Skip to content

How to Enable CSF on CyberPanel for Ubuntu 22.04: A Simple Step-by-Step Guide

How to Enable CSF on CyberPanel for Ubuntu 22.04 - Softwarecosmos.com

Keeping your web server safe is super important. Using CyberPanel, a handy tool for managing websites, along with ConfigServer Security & Firewall (CSF), can help protect your server from online threats. This guide will show you how to enable CSF on CyberPanel running Ubuntu 22.04 in an easy-to-follow way, making sure your server stays secure and runs smoothly.

What Are CyberPanel and CSF?

CyberPanel is a tool that helps you manage your websites easily. It uses OpenLiteSpeed, a fast web server, making tasks like setting up websites, databases, and email accounts simple even if you’re not a tech expert.

ConfigServer Security & Firewall (CSF) is a security tool that protects your server from online threats. It controls who can access your server, blocks bad traffic, and keeps an eye out for suspicious activities.

Using CyberPanel with CSF gives your server strong protection while keeping it easy to manage.

What You Need Before Getting Started

Before you start, make sure you have:

  • A server with Ubuntu 22.04: Your server should be set up and running Ubuntu 22.04.
  • CyberPanel installed: Make sure CyberPanel is already installed on your server.
  • Root or sudo access: You need administrative rights to install and set up CSF.
  • Basic knowledge of Linux commands: Knowing some basic terminal commands will help you go through the steps smoothly.
See also  How to Add Port 80 and 443 for Apache on CentOS

Installing CSF on Ubuntu 22.04: Step by Step

Follow these easy steps to install CSF on your Ubuntu 22.04 server.

Step 1: Update Your System

First, update your system to make sure all your software is up to date.

Open the terminal and type:

sudo apt update && sudo apt upgrade -y

This command updates the list of available packages and upgrades them to the latest versions.

Step 2: Install Required Programs

CSF needs some extra programs to work properly. Install them by typing:

sudo apt install -y libwww-perl liblwp-protocol-https-perl unzip

Here’s what these programs do:

  • libwww-perl: Helps with web-related tasks.
  • liblwp-protocol-https-perl: Adds HTTPS support.
  • unzip: Lets you open zipped files.

Step 3: Download and Install CSF

Next, download the latest CSF package and install it.

First, go to the /usr/src directory:

cd /usr/src

Download CSF:

sudo wget https://download.configserver.com/csf.tgz

Unzip the downloaded file:

sudo tar -xzf csf.tgz
cd csf

Run the installation script:

sudo sh install.sh

After the installation finishes, CSF is ready to use on your server.

Setting Up CSF for the Best Security

Now that CSF is installed, you need to configure it to protect your server properly.

Step 1: Edit CSF Configuration

The main settings for CSF are in the file /etc/csf/csf.conf. Open this file with a text editor:

sudo nano /etc/csf/csf.conf

Here are some important settings to change:

  • TESTING: Change this to 0 to turn on CSF.
    TESTING = "0"
    
  • TCP_IN and TCP_OUT: These list the ports that are allowed for incoming and outgoing traffic.
    TCP_IN = "22,80,443"
    TCP_OUT = "20,21,22,25,53,80,443,587,993"
    
  • UDP_IN and UDP_OUT: These list the UDP ports that are allowed.
    UDP_IN = "53"
    UDP_OUT = "53"
    
  • ALLOW_IP_LIST: Add any trusted IP addresses here that you don’t want the firewall to block.
    ALLOW_IP_LIST = "1.2.3.4,5.6.7.8"
    

After making these changes, press CTRL + X, then Y, and hit Enter to save and exit.

Step 2: Set Up Firewall Rules

CSF uses iptables to manage firewall rules. Here’s how to set up some common rules:

  • Allow SSH Access: Make sure port 22 is in the TCP_IN list to allow SSH connections.
  • Allow Web Traffic: Ports 80 (HTTP) and 443 (HTTPS) should be open for web traffic.
  • Block Unused Ports: Remove any ports you don’t need from the TCP_IN and UDP_IN lists to keep your server secure.
See also  Step-by-step Guide To Releasing A Full Stack Web Application

Step 3: Turn On CSF

Finally, enable and start CSF with these commands:

sudo csf -e
sudo systemctl start csf
sudo systemctl enable csf
  • csf -e: Turns on CSF.
  • systemctl start csf: Starts the CSF service.
  • systemctl enable csf: Makes sure CSF starts every time the server boots up.

Connecting CSF with CyberPanel

Now, link CSF with CyberPanel to enhance your server’s security directly from the CyberPanel interface.

Step 1: Log In to CyberPanel

  1. Open your web browser and go to https://your-server-ip:8090.
  2. Enter your admin username and password.
  3. Click Login to get into the dashboard.

Step 2: Set Up Firewall in CyberPanel

  1. In the CyberPanel dashboard, look for Security in the left menu.
  2. Click on Firewall.
  3. Make sure that CSF is listed and connected.
  4. Adjust any settings as needed to fit your server’s security needs.

CyberPanel makes it easy to manage CSF settings with its user-friendly interface, so you can update firewall rules and keep an eye on security without much hassle.

Check If CSF Is Working Right

After setting everything up, it’s important to make sure CSF is working correctly.

Step 1: Check CSF Status

To see if CSF is active, type:

sudo csf -s

If CSF is running, you’ll see a message saying it’s active.

Step 2: Make Sure Firewall Rules Are Correct

  1. List the current firewall rules with:
    sudo iptables -L -n
    
  2. Check that the rules match what you set in csf.conf.
  3. Try accessing your server’s services (like SSH or your website) from another device to make sure everything works.

Fixing Common Problems

Sometimes, things might not go as planned. Here are some common issues and how to fix them.

Problem 1: CSF Won’t Start

Issue: CSF doesn’t start or keeps stopping.

Solution:

  1. Check for mistakes in the configuration:
    sudo csf -n
    

    This command looks for errors in the config file.

  2. Look at the logs for more details:
    sudo tail -f /var/log/lfd.log
    

    Fix any errors or conflicting rules you find.

  3. Make sure all needed programs are installed.

Problem 2: Can’t Access Server After Turning On CSF

Issue: You can’t connect to your server via SSH or access your website after enabling CSF.

Solution:

  1. Double-check that the necessary ports are open in csf.conf.
  2. Make sure your IP address isn’t blocked:
    sudo csf -g your-ip-address
    
  3. If your IP is blocked, add it to the allow list:
    sudo csf -a your-ip-address "Your Description Here"
    
  4. Restart CSF to apply the changes:
    sudo csf -r
    

Tips for Keeping CSF and CyberPanel Secure

To keep your server safe, follow these simple tips.

Tip 1: Keep Everything Updated

Regularly update your server, CyberPanel, and CSF to get the latest security fixes and features.

sudo apt update && sudo apt upgrade -y
sudo csf -u

Tip 2: Watch Logs and Alerts

Keep an eye on your CSF and CyberPanel logs to spot any unusual activities early.

sudo tail -f /var/log/lfd.log

Set up email alerts in CSF to get notified about important security events.

Tip 3: Use Strong Passwords

Use strong, unique passwords for all accounts, especially for CyberPanel and SSH access.

  • Combine uppercase and lowercase letters, numbers, and special characters.
  • Change passwords regularly.
  • Use SSH key-based authentication for extra security.

Frequently Asked Questions (FAQ)

Does CSF support IPv6?

Yes, CSF supports IPv6. Make sure to set up IPv6 correctly in the csf.conf file.

Is CSF compatible with all versions of CyberPanel?

Yes, CSF works with all recent versions of CyberPanel, including those on Ubuntu 22.04.

Can CSF automatically block malicious IPs?

Yes, CSF can automatically block IP addresses that show bad behavior based on its rules and patterns.

Does enabling CSF slow down the server?

No, when set up correctly, CSF has little impact on your server’s speed while providing strong security.

Do I have to use the command line to set up CSF?

No, while the command line gives you more control, CyberPanel offers a graphical interface to manage CSF settings, making it easier for everyone.

Final Thoughts

Turning on CSF with CyberPanel on Ubuntu 22.04 makes your server much safer. By following this simple guide, you can install, set up, and keep CSF running smoothly, protecting your web hosting setup from many online threats. Remember to keep everything updated, watch for any unusual activities, and use strong passwords to maintain your server’s security. With these steps, your server will be a safe and reliable place for your websites and applications.

Author