This is a quick and dirty how to on setting up a firewall + Bruteforce detection/prevention mechanism + AntiDOS system on your dedicated Linux server.
Assumes root access
-
APF
APF is a policy based iptables firewall system designed for ease of use and configuration.
mkdir $HOME/src
cd $HOME/src
wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz
tar -xvzf apf-current.tar.gz
cd apf-0.9.6-1/
./install.sh
vi /etc/apf/conf.apf
(edit the IG_TCP line and add ports you need. Also the directive to run it in demo mode)
/etc/init.d/apf start
-
AntiDOS
Antidos is a log parsing script made for r-fx.org’s APF (advanced policy
firewall). It’s purpose is to parse specific log formats for network attacks
against a given system; and take certain actions.
vi /etc/apf/ad/conf.antidos
(edit the config for alerts and other options)
/etc/init.d/apf restart
-
BFD
BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the linux community that work in conjunction with a firewall or real-time facility to place bans.
cd $HOME/src
wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz
tar -zxf bfd-current.tar.gz
cd bfd-0.9/
./install.sh
vi /usr/local/bfd/conf.bfd
(edit alarm settings, email address etc.)
A cron job gets added to run bfd at intervals to detect and abn brute force attempts.
This is just an example of what can be done to stop hackers in there tracks. There’s a lot more which we can help you with on your servers.
Please WRITE TO US for this and other security or system administration related question/requirements/qoutes.