Start your VPS now with FREE $100 credit.
ConfigServer Security & Firewall (CSF) is one of the most advanced firewalls available for Linux servers. It can be easily installed on almost all Linux-based operating systems, including RedHat Enterprise Linux (RHEL), CentOS, CloudLinux, Debian, Ubuntu, Fedora, and OpenSUSE.
In addition, almost all types of virtual private servers are also compatible with CSF Firewall like KVM (Kernel-based Virtual Machine), Xen, OpenVZ, Virtuozzo, VMware, VirtualBox, and Microsoft Virtual Server.
It provides a more complete user interface and comprehensive features compared to other Linux firewall software.
CSF also offers user interface integration for several leading web hosting control panels including cPanel-WHM, Webmin, DirectAdmin, and VestaCP.
So if you’re not familiar with nano / vim editor, you can configure CSF + LFD via its user interface (UI). As a Stateful Packet Inspection (SPI) firewall, CSF has included a Login/Intrusion Detection system for Linux servers.
Although it’s quite easy to install ConfigServer Security & Firewall (CSF) on almost all Linux servers, you might get some common problems after installing CSF on your server.
Common Errors After Installing CSF Firewall
Here are 8 common errors that I got after installing CSF Firewall on my Linux server. In this tutorial I will show you how to solve these 8 common errors in CSF. Don’t worry, to fix this problem is very easy…!
1. *WARNING* Binary location for [CHATTR] [/usr/bin/chattr] in /etc/csf/csf.conf is either incorrect, is not installed or is not executable
To solve this problem, we need to install the E2fsprogs (Ext2 Filesystem Utilities) package. Run the following command to install the E2fsprogs package.
For Debian/Ubuntu Server:
$ apt-get install e2fsprogsFor RHEL/CentOS Server:
$ yum install e2fsprogs2. Oops Unable to download Protocol scheme ‘https’ is not supported (IOSocketSSL not installed)
This error is most often found when we fail to update CSF Firewall on RHEL/CentOS. To fix this problem, please run the following command to install the required packages.
$ yum install perl-Crypt-SSLeay perl-Net-SSLeayAnd then try again to update your CSF.
$ csf -u3. Oops Unable to download Protocol scheme ‘https’ is not supported (LWPProtocolhttps not installed)
To resolve this issue, you need to install the LWP::Protocol::https module on your server. Simply run the following command to install the required packages.
For RHEL/CentOS Server:
$ yum install perl-LWP-Protocol-httpsFor Debian/Ubuntu Server:
$ apt-get install perl-LWP-Protocol-https4. Testing ip_tablesiptable_filter…open3 exec of sbiniptables -I OUTPUT -p tcp –dport 9999 -j ACCEPT failed at usrlocalcsfbincsftest.pl line 144.
This error is caused because you don’t have iptables installed correctly on your server. So let’s install iptables to solve this issue.
For Debian/Ubuntu Server:
$ apt-get install iptablesFor RHEL/CentOS Server:
$ yum install iptables5. *WARNING* Binary location for [SENDMAIL] [/usr/sbin/sendmail] in /etc/csf/csf.conf is either incorrect, is not installed or is not executable
*WARNING* Missing or incorrect binary locations will break csf and lfd functionality
This error message is most often found after the CSF Firewall installation process has finished. That’s closely related to the SENDMAIL problem. So to solve this issue, simply run the following command:
$ echo '#!/bin/sh' > /usr/sbin/sendmail
$ chmod +x /usr/sbin/sendmail6. *WARNING* Binary location for [UNZIP] [usrbinunzip] in etccsfcsf.conf is either incorrect, is not installed or is not executable
Looking at the error message above, it’s clearly related to the ZIP and UNZIP utility packages that are not yet installed on your Linux server. So to solve this problem quite easily, you just need to install the ZIP and UNZIP command-line utility on your Linux server.
For Debian/Ubuntu Server:
$ apt-get install zip unzipFor RHEL/CentOS Server:
$ yum install zip unzip7. *WARNING* URLGET set to use LWP but perl module is not installed, reverting to HTTP::Tiny
This problem is very similar to the error message No. 3 above. But this problem indicates that we don’t have the Perl module installed correctly on the server. Well, the solution is very easy, just run the following command to install the Perl module on your Linux server.
For Debian/Ubuntu Server:
$ apt-get install libwww-perl
$ apt-get install perl-LWP-Protocol-httpsFor RHEL/CentOS Server:
$ yum install perl-libwww-perl
$ yum install perl-LWP-Protocol-https8. *WARNING* Binary location for [HOST] [usrbinhost] in etccsfcsf.conf is either incorrect, is not installed or is not executable
This last CSF error message clearly tells us that we have not installed BIND Utilities. So to solve this error, simply run the following command to install BIND Utilities on your server.
For Debian/Ubuntu Server:
$ apt-get install dnsutilsFor RHEL/CentOS Server:
$ yum install bind-utils
We are a bunch of people who are still continue to learn Linux servers. Only high passion keeps pushing us to learn everything.