Wụnye ma hazie ConfigServer Security & Firewall (CSF) na Linux

Ọ bụrụ n’ilele akwụkwọ nbipụta ọrụ metụtara IT n’ebe ọ bụla, ị ga-ahụ na a na-achọsi ike maka uru nchekwa. Nke a apụtaghị na cybersecurity bụ ebe ọmụmụ ihe na-atọ ụtọ, kamakwa ọ na-enye ezigbo ego.

N'iburu nke ahụ n'uche, n'isiokwu a, anyị ga-akọwa otu esi etinye ma hazie ConfigServer Security & Firewall (nke a makwaara dị ka CSF maka mkpụmkpụ), ụlọ nchekwa zuru oke maka Linux, ma kesaa ihe abụọ eji eme ihe. Ị ga-enwe ike iji CSF dị ka firewall na intrusion/nbanye ọdịda na-achọpụta ọdịda iji mee ka sava ndị ị na-ahụ maka ya sie ike.

Enweghị adieu ọzọ, ka anyị malite.

Ịwụnye na ịhazi CSF na Linux

Iji malite, biko mara na Perl na libwww bụ ihe achọrọ iji wụnye CSF na nkesa ọ bụla akwadoro (RHEL na CentOS, openSUSE, Debian, na Ubuntu). Ebe ọ bụ na ọ ga-adị na ndabara, ọ nweghị ihe achọrọ n'akụkụ gị ọ gwụla ma otu n'ime usoro ndị a weghachiri njehie na-egbu egbu (ọ bụrụ na, jiri usoro njikwa ngwugwu iji wụnye ndabere efu).

# yum install perl-libwww-perl
# apt install libwww-perl

# cd /usr/src
# wget https://download.configserver.com/csf.tgz

# tar xzf csf.tgz
# cd csf

Akụkụ nke usoro a ga-elele na etinyere ihe niile dabere, mepụta usoro ndekọ na faịlụ dị mkpa maka interface weebụ, chọpụta ọdụ ụgbọ mmiri mepere emepe ugbu a, ma chetara gị ka ịmalitegharịa csf na lfd daemons mgbe ịmechara nhazi mbụ.

# sh install.sh
# perl /usr/local/csf/bin/csftest.pl

Mpụta a tụrụ anya na iwu dị n'elu bụ nke a:

Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK

RESULT: csf should function on this server

Gbanyụọ firewalld ma ọ bụrụ na ọ na-agba ọsọ ma hazie CSF.

# systemctl stop firewalld
# systemctl disable firewalld

Gbanwee TESTING = \1 ka ọ bụrụ TESTING = \0 (ma ọ bụghị ya, lfd daemon agaghị amalite) wee depụta ọdụ ụgbọ mmiri na-abata na nke na-apụ apụ dị ka a Ndepụta rikoma-kewapụrụ (TCP_IN na TCP_OUT, otu ọ bụla) na /etc/csf/csf.conf dị ka egosiri na mmepụta n'okpuru:

# Testing flag - enables a CRON job that clears iptables incase of
# configuration problems when you start csf. This should be enabled until you
# are sure that the firewall works - i.e. incase you get locked out of your
# server! Then do remember to set it to 0 and restart csf when you're sure
# everything is OK. Stopping csf will remove the line from /etc/crontab
#
# lfd will not start while this is enabled
TESTING = "0"

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"

# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995"

Ozugbo ị nwere obi ụtọ na nhazi ahụ, chekwaa mgbanwe ma laghachi na akara iwu.

# systemctl restart {csf,lfd}
# systemctl enable {csf,lfd}
# systemctl is-active {csf,lfd}
# csf -v

N'oge a, anyị dị njikere ịmalite ịmepụta firewall na iwu nchọpụta intrusion dị ka a tụlere na-esote.

Ịtọlite CSF na Iwu Nchọpụta Intrusion

Nke mbụ, ị ga-achọ inyocha iwu firewall dị ugbu a dị ka ndị a:

# csf -l

Ị nwekwara ike ịkwụsị ha ma ọ bụ bugharịa ha site na:

# csf -f
# csf -r

n'otu n'otu. Gbaa mbọ hụ na iburu nhọrọ ndị a n'isi - ị ga-achọ ha ka ị na-aga, ọkachasị ịlele mgbe ịmechara mgbanwe wee malitegharịa csf na lfd.

Iji kwe ka njikọ mbata sitere na 192.168.0.10.

# csf -a 192.168.0.10

N'otu aka ahụ, ị nwere ike ịgọnarị njikọ sitere na 192.168.0.11.

# csf -d 192.168.0.11

Ị nwere ike iwepụ nke ọ bụla n'ime iwu ndị a dị n'elu ma ọ bụrụ na ịchọrọ ime ya.

# csf -ar 192.168.0.10
# csf -dr 192.168.0.11

Rịba ama ka iji -ar ma ọ bụ -dr dị n'elu na-ewepụ ikike dị adị ma jụ iwu metụtara adreesị IP enyere.

Dabere na ebumnuche ebumnuche nke ihe nkesa gị, ị nwere ike ịmachi njikọ mbata na nọmba nchekwa na ọdụ ọdụ ụgbọ mmiri. Iji mee nke a, mepee /etc/csf/csf.conf wee chọọ CONNLIMIT. Ị nwere ike ịkọwa ọtụtụ ọdụ ụgbọ mmiri; njikọ ụzọ abụọ kewara site rikoma. Ọmụmaatụ,

CONNLIMIT = "22;2,80;10"

ga-ekwe ka njikọ 2 na 10 na-abata site n'otu ebe gaa na ọdụ ụgbọ mmiri TCP 22 na 80, n'otu n'otu.

Enwere ọtụtụ ụdị njikere ị nwere ike ịhọrọ. Chọọ ntọala EMAIL_ALERT na /etc/csf/csf.conf wee hụ na edobere ha na \1\ iji nweta ọkwa emetụtara. Ọmụmaatụ,

 
LF_SSH_EMAIL_ALERT = "1"
LF_SU_EMAIL_ALERT = "1"

ga-eme ka ezipụ ọkwa na adreesị akọwapụtara na LF_ALERT_TO oge ọ bụla mmadụ na-abanye nke ọma site na SSH ma ọ bụ gbanwee gaa na akaụntụ ọzọ site na iji iwu su.

Nhọrọ na ojiji nhazi CSF

A na-eji nhọrọ ndị a iji gbanwee na jikwaa nhazi csf. Faịlụ nhazi niile nke csf dị n'okpuru /etc/csf directory. Ọ bụrụ na ị gbanwee nke ọ bụla n'ime faịlụ ndị a, ị ga-achọ ịmalitegharị csf daemon iji mee mgbanwe.

• csf.conf : Faịlụ nhazi bụ isi maka ịchịkwa CSF.
• csf.allow : Ndepụta adreesị IP na adreesị CIDR anabatara na firewall.
• csf.deny : Ndepụta nke adreesị IP na adreesị CIDR jụrụ na firewall.
• csf.ignore: Ndepụta IP na adreesị CIDR a na-eleghara anya na firewall.
• csf.* leghaara anya: Ndepụta nke faịlụ ndị ọrụ dị iche iche na-eleghara anya, IP.

Wepu CSF Firewall

Ọ bụrụ na ị ga-achọ iwepụ CSF firewall kpamkpam, dị nnọọ na-agba ọsọ na-esonụ script dị n'okpuru /etc/csf/uninstall.sh directory.

# /etc/csf/uninstall.sh

Iwu a dị n'elu ga-ehichapụ CSF firewall kpamkpam na faịlụ na nchekwa niile.

N'isiokwu a, anyị akọwala otu esi etinye, hazie, na iji CSF dị ka firewall na usoro nchọpụta intrusion. Biko mara na edepụtara atụmatụ ndị ọzọ na csf.conf.

Dịka ọmụmaatụ, Ọ bụrụ na ị nọ na azụmahịa nnabata webụ, ị nwere ike ijikọ CSF na ngwọta njikwa dị ka Webmin.

Ị nwere ajụjụ ọ bụla ma ọ bụ kwuo gbasara akụkọ a? Enwere onwe gị iji fọm dị n'okpuru zitere anyị ozi. Anyị na-atụ anya ịnụ gị!