Enable UI in CSF Firewall on CentOS
CSF Firewall come with standalone UI. This is disabled by default. On CentOS, install following requirments
1 |
yum install perl-IO-Socket-SSL perl-Net-SSLeay perl-Net-LibIDN perl-IO-Socket-INET6 perl-Socket6 |
Edit CSF configuration file
1 |
vi /etc/csf/csf.conf |
Find
1 |
UI = "0" |
Replace with
1 |
UI = "1" |
Change following settins as needed.
1 2 3 |
UI_PORT = "6666" UI_USER = "username" UI_PASS = "password" |
By Default, only whitelisted IP can access the UI, to white list your IP, run
1 |
echo "YOUR_IP_ADDR" >> /etc/csf/ui/ui.allow |
If you want to allow CSF UI from all IP address, then set UI_ALLOW to 0 in csf.conf
1 |
UI_ALLOW = "0" |
CSF use a self signed SSL, if you have an SSL cert, you can use it. SSL certificate is avaiable in folder
1 |
/etc/csf/ui/ |
To use LetsEncrypt Free SSL certificate for CSF UI, i set symlink to ssl cert.
1 2 3 4 5 |
cd /etc/csf/ui mv server.key server.key.old mv server.crt server.crt.old ln -s /etc/letsencrypt/live/DOMAIN/fullchain.pem server.crt ln -s /etc/letsencrypt/live/DOMAIN/privkey.pem server.key |
Now restart CSF and LDF
1 2 |
systemctl restart lfd systemctl restart csf |
You will see CSF UI running on port 6666.
1 2 3 4 5 6 7 8 9 10 11 12 13 |
[root@grupo conf.d]# netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:6666 0.0.0.0:* LISTEN 20605/lfd UI tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 23918/mysqld tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 2203/perl tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1275/master tcp 0 0 0.0.0.0:3333 0.0.0.0:* LISTEN 19061/sshd tcp6 0 0 :::80 :::* LISTEN 19810/httpd tcp6 0 0 ::1:25 :::* LISTEN 1275/master tcp6 0 0 :::443 :::* LISTEN 19810/httpd tcp6 0 0 :::3333 :::* LISTEN 19061/sshd [root@grupo conf.d]# |