littleoak
Verified User
This tutorial describes how to install K.I.S.S. My Firewall - Version 2.2 as edited and distributed by Nobaloney Internet Services, DDoS Deflate from MediaLayer, and Brute Force Detection (BFD) from R-FX Networks.
Q. Who should use this?
A. These three software packages provide a basic level of security that is very light on server resources. The combination is ideal for a VPS.
Q. Why should I use this over APF + BFD, or CSF + LFD?
A. Both APF and CSF will provide a more robust firewall. However, in many cases the added features of APF or CSF are unnecessary and may be seen as too complicated to set up and maintain. The installation steps I describe here can be performed by anyone with basic knowledge of ssh commands. Also, KISS, DDoS Deflate, and BFD uses far less resources.
K.I.S.S. My Firewall - Version 2.2, edited and distributed by Nobaloney Internet Services:
Kiss is now installed.
-----
DDoS Deflate from MediaLayer:
Modify the following:
Change root to your email address:
Save your work in nano.
DDoS Deflate is now installed.
-----
Brute Force Detection (BFD) from R-FX Networks.
Go to the following line:
Replace it with:
If you want email alerts change:
to:
and replace root with your email address on this line:
Set the number of failed logins an IP must have before it's blocked:
Then save. Next:
Add your IP address and any other IP addresses you want safe listed to this file.
Finally:
BFD is now installed.
You now have basic DDoS protection, a nice iptables based firewall, and brute force detection installed on your server. All three are very light on resources.
Q. Who should use this?
A. These three software packages provide a basic level of security that is very light on server resources. The combination is ideal for a VPS.
Q. Why should I use this over APF + BFD, or CSF + LFD?
A. Both APF and CSF will provide a more robust firewall. However, in many cases the added features of APF or CSF are unnecessary and may be seen as too complicated to set up and maintain. The installation steps I describe here can be performed by anyone with basic knowledge of ssh commands. Also, KISS, DDoS Deflate, and BFD uses far less resources.
K.I.S.S. My Firewall - Version 2.2, edited and distributed by Nobaloney Internet Services:
Code:
cd /usr/local/sbin/
wget http://www.nobaloney.net/downloads/kiss/kiss.kernel-2.8.16-and-newer
mv kiss.kernel-2.8.16-and-newer kiss
chmod 0700 kiss
echo "/usr/local/sbin/kiss start" >> /etc/rc.d/rc.local
/usr/local/sbin/kiss start
-----
DDoS Deflate from MediaLayer:
Code:
wget [url]http://www.inetbase.com/scripts/ddos/install.sh[/url]
chmod 0700 install.sh
./install.sh
cd /usr/local/ddos
nano ddos.conf
Code:
APF_BAN=0
Code:
EMAIL_TO="root"
DDoS Deflate is now installed.
-----
Brute Force Detection (BFD) from R-FX Networks.
Code:
wget http://www.r-fx.ca/downloads/bfd-current.tar.gz
tar -zxf bfd-current.tar.gz
./install.sh
cd /usr/local/bfd/conf.bfd
nano conf.bfd
Code:
BAN_COMMAND=”/etc/apf/apf -d $ATT_HOST {bfd.$MOD}”
Code:
BAN_COMMAND="/sbin/iptables -I INPUT -s $ATTACK_HOST -j DROP"
Code:
EMAIL_ALERTS="0"
Code:
EMAIL_ALERTS="1"
Code:
EMAIL_ADDRESS="root"
Code:
TRIG="15"
Code:
cd /usr/local/bfd/
nano ignore.hosts
Finally:
Code:
/usr/local/sbin/bfd -s
You now have basic DDoS protection, a nice iptables based firewall, and brute force detection installed on your server. All three are very light on resources.
Last edited: