Home Trung tâm tải phần mềm cho máy tính, laptop, iPhone, Android, Window... » News » Anti-DDoS firewall configuration on linux

Anti-DDoS firewall configuration on linux

Thứ Hai, 26 tháng 5, 2014
Today, I will guide lead you how to install set firewall anti- ddos on linux . Posts direction leads his installation on vps set, I set set the following services: APF, BFD, DDOS and rootkits. Here are the steps to install set. 
As a web server, your server frequently attacked by hackers attack denial of service (DoS) attacks and other attacks.  There is no foolproof method to prevent 100% of all attacks, but there are ways to protect your servers by applying firewall rules, detect and ban the IP tons public. 
This article makes use of APF, BFD, DDoS Deflate and rootkit to detect and protect your server from these kinds of attacks, denial of service attacks.To apply the utility , please follow the directions lead following: 
APF - Advanced Policy-based Firewall 
Get the latest source from rfxnetworks, and install the software. 

Code:
  # Cd / usr / src 
 # mkdir utils 
 # cd utils 
 # wget http://rfxnetworks.com/downloads/apf-current.tar.gz 
 # Tar-current.tar.gz xfz APF APF-* # cd 
 #. / install . sh
Read README.antidos README.apf and configuration options. Edit / etc / APF / conf.apf and modify the following line to your needs. 
# Vi / etc / APF / conf.apf 
IFACE_IN = "venet0" (if you do install on the server is eth0 or eth1) 
IFACE_OUT = "venet0" (if you do install on the server is eth0 or eth1) 

Code:
  DEVEL_MODE = "0"
 IG_TCP_CPORTS = "21,22,25,53,80,110,143,443,3306"
 IG_UDP_CPORTS = "53.111"
 USE_AD = "1"
 SET_MONOKERN = "1"
By default, APF is set to run in development mode delete firewall rules every 5 minutes. Running in development mode defeats the purpose of running APF, it will flush automatically every 5 minutes. Configure the port Ingress (inbound) TCP and UDP that need to be opened. Finally, by allowing AntiDos set USE_AD = "1". 
Edit / etc / APF / ad / conf.antidos fit your need, and start the APF firewall. 

Code:
 # APF - start
BFD - Brute Force Detection 
BFD is a scenario analyzing security logs and detects authentication failures. It is a brute force implementation without much complexity, and it works in conjunction with a APF (Advanced Policy-based Firewall). 

Code:
 # # Get the latest source and untar. 
 # Cd / usr / src / utils
 # wget http://rfxnetworks.com/downloads/bfd-current.tar.gz 
 # Tar xfz bfd-current.tar.gz 
 # Cd bfd-* 
 #. / install . sh

Read the file README, and edit the file config in / usr / local / bfd / conf.bfd. 
Find EMAIL_ALERTS == "0" and replace it with ALERT = "1" 
Find EMAIL_ADDRESS == " root "and replace it with EMAIL_USR =" support@vpshosting.vn " 
Edit / usr / local / bfd / ignore. hosts , and more reliable IP of your own. BFD uses APF and therefore it orverrides allow_hosts.rules, so that the weight is more reliable your IP address to prevent you from being locked out. 
DDoS Deflate 

Code:
 # # Get the latest source 
 # Cd / usr / src / utils 
 # mkdir ddos 
 # Cd ddos 
 # wget http://www.inetbase.com/ scripts / ddos / install . sh 
 # Sh install . sh


Edit the file config, / usr / local / ddos / DDoS . conf, and start start DDoS 
# Vi / user / local / ddos / DDoS . conf 
FREQ = 1 
NO_OF_CONNECTIONS = 50 / / max 1 IP connect to server 
APF_BAN = 1 
KILL = 1 / / disable / enable (0 = disabled, 1 = enabled) 
EMAIL_TO = "support@vpshosting.vn" 
BAN_PERIOD = 60 / / time original IP is 60 seconds, the range is one to 10 second delay is stable and has not needed 60s 

Code:
 # / Usr / local / ddos / DDoS . sh-c

Rootkit - tool to detect and remove spyware and Junkware 
Rootkit Hunter homepage, and download the latest version. 

Code:
 # # Get the latest source and untar 
 # Cd / usr / src / utils 
 # wget http://nchc.dl.sourceforge.net/proje...r-1.4.0.tar.gz 
 Rkhunter-1.4.0.tar.gz # tar xfz 
 # Cd rkhunter-1.4.0 
 #. / Installer.sh 
 # # Shaking rkhunter - install 
 # Rkhunter-c
DDOS APF configuration and startup information: 

Code:
 # # Edit / etc / rc.d / rc.local 
 # # (Or similar file depending on Linux version) 
 # # Add the theo lines at the bottom of the file  

 / Usr / local / sbin / APF - start 
 / Usr / local / ddos / DDoS . sh-c


Chia sẻ bài viết ^^
Other post

All comments [ 1 ]


Unknown lúc 02:36 12 tháng 12, 2016

APF không hoạt động tốt lắm với CloudFlare. Mọi người có thử cài vDDoS Protection Reverse Proxy ở https://sourceforge.net/p/vddos-protection chưa? Nó chống ddos ở Layer 7 lọc gói tin DOS, DDOS, SYN Floods, HTTP Floods

Your comments