Admin
SVIP Member
Verified
- Puanlar
- 6014
- Başarılar
- 8
- New
- #1
7. CSF FIREWALL KURULUMU
7.1. CSF Kurulumu
# CSF indir cd /usr/src wget https://download.configserver.com/csf.tgz tar -xzf csf.tgz cd csf # Kurulum sh install.sh # Perl modülleri kontrol et perl /usr/local/csf/bin/csftest.pl
7.2. CSF Yapılandırması
Dosya Konumu: /etc/csf/csf.conf
# ===================================================== # CSF FIREWALL - ENTERPRISE KONFİGÜRASYONU # VDS Sunucu için Gelişmiş Koruma # ===================================================== # ----------------------------------------------------- # TEMEL AYARLAR # ----------------------------------------------------- TESTING = "0" RESTRICT_SYSLOG = "3" # ----------------------------------------------------- # İZİN VERİLEN GİRİŞ PORTLARI # ----------------------------------------------------- TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,8443,8447" TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,465,873,993,995,2082,2083,2087,2089,2703" UDP_IN = "20,21,53,80,443" UDP_OUT = "20,21,53,113,123,873,6277" # ----------------------------------------------------- # ICMP (PING) AYARLARI # ----------------------------------------------------- ICMP_IN = "1" ICMP_IN_LIMIT = "10/s" # ----------------------------------------------------- # BAĞLANTI LİMİTLERİ (DDoS Koruması) # ----------------------------------------------------- CT_LIMIT = "300" CT_INTERVAL = "30" CT_EMAIL_ALERT = "1" # ----------------------------------------------------- # PORT FLOOD AYARLARI # ----------------------------------------------------- PORTFLOOD = "80;tcp;200;5,443;tcp;200;5,22;tcp;10;60,21;tcp;10;60" # ----------------------------------------------------- # BAĞLANTI ZAMAN AŞIMI # ----------------------------------------------------- CONNLIMIT = "22;10,21;10,80;100,443;100" # ----------------------------------------------------- # ÜLKE BAZLI ENGELLEME (isteğe bağlı) # ----------------------------------------------------- CC_DENY = "RU,CN,UA,BY,IR,KP,SY,AF,IQ,LY,SO,SS,YE,ZW" CC_ALLOW_FILTER = "1" CC_IGNORE_TRUSTED = "1" # ----------------------------------------------------- # SYN FLOOD KORUMASI # ----------------------------------------------------- SYNFLOOD = "1" SYNFLOOD_RATE = "100/s" SYNFLOOD_BURST = "150" # ----------------------------------------------------- # BRUTE FORCE KORUMASI # ----------------------------------------------------- LF_SSHD = "5" LF_SSHD_PERM = "1" LF_SSHD_BLOCK_TIME = "3600" LF_FTPD = "5" LF_FTPD_PERM = "1" LF_FTPD_BLOCK_TIME = "3600" LF_SMTPAUTH = "5" LF_SMTPAUTH_PERM = "1" LF_SMTPAUTH_BLOCK_TIME = "3600" LF_POP3D = "5" LF_POP3D_PERM = "1" LF_POP3D_BLOCK_TIME = "3600" LF_IMAPD = "5" LF_IMAPD_PERM = "1" LF_IMAPD_BLOCK_TIME = "3600" # ----------------------------------------------------- # E-POSTA UYARILARI # ----------------------------------------------------- LF_ALERT_TO = "[email protected]" LF_ALERT_FROM = "[email protected]" LF_ALERT_INTERVAL = "3600" # ----------------------------------------------------- # TEMPORARY IP BLOCK SÜRESİ # ----------------------------------------------------- LF_BLOCK_TIME = "3600" LF_TRIGGER = "10" # ----------------------------------------------------- # MODSECURITY ENTEGRASYONU # ----------------------------------------------------- MODSEC_MODSEC = "1" MODSEC_LOG = "/var/log/modsec_audit.log" MODSEC_BLOCK = "1"
7.3. CSF'i Başlat ve Test Et
# CSF'i başlat systemctl enable csf systemctl start csf # LFD'yi başlat systemctl enable lfd systemctl start lfd # Test et csf -v csf -l # IP'ni beyaz listeye ekle (kendini kilitleme!) csf -a senin_ip_adresin
7.4. Plesk-CSF Entegrasyonu
# Plesk eklentisini yükle plesk bin extension --install-url https://ext.plesk.com/packages/5b33acf9-dd57-4748-9a94-d205aab46a98-csf/download # Veya manuel cd /usr/local/psa/admin/htdocs/resources/extensions/ wget https://ext.plesk.com/packages/5b33acf9-dd57-4748-9a94-d205aab46a98-csf/download -O csf.zip unzip csf.zip rm csf.zip
