Page 1 of 1

CSF on Centos 8

Posted: 26 Sep 2019, 15:10
by marcele
I'm happy to report that CSF works fine on Centos 8. I fired up a test Centos 8 VM and everything seems to work fine.

Code: Select all

# cat /etc/redhat-release 
CentOS Linux release 8.0.1905 (Core)

 # uname -a
Linux centos8.example.com 4.18.0-80.7.1.el8_0.x86_64 #1 SMP Sat Aug 3 15:14:00 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
The only issues I've run into:

When doing a minimal install of Centos 8 the csf installer fails as some perl packages are not included by default:

Errors

Code: Select all

Can't locate Net/SMTP.pm
Can't locate Math/BigInt.pm 
This can be easily solved:

Code: Select all

yum install perl-Net-SMTP-SSL perl-Math-BigInt
The only problem that I can see is that perl-GDGraph used to generate graphs is no longer available (not even in the EPEL repo either).

All tests pass:

Code: Select all

# /etc/csf/csftest.pl 
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK
CSF status:

Code: Select all

[root@centos8 log]# csf --status
iptables filter table
=====================
Chain INPUT (policy DROP 119K packets, 49M bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     tcp  --  !lo    *       8.8.4.4              0.0.0.0/0            tcp dpt:53
2        0     0 ACCEPT     udp  --  !lo    *       8.8.4.4              0.0.0.0/0            udp dpt:53
3        0     0 ACCEPT     tcp  --  !lo    *       8.8.4.4              0.0.0.0/0            tcp spt:53
4        0     0 ACCEPT     udp  --  !lo    *       8.8.4.4              0.0.0.0/0            udp spt:53
5        0     0 ACCEPT     tcp  --  !lo    *       8.8.8.8              0.0.0.0/0            tcp dpt:53
6        0     0 ACCEPT     udp  --  !lo    *       8.8.8.8              0.0.0.0/0            udp dpt:53
7        0     0 ACCEPT     tcp  --  !lo    *       8.8.8.8              0.0.0.0/0            tcp spt:53
8        0     0 ACCEPT     udp  --  !lo    *       8.8.8.8              0.0.0.0/0            udp spt:53
9       53  5893 LOCALINPUT  all  --  !lo    *       0.0.0.0/0            0.0.0.0/0           
10       0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
11      16   640 INVALID    tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0           
12       0     0 ACCEPT     icmp --  !lo    *       0.0.0.0/0            0.0.0.0/0            icmptype 8 limit: avg 1/sec burst 5
13       0     0 LOGDROPIN  icmp --  !lo    *       0.0.0.0/0            0.0.0.0/0            icmptype 8
14       0     0 ACCEPT     icmp --  !lo    *       0.0.0.0/0            0.0.0.0/0           
15      11   440 ACCEPT     all  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
16       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:20
17       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:21
18       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:22
19       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:25
20       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:53
21       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:80
22       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:110
23       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:143
24       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:443
25       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:465
26       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:587
27       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:993
28       0     0 ACCEPT     tcp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:995
29       0     0 ACCEPT     udp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW udp dpt:20
30       0     0 ACCEPT     udp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW udp dpt:21
31       0     0 ACCEPT     udp  --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW udp dpt:53
32       0     0 LOGDROPIN  all  --  !lo    *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy DROP 10875 packets, 1651K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 ACCEPT     tcp  --  *      !lo     0.0.0.0/0            8.8.4.4              tcp dpt:53
2        0     0 ACCEPT     udp  --  *      !lo     0.0.0.0/0            8.8.4.4              udp dpt:53
3        0     0 ACCEPT     tcp  --  *      !lo     0.0.0.0/0            8.8.4.4              tcp spt:53
4        0     0 ACCEPT     udp  --  *      !lo     0.0.0.0/0            8.8.4.4              udp spt:53
5        0     0 ACCEPT     tcp  --  *      !lo     0.0.0.0/0            8.8.8.8              tcp dpt:53
6        0     0 ACCEPT     udp  --  *      !lo     0.0.0.0/0            8.8.8.8              udp dpt:53
7        0     0 ACCEPT     tcp  --  *      !lo     0.0.0.0/0            8.8.8.8              tcp spt:53
8        0     0 ACCEPT     udp  --  *      !lo     0.0.0.0/0            8.8.8.8              udp spt:53
9       30  4768 LOCALOUTPUT  all  --  *      !lo     0.0.0.0/0            0.0.0.0/0           
10       0     0 ACCEPT     tcp  --  *      !lo     0.0.0.0/0            0.0.0.0/0            tcp dpt:53
11       0     0 ACCEPT     udp  --  *      !lo     0.0.0.0/0            0.0.0.0/0            udp dpt:53
12       0     0 ACCEPT     tcp  --  *      !lo     0.0.0.0/0            0.0.0.0/0            tcp spt:53
13       0     0 ACCEPT     udp  --  *      !lo     0.0.0.0/0            0.0.0.0/0            udp spt:53
14       0     0 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
15      30  5680 INVALID    tcp  --  *      !lo     0.0.0.0/0            0.0.0.0/0           
16       0     0 ACCEPT     icmp --  *      !lo     0.0.0.0/0            0.0.0.0/0           
17      19  3544 ACCEPT     all  --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
18       0     0 ACCEPT     tcp  --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:20
19       0     0 ACCEPT     tcp  --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:21
20       0     0 ACCEPT     tcp  --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:22
21       0     0 ACCEPT     tcp  --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:25
22       0     0 ACCEPT     tcp  --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:53
23       0     0 ACCEPT     tcp  --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:80
24       0     0 ACCEPT     tcp  --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:110
25       0     0 ACCEPT     tcp  --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:113
26       0     0 ACCEPT     tcp  --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:443
27       0     0 ACCEPT     tcp  --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:587
28       0     0 ACCEPT     tcp  --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:993
29       0     0 ACCEPT     tcp  --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:995
30       0     0 ACCEPT     udp  --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate NEW udp dpt:20
31       0     0 ACCEPT     udp  --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate NEW udp dpt:21
32       0     0 ACCEPT     udp  --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate NEW udp dpt:53
33       0     0 ACCEPT     udp  --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate NEW udp dpt:113
34       0     0 ACCEPT     udp  --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate NEW udp dpt:123
35       0     0 LOGDROPOUT  all  --  *      !lo     0.0.0.0/0            0.0.0.0/0           

Chain LOGDROPIN (2 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:23
2        0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:23
3        0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:67
4        0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:67
5        0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:68
6        0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:68
7        0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:111
8        0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:111
9        0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:113
10       0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:113
11       0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpts:135:139
12       0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpts:135:139
13       0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:445
14       0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:445
15       0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:500
16       0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:500
17       0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:513
18       0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:513
19       0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:520
20       0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:520
21       0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *TCP_IN Blocked* "
22       0     0 LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *UDP_IN Blocked* "
23       0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *ICMP_IN Blocked* "
24       0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain LOGDROPOUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *TCP_OUT Blocked* "
2        0     0 LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDP_OUT Blocked* "
3        0     0 LOG        icmp --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *ICMP_OUT Blocked* "
4        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain DENYIN (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain DENYOUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain ALLOWIN (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1       53  5893 ACCEPT     all  --  !lo    *       192.168.1.133        0.0.0.0/0           

Chain ALLOWOUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1       30  4768 ACCEPT     all  --  *      !lo     0.0.0.0/0            192.168.1.133       

Chain LOCALINPUT (1 references)
num   pkts bytes target     prot opt in     out    # Warning: iptables-legacy tables present, use iptables-legacy to see them
 source               destination         
1       53  5893 ALLOWIN    all  --  !lo    *       0.0.0.0/0            0.0.0.0/0           
2        0     0 DENYIN     all  --  !lo    *       0.0.0.0/0            0.0.0.0/0           

Chain LOCALOUTPUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1       30  4768 ALLOWOUT   all  --  *      !lo     0.0.0.0/0            0.0.0.0/0           
2        0     0 DENYOUT    all  --  *      !lo     0.0.0.0/0            0.0.0.0/0           

Chain INVDROP (10 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain INVALID (2 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 INVDROP    all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
2        0     0 INVDROP    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x00
3        0     0 INVDROP    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x3F
4        0     0 INVDROP    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x03/0x03
5        0     0 INVDROP    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x06
6        0     0 INVDROP    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x05/0x05
7        0     0 INVDROP    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x11/0x01
8        0     0 INVDROP    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x18/0x08
9        0     0 INVDROP    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x30/0x20
10       0     0 INVDROP    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:!0x17/0x02 ctstate NEW

Re: CSF on Centos 8

Posted: 26 Sep 2019, 15:20
by ForumAdmin
Thank you for reporting. We're currently working a few issues with CentOS v8, which we will resolve in time.

Re: CSF on Centos 8

Posted: 29 Sep 2019, 12:36
by marcele
Sounds good. Also note that I put in a request that perl-GDGraph be built in EPEL8 and the maintainer is working on it so it should show up soon :)

Re: CSF on Centos 8

Posted: 01 Oct 2019, 12:53
by searchcandy
I was just about to post a question asking about this!

I note iptables being replaced in RHEL 8, this will not have an impact?

> We're currently working a few issues with CentOS v8, which we will resolve in time.

Based on this, maybe we shouldn't go ahead straight away?

Re: CSF on Centos 8

Posted: 23 Mar 2020, 19:58
by cloud
searchcandy wrote: 01 Oct 2019, 12:53 I note iptables being replaced in RHEL 8, this will not have an impact?
Any updates on that?

Re: CSF on Centos 8

Posted: 12 May 2020, 15:50
by Arie
You can continue the install by: yum install perl-core. It will install about 100 modules.

Also instead if syslog / messages you have to use the command journalctl to view this type of log.

Re: CSF on Centos 8

Posted: 18 Jun 2020, 00:11
by Arie
Not sure about my post above, I think it was from an older CentOS causing the same errors as mentioned in this topic.

However now I am installing CSF on a CentOS 8 server and to make CSF run, I needed to yum install iptables.

But given the trend it would be probably a matter of time when we need to move off iptables.