How to Install CSF On DirectAdmin Servers
As standard DirectAdmin does not include a firewall. This leaves your DirectAdmin server wide open to several attacks like BruteForce attacks and Port Sniffing. Although DirectAdmin includes a Brute Force Attack monitor it does not block IPs automatically. This means a malicious user could have an unlimited number of attempts to crack the passwords on services like FTP, Exim, and DirectAdmin. Here we detail how to install CSF on DirectAdmin servers.
There are several Firewall options available to deploy to DirectAdmin but probably the most popular choice is CSF. CSF gives the admin user a graphical user interface to manage the firewall and it will also block users that attempt to brute-force passwords. Here we are going to manually install CSF to a DirectAdmin server. There is an automatic way to deploy CSF to DirectAdmin servers and users who want to use the automated way should follow the first part of this guide. For more advanced users with more configuration options follow the manual CSF install process.
Install Of CSF DirectAdmin
wget http://files.directadmin.com/services/all/csf/csf_install.sh
/bin/sh ./csf_install.sh
Manual Install Of CSF DirectAdmin
First, grab the latest CSF install from the CSF website, unpack and install it.
cd /usr/local/src
wget https://download.configserver.com/csf.tgz
tar -zxvf csf.tgz
cd ./csf
Now, test that CSF will work on your server.
./csftest.pl
DirectAdmin On OpenVZ/Virtuozzo hosts
If you get fatal errors and you are on an OpenVZ/Virtuozzo NVMe VPS Server then you will likely need to install some modules. The best way to fix this is to enable it. The best way is to enable stateful on the container. First, stop the container. You need access to the host node to enable this module. If you do not run the node contact your provider.
vzctl stop CTID
Then enable stateful
prlctl set CTID --netfilter stateful
Then start the container again, enter the container and run the CSF test. This time it should pass.
vzctl start CTID
vzctl enter CTID
./csftest.pl
Assuming the test passed now install CSF to DirectAdmin
./install.directadmin.sh