CSF

From Psygen Wiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

CSF (Config Server Firewall) is an iptables management script and logging daemon.


Command Line Options

csf -h - get help for CSF command line options

csf -g IP_Address - Look (grep) for an IP address to see if it's blocked

csf -a IP_Address - permanently allows the specified IP address

csf -d IP_Address "Your comment goes here" - Blocks the specified IP address, comment tells why

csf -dr IP_Address - Removes a blocked IP from being blocked

csf -ra - Restart CSF and LFD (leave off the a to restart just CSF)


Configuration Files

CSF and LFD settings are stored in:
/etc/csf

csf.conf - main CSF configuration file


Logs

See Log Locations

LFD (the logging daemon component of CSF) by default sends e-mails to root. If you want to send the e-mails somewhere else, you have two options:

- Specify an e-mail address in LF_ALERT_TO = in csf.conf

- Setup a forwarder in WHM>>Server Contacts>>Edit System Mail Preferences (this is the preferred method for cPanel servers.)

There is a third option.

LFD stores all the alert templates in: /etc/csf/alerts

If the LF_ALERT_TO = setting in csf.conf is blank, LFD will use the settings in the templates.

You can change the "from" and "to" settings in these templates to change where the e-mails for each are delivered, but you have to modify each template (as opposed to changing them all at once in csf.conf)

This does give you the option to specify a different e-mail address for each alert.

References

  1. Linux FAQ Manage CSF