ConfigServer安全和防火墙(CSF)是Linux上流行的开源状态状态数据包检查(SPI)安全工具。此外,它为iptables提供了一个简单的界面来保护Linux服务器。CSF具有多种功能,例如状态数据包检查防火墙,入侵检测,登录失败守护程序,DDOS保护和控制面板集成。
在Ubuntu 20.04 LTS Focal Fossa上安装CSF防火墙
步骤1.首先,通过apt
在终端中运行以下命令来确保所有系统软件包都是最新的。
sudo apt update
sudo apt upgrade
步骤2.在Ubuntu 20.04上安装CSF Firewall。
现在,我们从其官方网站下载最新的CSF存档源代码:
wget http://download.configserver.com/csf.tgz
接下来,解压缩下载的文件,然后运行其安装脚本:
tar -xvzf csf.tgz cd csf sudo bash install.sh
之后,运行Perl脚本以验证是否在系统上安装了所有必需的iptables模块,以使其正常工作:csftest.pl
sudo perl /usr/local/csf/bin/csftest.pl
输出:
Testing ip_tables/iptable_filter...OK Testing ipt_LOG...OK Testing ipt_multiport/xt_multiport...OK Testing ipt_REJECT...OK Testing ipt_state/xt_state...OK Testing ipt_limit/xt_limit...OK Testing ipt_recent...OK Testing xt_connlimit...OK Testing ipt_owner/xt_owner...OK Testing iptable_nat/ipt_REDIRECT...OK Testing iptable_nat/ipt_DNAT...OK RESULT: csf should function on this server
步骤3.配置CSF。
现在,根据您的安全标准配置CSF。您可以通过编辑文件进行配置:/etc/csf/csf.conf
nano /etc/csf/csf.conf
根据您的要求更改以下行:
TESTING = "0" RESTRICT_SYSLOG = "3" TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995" # Allow outgoing TCP ports TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995" # Allow incoming UDP ports UDP_IN = "20,21,53,80,443" # Allow outgoing UDP ports # To allow outgoing traceroute add 33434:33523 to this list UDP_OUT = "20,21,53,113,123" # Allow incoming PING. Disabling PING will likely break external uptime # monitoring ICMP_IN = "1"
保存并关闭文件,然后使用以下命令重新启动CSF:
csf -r csf -l
输出:
iptables mangle table ===================== Chain PREROUTING (policy ACCEPT 55 packets, 3332 bytes) num pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 48 packets, 3054 bytes) num pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 24 packets, 15822 bytes) num pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 24 packets, 15822 bytes) num pkts bytes target prot opt in out source destination iptables raw table ================== Chain PREROUTING (policy ACCEPT 51 packets, 3321 bytes) num pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 24 packets, 15966 bytes) num pkts bytes target prot opt in out source destination iptables nat table ================== Chain PREROUTING (policy ACCEPT 12 packets, 1410 bytes) num pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 1 packets, 69 bytes) num pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 1 packets, 23 bytes) num pkts bytes target prot opt in out source destination
步骤4.访问CSF Web界面。
CSF提供了基于Web的界面,可通过Web浏览器管理防火墙。首先,使用以下命令编辑CSF主配置文件:
nano /etc/csf/csf.conf
添加以下行:
#Enable Web UI UI = "1" #Listening Port UI_PORT = "8080" #Admin username UI_USER = "admin" #Admin user password UI_PASS = "your-password" #Listening Interface UI_IP = ""
完成后保存并关闭文件。然后,您将需要编辑文件,并从要访问CSF Web UI的位置添加服务器IP地址和远程计算机IP。/etc/csf/ui/ui.allow
nano /etc/csf/ui/ui.allow
添加服务器IP和远程计算机IP:
your-server-ip remote-machine-ip
保存并关闭文件,然后重新启动CSF和LFD服务以应用更改:
csf -r service lfd restart
最后,打开Web浏览器并搜索服务器IP地址,然后搜索端口8080:
http ://您的服务器-ip:8080
恭喜你!您已经成功安装了CSF。感谢您使用本教程在Ubuntu 20.04 LTS Focal Fossa系统上安装ConfigServer安全性和防火墙。有关其他帮助或有用信息,我们建议您检查CSF官方网站。
原创文章,作者:校长,如若转载,请注明出处:https://www.yundongfang.com/Yun44120.html