Setelah kita mengetahui CSF (ConfigServer dan Firewall) , langkah berikutnya adalah setup CSF.

Langkah-langkah setup CSF adalah

  1.  Sesuai dengan http://configserver.com/free/csf/install.txt :
    rm -fv csf.tgz
    wget http://www.configserver.com/free/csf.tgz
    tar -xzf csf.tgz
    cd csf
    sh install.sh
  2. Pelajari comand line csf:
    # csf -h
    csf: v6.48 (generic)
    csf(1)                                                                  csf(1)

    NAME
           csf – ConfigServer & Security Firewall

    SYNOPSIS
           csf [OPTIONS]

    DESCRIPTION
           This manual documents the csf command line options for the ConfigServer
           & Security Firewall. See /etc/csf/csf.conf and /etc/csf/readme.txt  for
           more detailed information on how to use and configure this application.

    OPTIONS
           -h,  –help
                  Show this message

           -l,  –status
                  List/Show the IPv4 iptables configuration

           -l6, –status6
                  List/Show the IPv6 ip6tables configuration

           -s,  –start
                  Start the firewall rules

           -f,  –stop
                  Flush/Stop firewall rules (Note: lfd may restart csf)

           -r,  –restart
                  Restart firewall rules

           -q,  –startq
                  Quick restart (csf restarted by lfd)

           -sf, –startf
                  Force CLI restart regardless of LFDSTART setting

           -a,  –add ip [comment]
                  Allow an IP and add to /etc/csf/csf.allow

           -ar, –addrm ip
                  Remove an IP from /etc/csf/csf.allow and delete rule

           -d,  –deny ip [comment]
                  Deny an IP and add to /etc/csf/csf.deny

           -dr, –denyrm ip
                  Unblock an IP and remove from /etc/csf/csf.deny

           -df, –denyf
                  Remove and unblock all entries in /etc/csf/csf.deny

           -g,  –grep ip
                  Search the iptables and ip6tables rules for a  match  (e.g.  IP,
                  CIDR, Port Number)

           -t,  –temp
                  Displays the current list of temporary allow and deny IP entries
                  with their TTL and comment

           -tr, –temprm ip
                  Remove an IP from the temporary IP ban or allow list

           -td, –tempdeny ip ttl [-p port] [-d direction] [comment]
                  Add an IP to the temp IP ban list. ttl is how long to blocks for
                  (default:seconds,  can  use one suffix of h/m/d). Optional port.
                  Optional direction of block can be one  of:  in,  out  or  inout
                  (default:in)

           -ta, –tempallow ip ttl [-p port] [-d direction] [comment]
                  Add an IP to the temp IP allow list (default:inout)

           -tf, –tempf
                  Flush all IPs from the temporary IP entries

           -cp, –cping
                  PING all members in an lfd Cluster

           -cd, –cdeny ip
                  Deny an IP in a Cluster and add to /etc/csf/csf.deny

           -ca, –callow ip
                  Allow an IP in a Cluster and add to /etc/csf/csf.allow

           -car, –carm ip
                  Remove    allowed    IP   in   a   Cluster   and   remove   from
                  /etc/csf/csf.allow

           -cr, –crm ip
                  Unblock an IP in a Cluster and remove from /etc/csf/csf.deny

           -cc, –cconfig [name] [value]
                  Change configuration option [name] to [value] in a Cluster

           -cf, –cfile [file]
                  Send [file] in a Cluster to /etc/csf/

           -crs, –crestart
                  Cluster restart csf and lfd

           -w,  –watch ip
                  Log SYN packets for an IP across iptables chains

           -m,  –mail [email]
                  Display Server Check in HTML or email to [email] if present

           -lr, –logrun
                  Initiate Log Scanner report via lfd

           –profile [command] [profile|backup] [profile|backup]
                  Configuration profile functions for /etc/csf/csf.conf
                  You can create your own profiles using the examples provided  in
                  /usr/local/csf/profiles/
                  The  profile  reset_to_defaults.conf  is a special case and will
                  always be the latest default csf.conf

                  list
                  Lists available profiles and backups

                  apply [profile]
                  Modify csf.conf with Configuration Profile

                  backup “name”
                  Create Configuration  Backup  with  optional  “name”  stored  in
                  /var/lib/csf/backup/

                  restore [backup]
                  Restore a Configuration Backup

                  keep [num]
                  Remove old Configuration Backups and keep the latest [num]

                  diff [profile|backup] [profile|backup]
                  Report  differences between Configuration Profiles or Configura-
                  tion Backups, only specify one [profile|backup]  to  compare  to
                  the current Configuration

           -c,  –check
                  Check for updates to csf but do not upgrade

           -u,  –update
                  Check for updates to csf and upgrade if available

           -uf    Force an update of csf whether and upgrade is required or not

           -x,  –disable
                  Disable csf and lfd completely

           -e,  –enable
                  Enable csf and lfd if previously disabled

           -v,  –version
                  Show csf version

    FILES
           /etc/csf/csf.conf
                  The system wide configuration file
           /etc/csf/readme.txt
                  Detailed information about csf and lfd

    BUGS
           Report bugs on the forums at http://forum.configserver.com

    AUTHOR
           (c)2006-2014, Way to the Web Limited (http://www.configserver.com)

  3. Pelajari /etc/csf/csf.conf
    Pada folder /etc/csf banyak file konfigurasi.
    Setelah anda mengubah sebuah file konfigurasi jalankan perintah:
    #csf -f
    #csf -s
    Akan lebih baik jika anda melakukan blok/unblok dengan menggunakan perintah csf.
    Update langsung kadang-kadang mempunyai dampak tidak seperti yang kita inginkan, jika ini terjadi silahkan restart server anda.
  4. Pelajari /etc/csf/readme.txt
  5. Pelajari http://www.rsyslog.com/

Pastikan perl ada pada saat instalasi. Jika tidak ada perl, saat kita start manual akan muncul:
# /etc/init.d/csf start
Starting csf:./csf: /usr/sbin/csf: /usr/bin/perl: bad interpreter: No such file or directory
                                                           [  OK  ]

Kunjungi www.proweb.co.id untuk menambah wawasan anda.

Setup CSF pada Centos 6
× Ada yang dapat saya bantu ? Available on SundayMondayTuesdayWednesdayThursdayFridaySaturday