blocking
• Integration with cPanel and DirectAdmin
• Scripts and Plugins

Prerequisites

Before installing CSF, ensure you have:

• Root or sudo access to your Alpine Linux server
• Active internet connection
• Basic understanding of firewall concepts
• Terminal access to your server

Installing CSF on Alpine Linux

Step 1: Prepare the System

1. Add Alpine Linux Edge Community Repository:

echo "http://dl-cdn.alpinelinux.org/alpine/edge/main" > /etc/apk/repositories
echo "http://dl-cdn.alpinelinux.org/alpine/edge/community" >> /etc/apk/repositories

2. Update system packages:

apk update && apk upgrade

Step 2: Install Dependencies

Install required packages for CSF:

apk add wget iptables perl perl-libwww perl-time-hires perl-io-socket-ssl unzip

Additional dependencies for enhanced functionality:

apk add perl-net-libidn perl-io-socket-inet6 perl-socket6

Step 3: Download and Install CSF

1. Navigate to the opt directory:

cd /opt

2. Download CSF package:

wget https://download.configserver.com/csf.tgz --no-check-certificate

3. Extract the package:

tar -xzf csf.tgz

4. Navigate to CSF directory and run installation:

cd csf
sh install.sh

Step 4: Verify Installation

Test if CSF can work on your system:

cd /usr/local/csf/bin/
perl csftest.pl

You should see a message indicating that CSF should work on your server.

Configuring CSF

Basic Configuration

1. Edit the main configuration file:

nano /etc/csf/csf.conf

2. Key settings to configure:

Testing Mode (Disable for Production):

TESTING = "0"

Email Alerts:

LF_ALERT_TO = "[email protected]"
LF_ALERT_FROM = "csf@your_server.com"

TCP Ports (Inbound):

TCP_IN = "20,21,22,25,53,80,110,143,443,993,995"

TCP Ports (Outbound):

TCP_OUT = "20,21,22,25,53,80,110,113,443"

UDP Ports (Inbound/Outbound):

UDP_IN = "20,21,53"
UDP_OUT = "20,21,53,113,123"

Advanced Configuration

Login Failure Detection:

LF_SSHD = "5"          # SSH login failures
LF_SSHD_PERM = "1"     # Permanent block after threshold

Connection Tracking:

CT_LIMIT = "30"        # Connection limit per IP
CT_BLOCK_TIME = "1800" # Block time in seconds

Country Blocking:

CC_DENY = "CN,RU"      # Block specific countries
CC_ALLOW = "US,GB"     # Allow specific countries

Whitelist Important IPs

Add trusted IP addresses to whitelist:

nano /etc/csf/csf.allow

Add your IPs (one per line):

# Your office IP
203.0.113.1
# Your home IP
198.51.100.1

Managing CSF

Start/Stop/Restart CSF

Start CSF:

csf -s

Stop CSF:

csf -f

Restart CSF:

csf -r

Common Commands

Check CSF status:

csf -l

Test configuration:

csf -t

Block an IP temporarily:

csf -td 192.168.1.100 "Temporary block"

Block an IP permanently:

csf -d 192.168.1.100 "Permanent block"

Unblock an IP:

csf -dr 192.168.1.100

View Logs

Check CSF logs:

tail -f /var/log/lfd.log

View current blocks:

csf -g

CSF Web Interface (Optional)

Install CSF Web UI for easier management:

1. Download the web interface:

cd /opt
wget https://download.configserver.com/csf.tgz --no-check-certificate

2. Configure web interface in /etc/csf/csf.conf:

UI = "1"
UI_PORT = "6666"
UI_USER = "admin"
UI_PASS = "your_secure_password"

3. Restart CSF:

csf -r

Access via: https://your_server_ip:6666

Security Best Practices

1. Regular Monitoring

• Review logs daily: /var/log/lfd.log
• Monitor blocked IPs
• Check for false positives

2. Configuration Backup

cp /etc/csf/csf.conf /etc/csf/csf.conf.backup

3. Testing Changes

Always test configuration changes:

csf -t

4. Gradual Implementation

• Start with TESTING = “1”
• Monitor for 24-48 hours
• Set TESTING = “0” when confident

Troubleshooting

Common Issues

CSF Won’t Start:

# Check if iptables is running
rc-service iptables status

# Restart iptables if needed
rc-service iptables restart

Email Alerts Not Working:

# Test email configuration
echo "Test" | mail -s "CSF Test" [email protected]

High CPU Usage:

• Reduce log verbosity in csf.conf
• Increase check intervals
• Optimize regex patterns

Recovery Mode

If locked out, access via console and:

csf -x  # Stop CSF
csf -f  # Flush all rules

Performance Optimization

Optimize for Alpine Linux

1. Memory Usage:

# Edit /etc/csf/csf.conf
PT_LIMIT = "10"        # Reduce process tracking
PT_USERPROC = "5"      # Limit user processes

2. Log Rotation:

# Setup logrotate for CSF logs
echo '/var/log/lfd.log {
    weekly
    rotate 4
    compress
    delaycompress
    missingok
    notifempty
}' > /etc/logrotate.d/csf

Monitoring and Maintenance

Daily Tasks

1. Review blocked IPs
2. Check system logs
3. Verify legitimate traffic isn’t blocked

Weekly Tasks

1. Update CSF: csf -u
2. Review configuration
3. Backup settings

Monthly Tasks

1. Analyze attack patterns
2. Update whitelists/blacklists
3. Performance review

Uninstalling CSF

If you need to remove CSF:

cd /usr/local/csf
sh uninstall.sh

Remove packages:

apk del perl perl-libwww perl-time-hires

Conclusion

You have successfully installed and configured ConfigServer Security and Firewall (CSF) on Alpine Linux. CSF provides robust protection against various threats including brute-force attacks, DDoS attempts, and unauthorized access.

Key takeaways:

• Always test configurations before production deployment
• Monitor logs regularly for security events
• Keep CSF updated for latest security features
• Backup configurations before making changes
• Use whitelisting for trusted IPs and services

CSF, combined with Alpine Linux’s security-focused architecture, provides a powerful defense system for your server infrastructure. Regular monitoring and maintenance will ensure optimal security and performance.