Start by disabling any existing firewalls on Ubuntu:
sudo ufw disable
sudo systemctl stop firewalld
sudo systemctl disable firewalld
Next, update your package list:
sudo apt update -y
Install required packages:
sudo apt install perl zip unzip libwww-perl liblwp-protocol-https-perl ipset
Download CSF:
sudo wget http://download.configserver.com/csf.tgz
Extract and install CSF:
sudo tar -xzf csf.tgz
cd csf
sudo sh install.sh
Change the path for IPTABLES on Ubuntu:
sudo nano /etc/csf/csf.conf
Change the IP tables paths as follows:
IPTABLES = "/usr/sbin/iptables"
IPTABLES_SAVE = "/usr/sbin/iptables-save"
IPTABLES_RESTORE = "/usr/sbin/iptables-restore"
IP6TABLES = "/usr/sbin/ip6tables"
IP6TABLES_SAVE = "/usr/sbin/ip6tables-save"
IP6TABLES_RESTORE = "/usr/sbin/ip6tables-restore"
Notice, the /usr/sbin, as opposed to just the /sbin/
Change the log file paths as follows:
HTACCESS_LOG = "/var/log/apache2/error.log"
MODSEC_LOG = "/var/log/apache2/error.log"
SSHD_LOG = "/var/log/auth.log"
SU_LOG = "/var/log/syslog"
SUDO_LOG = "/var/log/auth.log"
FTPD_LOG = "/var/log/syslog"
SMTPAUTH_LOG = "/var/log/auth.log"
POP3D_LOG = "/var/log/mail.log"
IMAPD_LOG = "/var/log/mail.log"
IPTABLES_LOG = "/var/log/syslog"
SUHOSIN_LOG = "/var/log/syslog"
BIND_LOG = "/var/log/syslog"
SYSLOG_LOG = "/var/log/syslog"
WEBMIN_LOG = "/var/log/auth.log"
Enable IPSET as follows:
LF_IPSET = "1"
Disable testing mode by setting the following:
TESTING = "0"
Restrict the syslog access to the syslog group by setting the following:
RESTRICT_SYSLOG = "3"
Finally, restart csf and lfd:
csf -r
systemctl restart lfd