Useful CSF commands in Linux
Useful CSF commands in Linux
CSF, a firewall application suite for Linux servers. CSF is also a Login/Intrusion Detection for applications like SSH, SMTP, IMAP, Pop3, the “su” command etc,.
It also checks for login authentication failures on mail servers (Exim, IMAP, Dovecot, uw-imap, Kerio), OpenSSH servers, Ftp servers (Pure-ftpd, vsftpd, Proftpd), cPanel server. CSF is a good security solution for hosting servers and can be integrated into the user interface (UI) of WHM/cPanel, DirectAdmin, and Webmin control panels.
Useful CSF commands in Linux
For installing CSF (Config Server Firewall) on Centos
Here, we can see some useful csf commands with definitions
| ATTRIBURE | OPTIONS | DESCRIPTION |
|---|---|---|
| -h | --help | Show help message |
| -l | --status | List/Show the IPv4 iptables configuration |
| -l6 | --status6 | List/Show the IPv6 ip6tables configuration |
| -s | --start | Start the firewall rules |
| -f | --stop | Flush/Stop firewall rules (Note: lfd may restart csf) |
| -r | --restart | Restart firewall rules (csf) |
| -q | --startq | Quick restart (csf restarted by lfd) |
| -sf | --restartall | Restart firewall rules (csf) and then restart lfd daemon. Both csf and then lfd should be restarted after making any changes to the configuration files |
| --lfd | [stop|start|restart|status] | Actions to take with the lfd daemon |
| -a | --add ip [comment] | Allow an IP and add to /etc/csf/csf.allow |
| -ar | --addrm ip | Remove an IP from /etc/csf/csf.allow and delete rule |
| -d | --deny ip [comment] | Deny an IP and add to /etc/csf/csf.deny |
| -dr | -denyrm ip | Unblock an IP and remove from /etc/csf/csf.deny |
| -df | --denyf | Remove and unblock all entries in /etc/csf/csf.deny |
| -g | --grep ip | Search the iptables and ip6tables rules for a match (e.g. IP, CIDR, Port Number) |
| -i | --iplookup ip | Lookup IP address geographical information using CC_LOOKUPS setting in /etc/csf/csf.conf |
| -t | --temp | Displays the current list of temporary allow and deny IP entries with their TTL and comment |
| -tr | --temprm ip | Remove an IP from the temporary IP ban or allow list |
| -td | --tempdeny ip ttl [-p port] [-d direction] [comment] | Add an IP to the temp IP ban list. ttl is how long to blocks for (default:seconds, can use one suffix of h/m/d). Optional port. Optional direction of block can be one of: in, out or inout (default:in) |
| -ta | --tempallow ip ttl [-p port] [-d direction] [comment] | Add an IP to the temp IP allow list (default:inout) |
| -tf | --tempf | Flush all IPs from the temporary IP entries |
| -cp | --cping | PING all members in an lfd Cluster |
| -cg | --cgrep ip | Requests the --grep output for IP from each member in an lfd Cluster |
| -cd | --cdeny ip [comment] | Deny an IP in a Cluster and add to each remote /etc/csf/csf.deny |
| -ctd | --crm ip | Unblock an IP in a Cluster and remove from each remote /etc/csf/csf.deny and temporary list |
| -ca | --callow ip [comment] | Allow an IP in a Cluster and add to each remote /etc/csf/csf.allow |
| -cta | --ctempallow ip ttl [-p port] [-d direction] [comment] | Add an IP in a Cluster to the temp IP allow list (default:in) |
| -car | --carm ip | Remove allowed IP in a Cluster and remove from each remote /etc/csf/csf.allow and temporary list |
| -ci | --cignore ip [comment] | Ignore an IP in a Cluster and add to each remote . /etc/csf/csf.ignore. Note: This will result in lfd being restarted |
| -cc | --cconfig [name] [value] | Change configuration option [name] to [value] in a Cluster |
| -cf | --cfile [file] | Send [file] in a Cluster to /etc/csf/ |
| -crs | --crestart | Cluster restart csf and lfd |
| --trace | [add|remove] ip | Log SYN packets for an IP across iptables chains. Note, this can create a LOT of logging information in /var/log/messages so should only be used for a short period of time. This option requires the iptables TRACE module and access to the raw PRE-ROUTING chain to function |
| -m | --mail [email] | Display Server Check in HTML or email to [email] if present |
| --rbl | [email] | Process and display RBL Check in HTML or email to [email] if present |
| -lr | --logrun | View ports on the server that have a running process behind them listening for external connections |
| --graphs | [graph type] [directory] | Generate System Statistics html pages and images for a given graph type into a given directory. |
| --profile | --profile [command] [profile|backup] [profile|backup] | Configuration profile functions for /etc/csf/csf.conf. You can create your own profiles using the examples provided in /usr/local/csf/profiles/. The profile reset_to_defaults.conf is a special case and will always be the latest default csf.conf |
| --cloudflare | --cloudflare [command] | Commands for interacting with the CloudFlare firewall. |
| -c | --check | Check for updates to csf but do not upgrade |
| -u | --update | Check for updates to csf and upgrade if available |
| -uf | Force an update of csf whether and upgrade is required or not | |
| -x | --disable | Disable csf and lfd completely |
| -e | --enable | Enable csf and lfd if previously disabled |
| -v | --version | Show csf version |
Hope this article helps your need, Please share your valuable comments to improve us.
To know about cron jobs : Click here
Nice post.
Thanks for sharing the knowledge
good nice information about csf