Last active
February 28, 2020 15:50
-
-
Save mrqaidi/5ea39bf036a33cd3ecd82d138d3c0187 to your computer and use it in GitHub Desktop.
CSF installer for centos
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /bin/bash | |
# Coded By Ayman Qaidi mrqaidi@gmail.com | |
# run chmod 755 csf-installer.sh and then ./csf-installer.sh | |
install_csf(){ | |
read -p "Install and configure CSF? (y/n) " CSF | |
if [ "$CSF" = "y" ] || [ "$CSF" = "s" ]; then | |
wget https://download.configserver.com/csf.tgz 2> /dev/null | |
# Checks if you've downloaded the package correctly | |
[ "$?" != 0 ] && echo -e "Download problem." && return 1 | |
# Extract the package | |
tar -xzf csf.tgz | |
# Run the official installation script | |
cd csf ; sh install.sh | |
# Testing iptables modules | |
perl /etc/csf/csftest.pl | |
# Disable test mode | |
sed -i 's/^TESTING .*/TESTING = "0"/' /etc/csf/csf.conf | |
# Define incoming ports that will be accepted (TCP) | |
sed -i 's/^TCP_IN .*/TCP_IN = "25,80,443,465,587,993,995,2297,9200,9300,10050,10051,2082,2083,2087"/' /etc/csf/csf.conf | |
# Define output ports to be accepted (TCP) | |
sed -i 's/^TCP_OUT .*/TCP_OUT = "21,22,25,80,443,465,587,993,995,2297,9200,9300,10050,10051"/' /etc/csf/csf.conf | |
# Set incoming ports to be accepted (UDP) | |
sed -i 's/^UDP_IN .*/UDP_IN = "53"/' /etc/csf/csf.conf | |
# Set output ports to be accepted (UDP) | |
sed -i 's/^UDP_OUT .*/UDP_OUT = "53"/' /etc/csf/csf.conf | |
# Protect against SYN Flood attacks | |
sed -i 's/^SYNFLOOD .*/SYNFLOOD = "1"/' /etc/csf/csf.conf | |
# Enable monitoring when there are more than 100 connections per second | |
sed -i 's/^SYNFLOOD_RATE .*/SYNFLOOD_RATE = "100\/s"/' /etc/csf/csf.conf | |
# Block IP when it reaches more than 150 connections per second | |
sed -i 's/^SYNFLOOD_BURST .*/SYNFLOOD_BURST = "150"/' /etc/csf/csf.conf | |
# Clear accepted IPs, if available | |
sed -n -i '/^#/p' /etc/csf/csf.allow | |
# Enable to upgrade with csf -u | |
sed -i 's/^URLGET .*/URLGET = "1"/' /etc/csf/csf.conf | |
# Reload to have the changes take effect | |
csf -r | |
# Show current version | |
csf -v | |
# Final message | |
echo -e "Installation completed." | |
fi | |
} | |
install_csf |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment