# #
#   @app                ConfigServer Firewall & Security (CSF)
#                       Login Failure Daemon (LFD)
#   @website            https://configserver.dev
#   @docs               https://docs.configserver.dev
#   @download           https://download.configserver.dev
#   @repo               https://github.com/Aetherinox/csf-firewall
#   @copyright          Copyright (C) 2025-2026 Aetherinox
#                       Copyright (C) 2006-2025 Jonathan Michaelson
#                       Copyright (C) 2006-2025 Way to the Web Ltd.
#   @license            GPLv3
#   @updated            10.05.2025
#   
#   This program is free software; you can redistribute it and/or modify
#   it under the terms of the GNU General Public License as published by
#   the Free Software Foundation; either version 3 of the License, or (at
#   your option) any later version.
#   
#   This program is distributed in the hope that it will be useful, but
#   WITHOUT ANY WARRANTY; without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
#   General Public License for more details.
#   
#   You should have received a copy of the GNU General Public License
#   along with this program; if not, see <https://www.gnu.org/licenses>.
# #

Installation
============
Installation is quite straightforward:

cd /usr/src
rm -fv csf.tgz
wget https://download.configserver.dev/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

Next, test whether you have the required iptables modules:

perl /usr/local/csf/bin/csftest.pl

Don't worry if you cannot run all the features, so long as the script doesn't
report any FATAL errors

You should not run any other iptables firewall configuration script. For
example, if you previously used APF+BFD you can remove the combination (which
you will need to do if you have them installed otherwise they will conflict):

sh /usr/local/csf/bin/remove_apf_bfd.sh

That's it. You can then configure csf and lfd by reading the documentation and
configuration files in /etc/csf/csf.conf and /etc/csf/readme.txt directly or
through the csf User Interface.

csf installation for cPanel and DirectAdmin is preconfigured to work on those
servers with all the standard ports open.

csf auto-configures your SSH port on installation where it's running on a non-
standard port.

csf auto-whitelists your connected IP address where possible on installation.

You should ensure that kernel logging daemon (klogd) is enabled. Typically, VPS
servers running RedHat/CentOS v5 have this disabled and you should check
/etc/init.d/syslog and make sure that any klogd lines are not commented out. If
you change the file, remember to restart syslog.

See the csf.conf and readme.txt files for more information.

Perl Modules
============

While most should be installed on a standard perl installation the following
may need to be installed manually:

# On rpm based systems:
yum install perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch perl-GDGraph perl-Math-BigInt.noarch

# On APT based systems:
apt-get install libwww-perl liblwp-protocol-https-perl libgd-graph-perl

# Via cpan:
perl -MCPAN -eshell
cpan> install LWP LWP::Protocol::https GD::Graph



InterWorx
=========

1. Enable csf in InterWorx > NodeWorx > Plugins > csf

2. See the InterWorx section in /etc/csf/readme.txt


Webmin Module Installation/Upgrade
==================================

To install or upgrade the csf webmin module:

Install csf as above
Install the csf webmin module in:
  Webmin > Webmin Configuration > Webmin Modules >
  From local file > /usr/local/csf/csfwebmin.tgz > Install Module


Uninstallation
==============
Removing csf and lfd is even more simple:

cd /etc/csf
sh uninstall.sh
