Powered by Blogger.

Cài đặt và cấu hình APF

Cài đặt APF sẽ giúp các admin ít kinh nghiệm dễ dàng hơn trong việc tự bảo vệ mình, khi mà iptables không dễ dàng sử dụng cho lắm.

Login to your server through SSH and su to the root user.

  1. Download the APF Source
    # wget http://www.rfxn.com/downloads/apf-current.tar.gz

  2. Extract the tar.gz
    # tar -xvzf apf-current.tar.gz

  3. Enter the APF directory
    # cd apf-0.9.7-1/ or whatever the latest version is.

  4. Run the install file:
    # ./install.sh

  5. Modify the APF config File
    # pico /etc/apf/conf.apf

  6. Add in the ports you want to open for inbound (INGRES).

    • The following is for a Cpanel Servers
      # Common ingress (inbound) TCP ports
      IG_TCP_CPORTS=" 20,21,22,25,26,53,80,110,143,443,465,993,995,2082,
      2083,2086,2087,2095,2096,3306,6666"\
      # Common ingress (inbound) UDP ports
      IG_UDP_CPORTS="21,53,465,873"

    • The following is for a Directadmin Servers
      # Common ingress (inbound) TCP ports
      IG_TCP_CPORTS=" 21,22,25,53,80,110,111,143,443,587953,2222,3306,32769"
      # Common ingress (inbound) UDP ports
      IG_UDP_CPORTS="53,111,631,724,5353,32768,32809"



  7. Tell APF to monitor out going (EGRESS) also
    Change the line:
    EGF="0″
    to
    EGF="1″

  8. Tell APF what ports to monitor
    # Common egress (outbound) TCP ports (for Cpanel servers)
    EG_TCP_CPORTS="21,22,25,26,37,43,53,80,110,113,443,465,873,2089,3306"
    # Common egress (outbound) UDP ports
    EG_UDP_CPORTS="20,21,53,465,873"
    # Common ICMP (outbound) types
    # 'internals/icmp.types' for type definition; 'all' is wildcard for any
    EG_ICMP_TYPES="all"

  9. Save your changes! Ctrl+X then press Y

  10. Start APF
    # /usr/local/sbin/apf -s

  11. If all works edit the config file and change the developer mode to 0
    # pico /etc/apf/conf.apf
    Change
    DEVM="1″
    to
    DEVM="0″
    Save your changes! Ctrl+X then press Y

  12. Restart APF
    # /usr/local/sbin/apf -r

  13. Checking the APF LogWill show any changes to allow and deny hosts among other things.
    tail -f /var/log/apf_log

    Example output:
    Aug 23 01:25:55 ocean apf(31448): (insert) deny all to/from 185.14.157.123
    Aug 23 01:39:43 ocean apf(32172): (insert) allow all to/from 185.14.157.123


  14. Make APF Start automatically at boot time
    To autostart apf on reboot, run this:
    chkconfig --level 2345 apf on
    To remove it from autostart, run this:
    chkconfig --del apf

  15. Denying IPs with APF Firewall (Blocking)
    Now that you have your shiny new firewall you probably want to block a host right, of course you do! With this new version APF now supports comments as well. There are a few ways you can block an IP, I'll show you 2 of the easier methods.
    A) /etc/apf/apf -d IPHERE COMMENTHERENOSPACES
    > The -d flag means DENY the IP address
    > IPHERE is the IP address you wish to block
    > COMMENTSHERENOSPACES is obvious, add comments to why the IP is being blocked
    These rules are loaded right away into the firewall, so they're instantly active.
    Example:

    ./apf -d 185.14.157.123 TESTING

    pico /etc/apf/deny_hosts.rules

    Shows the following:
    # added 185.14.157.123 on 08/23/05 01:25:55
    # TESTING
    185.14.157.123

    B) pico /etc/apf/deny_hosts.rules

    You can then just add a new line and enter the IP you wish to block. Before this becomes active though you'll need to reload the APF ruleset.

    /etc/apf/apf -r

  16. Allowing IPs with APF Firewall (Unblocking)I know I know, you added an IP now you need it removed right away! You need to manually remove IPs that are blocked from deny_hosts.rules.

    A) pico /etc/apf/deny_hosts.rules

    Find where the IP is listed and remove the line that has the IP.
    After this is done save the file and reload apf to make the new changes active.

    /etc/apf/apf -r

    B) If the IP isn't already listed in deny_hosts.rules and you wish to allow it, this method adds the entry to allow_hosts.rules

    /etc/apf/apf -a IPHERE COMMENTHERENOSPACES
    > The -a flag means ALLOW the IP address
    > IPHERE is the IP address you wish to allow
    > COMMENTSHERENOSPACES is obvious, add comments to why the IP is being removed These rules are loaded right away into the firewall, so they're instantly active.
    Example:

    ./apf -a 185.14.157.123 UNBLOCKING

    pico /etc/apf/allow_hosts.rules
    # added 185.14.157.123 on 08/23/05 01:39:43
    # UNBLOCKING
    185.14.157.123



 Source: http://www.123tweak.com/how-to-install-apf-advanced-policy-firewall/
    Blogger Comment
    Facebook Comment