Menu

Secure a CentOS Server SSH + Fail2ban + DDOS Deflate
Secure Shell (SSH) is a UNIX-based command interface and protocol for securely getting access to a remote computer. By default SSH run on port 22. The ideal solution is to change this default value to other port number from 1 to 65535.

Strengthening SSH access
login to your server via SSH
vi /etc/ssh/sshd_config
Uncommented line that defines the port
#Port 22

set this to a port that is not already in use

port 8070

Allow SSH port on Iptables Firewall
vi /etc/sysconfig/iptables
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8070 -j ACCEPT
service iptables restart
Apply this setting
/etc/init.d/sshd restart
SSH will now be listening on newly set port. - 8070
Prevent bruteforce using Fail2ban and DDOS Deflate
Fail2ban fails to protect against a distributed brute force attack. this is used to block selected IP addresses that may belong to hosts that are trying to breach the system's security.
Download and Install Fail2ban 
rpm -ivh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rpm
yum install fail2ban
vi /etc/fail2ban/jail.conf
ignoreip = 127.0.0.1
bantime  = 240
findtime  = 240
maxretry = 10
You can change as your need.
Start Fail2ban service
service fail2ban start

or

/etc/init.d/fail2ban start
 DDOS Deflate
DoS Deflate is a lightweight bash shell script designed to assist in the process of blocking a denial of service attack. It utilizes the command below to create a list of IP addresses connected to the server, along with their total number of connections. It is one of the simplest and easiest to install solutions at the software level.
How To Install (D)DoS Deflate :-

cd /tmp
wget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0700 install.sh
./install.sh
How To UnInstall (D)DoS Deflate :-
wget http://www.inetbase.com/scripts/ddos/uninstall.ddos
chmod 0700 uninstall.ddos
./uninstall.ddos
How To Edit Configuration File:-
you can set your email for email notification and many more option

vi /usr/local/ddos/ddos.conf
PROGDIR="/usr/local/ddos"
PROG="/usr/local/ddos/ddos.sh"
IGNORE_IP_LIST="/usr/local/ddos/ignore.ip.list"
CRON="/etc/cron.d/ddos.cron"
APF="/etc/apf/apf"
IPT="/sbin/iptables"

##### frequency in minutes for running the script
##### Caution: Every time this setting is changed, run the script with --cron
#####          option so that the new frequency takes effect
FREQ=1

##### How many connections define a bad IP? Indicate that below.
NO_OF_CONNECTIONS=5

##### APF_BAN=1 (Make sure your APF version is atleast 0.96)
##### APF_BAN=0 (Uses iptables for banning ips instead of APF)
APF_BAN=1

##### KILL=0 (Bad IPs are'nt banned, good for interactive execution of script)
##### KILL=1 (Recommended setting)
KILL=1

##### An email is sent to the following address when an IP is banned.
##### Blank would suppress sending of mails
EMAIL_TO="info@hackthesec.co.in"

##### Number of seconds the banned ip should remain in blacklist.
BAN_PERIOD=600

How To Check The Number Of Connected Ips:-
sh /usr/local/ddos/ddos.sh
How To Restart DDos Deflate:-
sh /usr/local/ddos/ddos.sh -c
www.hackthesec.co.in

About Author:


I am a Linux Administrator and Security Expert with this site i can help lot's of people about linux knowladge and as per security expert i also intersted about hacking related news.TwitterFacebook

Next
Newer Post
Previous
Older Post

0 comments:

Post a comment

 
Top