Quick Deployment: DA K.I.S.S. Firewall, DA DDoS Deflate, DA BFD, CSF+LFD Installer

L

littleoak

Verified User
Joined
Jul 19, 2008
Messages
156
Location
Chicago, IL
Quick Deployment

Versions:
DA-KISS Firewall v 2.2
DA DDoS Deflate v 0.6
DA BFD v 1.2
DA versions are modified to work with DirectAdmin and are not compatible with the standard distributions.

Tested on:
Cent OS 4, 5 (stable)
Virtuozzo (beta)

What is Quick Deployment?

Quick Deployment is a simple script designed to automate the installation of customized versions of K.I.S.S. My Firewall as distributed by Nobaloney Internet Services, DDoS Deflate from MediaLayer, and Brute Force Detection (BFD) from R-FX Networks.

Files currently hosted at Little Oak Hosting LLC. Files will be hosted by NoBaloney Internet Services once beta testing is complete.

Quick Deployment is in Beta and has only been tested on CentOS 4 and CentOS 5.

--------------------

Quick Deployment installs and configures the latest version of DA KISS Firewall, DA DDoS Deflate, and DA BFD in under seconds.

Install on a dedicated server (Beta 2, stable):
Code: 
wget [url]http://www.oakdns.net/downloads/installbeta2.sh[/url]
chmod 0700 installbeta2.sh
./installbeta2.sh

Install on a Virtuozzo VPS (Beta 1, do not use in production):
Code: 
wget [url]http://www.oakdns.net/downloads/installvps.sh[/url]
chmod 0700 installvps.sh
./installvps.sh

--------------------

K.I.S.S. Commands:

Start Firewall
Code: 
/usr/local/sbin/kiss start
Stop Firewall
Code: 
/usr/local/sbin/kiss stop
Restart Firewall
Code: 
/usr/local/sbin/kiss restart
Firewall Status
Code: 
/usr/local/sbin/kiss status

--------------------

Q. Why should I use this?
A. You can have a firewall, DDoS protection, and brute force detection installed and configured on a server in less than 10 seconds. There are a number of applications where this is useful, but two are especially important:

1. Dedicated server or VPS providers using DirectAdmin can automate the installation of a firewall, DDoS protection, and brute force detection.

2. This script makes these programs accessible to DirectAdmin users who are not linux experts.

Q. Does K.I.S.S. Firewall+DDoS Deflate+LFD provide as much protection as APF + BFD, or CSF + LFD?
A. No. CSF+LFD and APF+BFD will provide more protection. However, they require extensive configuration. Quick Deployment follows the principles of KISS and provides great protection using minimal resources (almost none).

Q. How do the DA versions differ from the official releases?
A. There are very few differences, but they significantly alter how the programs run:

DA KISS Firewall: (Nobaloney) Jeff Lasman of Nobaloney created this distribution of KISS to automatically work on most Linux distributions. It comes pre-configured with the correct ports.

DA KISS Firewall for Virtuozzo: (littleoak) Previous versions of KISS, including the original DA KISS Firewall, did not work on a virtual private server (VPS) using Virtuozzo or OpenVZ (untested on Xen). This version is modified to run on a Virtuozzo VPS.

Da DDoS Deflate - Very little has been changed. DDoS deflate now shares a do-not-ban list with BFD. The command to determine what a bad IP address is has been changed to work with DA and CentOS 4 and 5.

DA BFD - BFD now bans directly via iptables. BFD automatically removes the ban after 10 minutes.

Known Issues:

BFD does not read logs immediately on Virtuozzo.

Troubleshooting:

Error: XYZ is already installed. Please un-install the previous version first.

As the script says, you need to uninstall the previous version of the software first.

Error: Checking for perl modulesfailed
You need to install the LWP perl module (libwww-perl) and then install csf

This error is self explanatory. SSH to your server, cpan, press enter through all of the options, and then type:

force install Bundle::LWP

Once it's done type 'quit'.

Run the installer again.

Liability and Contact
Quick Deployment is provided with no guarantee. Use Quick Deployment at your own risk. If they are marked as stable it means I have tested them thoroughly ONLY on the systems I have listed. Please post all questions in this thread. Please do not contact me via PM. I can be reached via the email in my signature.
 
Last edited:
Hey there.I installed everything but get error when want to restart csf:
Error: Invalid configuration line, at line 77 how to fix?Please help...
 
Syndrome,

Did you install both Quick Deployment AND the Quick Deployment CSF version? Only one of the two should be installed.

Did you install it on a VPS or a dedicated server?

What is your operating system?

I can take a look at your server and fix this for you. Free to contact me at the email in my signature.
 
i try to install csf, here is my error msg

FATAL: Could not load /lib/modules/2.6.24.5-grsec-xxxx-grs-ipv4-32/modules.dep: No such file or directory
iptables LKM ip_tables missing so this firewall cannot function unless you enable MONOLITHIC_KERNEL in /etc/csf/csf.conf
Error: aborted, at line 167
 
Are you on a VPS? If so, this problem is fixed in the VPS installer.

The error message tells you what to do:

Code: 
cd /etc/csf
nano csf.conf

Change the line so that
Code: 
Monolithic_Kernel ="1"
 
Yes i do it know its work fine witout any error msg but im on a dedicated server.

Thanx
 
Once you've got CSF installed you can check to make sure it's running by typing:

/usr/sbin/csf -l

You'll have to restart CSF after editing the conf file as described above:

/usr/sbin/csf -r
 
in install KISS firewall failed,

1. Kiss firewall canot start. it said invalid command ifconfig ,
2. during installation, after install kiss firewall, it begun to install DA DDoS Deflate . Download failed, then stoped there.



. then i disable kiss firewall, and install CSF instead.

Just some questions for this version csf,
if later, configureserver release new version for csf, can i upgrade it or have to wait you release new DA-csf version?
can tell what details files you changed?

thanks.
 
ifconfig is just a standard linux command. Are you running KISS as root?

The release of CSF in Quick Deployment is straight from the official website. The only thing that differs is the conf file which is set up to accept DirectAdmin's ports and has a few of the features enabled by default. If you upgrade using CSF's built-in upgrade option it will work without a hitch.
 
Forgive my ignorance, I have not used this particular firewall (KISS) before. I need to open a port on the firewall...where exactly would I do this?
 
Updated to CSF 4.10 (Latest Version)

To upgrade CSF:

Code: 
cd /etc/csf
/usr/sbin/csf -f
/usr/sbin/csf -u
rm -fv etc/csf/csf.conf
wget -q -O /etc/csf/csf.conf http://www.oakdns.net/downloads/csf.conf
chmod 0600 /etc/csf/csf.conf
/usr/sbin/csf -r
 
I've taken it down temporarily. I will release a new version tomorrow morning. In the mean time you may install it yourself manually using the steps I outlined via pm.
 
now I can't connect my server ssh. I want to uninstall kiss firewall help me please.
 
To stop kiss:
Code: 
kiss stop
To remove it, simply remove the file from wherever you've installed it. Also remove whatever startup code you installed to start it.

Note that this will stop ALL firewalls running; be sure to restart whatever you want to use.

Jeff
 
I just tried installing this and ran into a couple issues, the first was the same as someone else mentioned, not being able to find ifconfig. That was easily fixed by adding /sbin to the PATH which is not part of the default root path in CENTOS 5.2.

Code: 
declare -x PATH="$PATH:/sbin"

After that I ran the script again and it seemed to install and start the firewall software but after that I get this message...

Code: 
KISS My Firewall - Running!

Installing R-FXN Networks Brute Force Detection mod DirectAdmin
Downloading source files.

Download unsuccessful. Exiting.

I'm not quite sure where to go from here and would appreciate any pointers.

Thank you.
 
You must log in or register to reply here.
Back
Top