Install CSF on Ubuntu 20.04/22.04

Start by disabling any existing firewalls on Ubuntu:

sudo ufw disable
sudo systemctl stop firewalld
sudo systemctl disable firewalld

Next, update your package list:

sudo apt update -y

Install required packages:

sudo apt install perl zip unzip libwww-perl liblwp-protocol-https-perl ipset

Download CSF:

sudo wget

Extract and install CSF:

sudo tar -xzf csf.tgz
cd csf
sudo sh

Change the path for IPTABLES on Ubuntu:

sudo nano /etc/csf/csf.conf

Change the IP tables paths as follows:

IPTABLES = "/usr/sbin/iptables"
IPTABLES_SAVE = "/usr/sbin/iptables-save"
IPTABLES_RESTORE = "/usr/sbin/iptables-restore"
IP6TABLES = "/usr/sbin/ip6tables"
IP6TABLES_SAVE = "/usr/sbin/ip6tables-save"
IP6TABLES_RESTORE = "/usr/sbin/ip6tables-restore"

Notice, the /usr/sbin, as opposed to just the /sbin/

Change the log file paths as follows:

HTACCESS_LOG = "/var/log/apache2/error.log"
MODSEC_LOG = "/var/log/apache2/error.log"
SSHD_LOG = "/var/log/auth.log"
SU_LOG = "/var/log/syslog"
SUDO_LOG = "/var/log/auth.log"
FTPD_LOG = "/var/log/syslog"
SMTPAUTH_LOG = "/var/log/auth.log"
POP3D_LOG = "/var/log/mail.log"
IMAPD_LOG = "/var/log/mail.log"
IPTABLES_LOG = "/var/log/syslog"
SUHOSIN_LOG = "/var/log/syslog"
BIND_LOG = "/var/log/syslog"
SYSLOG_LOG = "/var/log/syslog"
WEBMIN_LOG = "/var/log/auth.log"

Enable IPSET as follows:

LF_IPSET = "1"

Disable testing mode by setting the following:


Restrict the syslog access to the syslog group by setting the following:


Finally, restart csf and lfd:

csf -r
systemctl restart lfd