{"id":18017,"date":"2024-12-24T11:37:47","date_gmt":"2024-12-24T10:37:47","guid":{"rendered":"https:\/\/xlogic.org\/blog\/?p=18017"},"modified":"2024-12-24T11:37:47","modified_gmt":"2024-12-24T10:37:47","slug":"csf-firewall-installazione","status":"publish","type":"post","link":"https:\/\/xlogic.org\/blog\/csf-firewall-installazione.html\/","title":{"rendered":"CSF Firewall Installazione"},"content":{"rendered":"<p>Per installare e configurare CSF (ConfigServer Security &amp; Firewall) su un server Linux (ad esempio, CentOS, RHEL, Ubuntu, Debian), segui questi passaggi. CSF \u00e8 uno dei firewall pi\u00f9 popolari per server, spesso utilizzato con cPanel, ma pu\u00f2 essere utilizzato anche su server senza cPanel.<\/p>\n<h3>1. <strong>Aggiornare il sistema<\/strong><\/h3>\n<p>Prima di iniziare, \u00e8 una buona pratica aggiornare il sistema operativo. Esegui il comando appropriato per la tua distribuzione.<\/p>\n<ul>\n<li><strong>CentOS\/RHEL:<\/strong>\n<div class=\"contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary dark:bg-gray-950\">\n<div class=\"sticky top-9 md:top-[5.75rem]\">\n<div class=\"absolute bottom-0 right-2 flex h-9 items-center\">\n<div class=\"flex items-center rounded bg-token-sidebar-surface-primary px-2 font-sans text-xs text-token-text-secondary dark:bg-token-main-surface-secondary\"><span class=\"\" data-state=\"closed\"><button class=\"flex gap-1 items-center select-none py-1\" aria-label=\"Copia\">Copia codice<\/button><\/span><\/div>\n<\/div>\n<\/div>\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-bash\">sudo yum update -y<br \/>\n<\/code><\/div>\n<\/div>\n<\/li>\n<li><strong>Ubuntu\/Debian:<\/strong>\n<div class=\"contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary dark:bg-gray-950\">\n<div class=\"sticky top-9 md:top-[5.75rem]\">\n<div class=\"absolute bottom-0 right-2 flex h-9 items-center\">\n<div class=\"flex items-center rounded bg-token-sidebar-surface-primary px-2 font-sans text-xs text-token-text-secondary dark:bg-token-main-surface-secondary\"><span class=\"\" data-state=\"closed\"><button class=\"flex gap-1 items-center select-none py-1\" aria-label=\"Copia\">Copia codice<\/button><\/span><\/div>\n<\/div>\n<\/div>\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-bash\">sudo apt update &amp;&amp; sudo apt upgrade -y<br \/>\n<\/code><\/div>\n<\/div>\n<\/li>\n<\/ul>\n<h3>2. <strong>Installare le dipendenze<\/strong><\/h3>\n<p>CSF richiede alcune dipendenze, come <code>perl<\/code>, <code>iptables<\/code>, ecc. Installale con i comandi seguenti:<\/p>\n<ul>\n<li><strong>CentOS\/RHEL:<\/strong>\n<div class=\"contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary dark:bg-gray-950\">\n<div class=\"sticky top-9 md:top-[5.75rem]\">\n<div class=\"absolute bottom-0 right-2 flex h-9 items-center\">\n<div class=\"flex items-center rounded bg-token-sidebar-surface-primary px-2 font-sans text-xs text-token-text-secondary dark:bg-token-main-surface-secondary\"><span class=\"\" data-state=\"closed\"><button class=\"flex gap-1 items-center select-none py-1\" aria-label=\"Copia\">Copia codice<\/button><\/span><\/div>\n<\/div>\n<\/div>\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-bash\">sudo yum install perl iptables -y<br \/>\n<\/code><\/div>\n<\/div>\n<\/li>\n<li><strong>Ubuntu\/Debian:<\/strong>\n<div class=\"contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary dark:bg-gray-950\">\n<div class=\"sticky top-9 md:top-[5.75rem]\">\n<div class=\"absolute bottom-0 right-2 flex h-9 items-center\">\n<div class=\"flex items-center rounded bg-token-sidebar-surface-primary px-2 font-sans text-xs text-token-text-secondary dark:bg-token-main-surface-secondary\"><span class=\"\" data-state=\"closed\"><button class=\"flex gap-1 items-center select-none py-1\" aria-label=\"Copia\">Copia codice<\/button><\/span><\/div>\n<\/div>\n<\/div>\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-bash\">sudo apt install perl iptables -y<br \/>\n<\/code><\/div>\n<\/div>\n<\/li>\n<\/ul>\n<h3>3. <strong>Scaricare CSF<\/strong><\/h3>\n<p>Scarica l&#8217;ultima versione di CSF dal repository ufficiale di ConfigServer:<\/p>\n<div class=\"contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary dark:bg-gray-950\">\n<div class=\"sticky top-9 md:top-[5.75rem]\">\n<div class=\"absolute bottom-0 right-2 flex h-9 items-center\">\n<div class=\"flex items-center rounded bg-token-sidebar-surface-primary px-2 font-sans text-xs text-token-text-secondary dark:bg-token-main-surface-secondary\"><span class=\"\" data-state=\"closed\"><button class=\"flex gap-1 items-center select-none py-1\" aria-label=\"Copia\">Copia codice<\/button><\/span><\/div>\n<\/div>\n<\/div>\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-bash\"><span class=\"hljs-built_in\">cd<\/span> \/usr\/src<br \/>\nsudo wget https:\/\/download.configserver.com\/csf.tgz<br \/>\n<\/code><\/div>\n<\/div>\n<h3>4. <strong>Estrarre l&#8217;archivio<\/strong><\/h3>\n<p>Una volta che il pacchetto \u00e8 stato scaricato, estrai il file:<\/p>\n<div class=\"contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary dark:bg-gray-950\">\n<div class=\"sticky top-9 md:top-[5.75rem]\">\n<div class=\"absolute bottom-0 right-2 flex h-9 items-center\">\n<div class=\"flex items-center rounded bg-token-sidebar-surface-primary px-2 font-sans text-xs text-token-text-secondary dark:bg-token-main-surface-secondary\"><span class=\"\" data-state=\"closed\"><button class=\"flex gap-1 items-center select-none py-1\" aria-label=\"Copia\">Copia codice<\/button><\/span><\/div>\n<\/div>\n<\/div>\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-bash\">sudo tar -xvzf csf.tgz<br \/>\n<\/code><\/div>\n<\/div>\n<h3>5. <strong>Installare CSF<\/strong><\/h3>\n<p>Entra nella directory di CSF estratta e installa il firewall:<\/p>\n<div class=\"contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary dark:bg-gray-950\">\n<div class=\"flex items-center text-token-text-secondary px-4 py-2 text-xs font-sans justify-between rounded-t-md h-9 bg-token-sidebar-surface-primary dark:bg-token-main-surface-secondary select-none\">bash<\/div>\n<div class=\"sticky top-9 md:top-[5.75rem]\">\n<div class=\"absolute bottom-0 right-2 flex h-9 items-center\">\n<div class=\"flex items-center rounded bg-token-sidebar-surface-primary px-2 font-sans text-xs text-token-text-secondary dark:bg-token-main-surface-secondary\"><span class=\"\" data-state=\"closed\"><button class=\"flex gap-1 items-center select-none py-1\" aria-label=\"Copia\">Copia codice<\/button><\/span><\/div>\n<\/div>\n<\/div>\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-bash\"><span class=\"hljs-built_in\">cd<\/span> csf<br \/>\nsudo sh install.sh<br \/>\n<\/code><\/div>\n<\/div>\n<h3>6. <strong>Verificare l&#8217;installazione<\/strong><\/h3>\n<p>Verifica che CSF sia stato installato correttamente eseguendo il seguente comando:<\/p>\n<div class=\"contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary dark:bg-gray-950\">\n<div class=\"sticky top-9 md:top-[5.75rem]\">\n<div class=\"absolute bottom-0 right-2 flex h-9 items-center\">\n<div class=\"flex items-center rounded bg-token-sidebar-surface-primary px-2 font-sans text-xs text-token-text-secondary dark:bg-token-main-surface-secondary\"><span class=\"\" data-state=\"closed\"><button class=\"flex gap-1 items-center select-none py-1\" aria-label=\"Copia\">Copia codice<\/button><\/span><\/div>\n<\/div>\n<\/div>\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-bash\">sudo csf -v<br \/>\n<\/code><\/div>\n<\/div>\n<p>Questo comando mostrer\u00e0 la versione di CSF installata.<\/p>\n<h3>7. <strong>Abilitare CSF e LFD<\/strong><\/h3>\n<p>CSF (ConfigServer Firewall) \u00e8 configurato tramite un file di configurazione situato in <code>\/etc\/csf\/csf.conf<\/code>. LFD (Login Failure Daemon) \u00e8 un componente che blocca gli accessi di login falliti (utile per proteggere da brute-force).<\/p>\n<p>Per abilitare CSF e LFD, modifica il file di configurazione di CSF:<\/p>\n<div class=\"contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary dark:bg-gray-950\">\n<div class=\"sticky top-9 md:top-[5.75rem]\">\n<div class=\"absolute bottom-0 right-2 flex h-9 items-center\">\n<div class=\"flex items-center rounded bg-token-sidebar-surface-primary px-2 font-sans text-xs text-token-text-secondary dark:bg-token-main-surface-secondary\"><span class=\"\" data-state=\"closed\"><button class=\"flex gap-1 items-center select-none py-1\" aria-label=\"Copia\">Copia codice<\/button><\/span><\/div>\n<\/div>\n<\/div>\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-bash\">sudo nano \/etc\/csf\/csf.conf<br \/>\n<\/code><\/div>\n<\/div>\n<p>Trova le seguenti linee:<\/p>\n<ul>\n<li><strong>TESTING = &#8220;1&#8221;<\/strong> (cambia in <code>0<\/code> per abilitare il firewall)<\/li>\n<li><strong>LF_ALERT_TO = &#8220;<a rel=\"noopener\">email@example.com<\/a>&#8220;<\/strong> (imposta il tuo indirizzo email per ricevere notifiche)<\/li>\n<\/ul>\n<p>Cambia il valore di <code>TESTING<\/code> da <code>1<\/code> a <code>0<\/code> per attivare il firewall:<\/p>\n<div class=\"contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary dark:bg-gray-950\">\n<div class=\"flex items-center text-token-text-secondary px-4 py-2 text-xs font-sans justify-between rounded-t-md h-9 bg-token-sidebar-surface-primary dark:bg-token-main-surface-secondary select-none\">bash<\/div>\n<div class=\"sticky top-9 md:top-[5.75rem]\">\n<div class=\"absolute bottom-0 right-2 flex h-9 items-center\">\n<div class=\"flex items-center rounded bg-token-sidebar-surface-primary px-2 font-sans text-xs text-token-text-secondary dark:bg-token-main-surface-secondary\"><span class=\"\" data-state=\"closed\"><button class=\"flex gap-1 items-center select-none py-1\" aria-label=\"Copia\">Copia codice<\/button><\/span><\/div>\n<\/div>\n<\/div>\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-bash\">TESTING = <span class=\"hljs-string\">\"0\"<\/span><br \/>\n<\/code><\/div>\n<\/div>\n<p>Salva e chiudi il file.<\/p>\n<h3>8. <strong>Riavviare il firewall<\/strong><\/h3>\n<p>Per applicare la configurazione, riavvia il firewall:<\/p>\n<div class=\"contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary dark:bg-gray-950\">\n<div class=\"sticky top-9 md:top-[5.75rem]\">\n<div class=\"absolute bottom-0 right-2 flex h-9 items-center\">\n<div class=\"flex items-center rounded bg-token-sidebar-surface-primary px-2 font-sans text-xs text-token-text-secondary dark:bg-token-main-surface-secondary\"><span class=\"\" data-state=\"closed\"><button class=\"flex gap-1 items-center select-none py-1\" aria-label=\"Copia\">Copia codice<\/button><\/span><\/div>\n<\/div>\n<\/div>\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-bash\">sudo csf -r<br \/>\n<\/code><\/div>\n<\/div>\n<h3>9. <strong>Controllare lo stato di CSF<\/strong><\/h3>\n<p>Per verificare se CSF \u00e8 attivo e in esecuzione:<\/p>\n<div class=\"contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary dark:bg-gray-950\">\n<div class=\"sticky top-9 md:top-[5.75rem]\">\n<div class=\"absolute bottom-0 right-2 flex h-9 items-center\">\n<div class=\"flex items-center rounded bg-token-sidebar-surface-primary px-2 font-sans text-xs text-token-text-secondary dark:bg-token-main-surface-secondary\"><span class=\"\" data-state=\"closed\"><button class=\"flex gap-1 items-center select-none py-1\" aria-label=\"Copia\">Copia codice<\/button><\/span><\/div>\n<\/div>\n<\/div>\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-bash\">sudo csf -l<br \/>\n<\/code><\/div>\n<\/div>\n<h3>10. <strong>Configurazioni aggiuntive<\/strong><\/h3>\n<ul>\n<li><strong>Apertura di porte specifiche:<\/strong> Se hai bisogno di aprire alcune porte, puoi farlo modificando il file di configurazione di CSF ( <code>\/etc\/csf\/csf.conf<\/code>) e aggiungendo le porte desiderate nelle variabili <code>TCP_IN<\/code> e <code>TCP_OUT<\/code>.<\/li>\n<li><strong>Sbloccare un IP:<\/strong> Se un IP \u00e8 stato erroneamente bloccato, puoi sbloccarlo con il comando:\n<div class=\"contain-inline-size rounded-md border-[0.5px] border-token-border-medium relative bg-token-sidebar-surface-primary dark:bg-gray-950\">\n<div class=\"sticky top-9 md:top-[5.75rem]\">\n<div class=\"absolute bottom-0 right-2 flex h-9 items-center\">\n<div class=\"flex items-center rounded bg-token-sidebar-surface-primary px-2 font-sans text-xs text-token-text-secondary dark:bg-token-main-surface-secondary\"><span class=\"\" data-state=\"closed\"><button class=\"flex gap-1 items-center select-none py-1\" aria-label=\"Copia\">Copia codice<\/button><\/span><\/div>\n<\/div>\n<\/div>\n<div class=\"overflow-y-auto p-4\" dir=\"ltr\"><code class=\"!whitespace-pre hljs language-bash\">sudo csf -dr &lt;indirizzo_ip&gt;<br \/>\n<\/code><\/div>\n<\/div>\n<\/li>\n<li><strong>Controllare il log di CSF:<\/strong> I log di CSF si trovano in <code>\/var\/log\/lfd.log<\/code> per i dettagli degli eventi di sicurezza.<\/li>\n<\/ul>\n<h3>11. <strong>Accedere all&#8217;interfaccia Web di CSF (opzionale)<\/strong><\/h3>\n<p>Se hai cPanel\/WHM, puoi accedere a CSF tramite l&#8217;interfaccia web:<\/p>\n<ol>\n<li>Accedi a <strong>WHM<\/strong>.<\/li>\n<li>Vai a <strong>Plugins<\/strong> e clicca su <strong>ConfigServer Security &amp; Firewall<\/strong>.<\/li>\n<\/ol>\n<h3>12. <strong>Abilitare LFD per il monitoraggio degli accessi<\/strong><\/h3>\n<p>LFD, che fa parte di CSF, \u00e8 un sistema di monitoraggio per i tentativi di login falliti. Verifica che sia abilitato in modo che possa monitorare e bloccare gli attacchi di brute force.<\/p>\n<p>A questo punto, CSF \u00e8 installato e pronto per l&#8217;uso. Puoi configurarlo ulteriormente per personalizzare la protezione in base alle tue esigenze.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Per installare e configurare CSF (ConfigServer Security &amp; Firewall) su un server Linux (ad esempio, CentOS, RHEL, Ubuntu, Debian), segui questi passaggi. CSF \u00e8 uno dei firewall pi\u00f9 popolari per server, spesso utilizzato con cPanel, ma pu\u00f2 essere utilizzato anche su server senza cPanel. 1. Aggiornare il sistema Prima di iniziare, \u00e8 una buona pratica [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_lmt_disableupdate":"no","_lmt_disable":"","footnotes":""},"categories":[5],"tags":[],"class_list":["post-18017","post","type-post","status-publish","format-standard","hentry","category-news"],"modified_by":"Andrea (Xlogic.org)","_links":{"self":[{"href":"https:\/\/xlogic.org\/blog\/wp-json\/wp\/v2\/posts\/18017","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/xlogic.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xlogic.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xlogic.org\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/xlogic.org\/blog\/wp-json\/wp\/v2\/comments?post=18017"}],"version-history":[{"count":0,"href":"https:\/\/xlogic.org\/blog\/wp-json\/wp\/v2\/posts\/18017\/revisions"}],"wp:attachment":[{"href":"https:\/\/xlogic.org\/blog\/wp-json\/wp\/v2\/media?parent=18017"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xlogic.org\/blog\/wp-json\/wp\/v2\/categories?post=18017"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xlogic.org\/blog\/wp-json\/wp\/v2\/tags?post=18017"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}