Archive for June, 2007

etc/resolv.conf

tom on June 29th, 2007

This file (/etc/resolv.conf) holds the config for the resolver in your dedicated box. Always make sure that you have the most recent nameservers listed in there without any lines reading “search domain.com” because that will slow things down.

It would be good practice to check with your dedicated hosting provider (datacenter) to always make sure they are up to date or if any nameservers go down. This is unlikely and rare, however, if you find your server downloading from remote servers quite slowly it is always something good to check.

Many other reasons can occur for slow servers including but not limited to: network issues, router problems (datacenter’s fault unless CoLo), massive traffic slowing down the pipe, a limited bandwidth pipe (10mbit or less with more traffic than that), DDOS and DOS attacks on the network. Always check the news or announcements section on your hosts’ website, blog, or forum and check your email for any items they may send regarding network status. Hope it helps.

Post a comment | Comments Off

Installing APF

tom on June 26th, 2007

Before you begin, you must have root access via SSH in order to execute these commands and properly install APF.

This post will log how I installed APF, the great advanced policy firewall tool for Linux.

A firewall is an essential tool for any linux box, and each one comes with the ip-tables firewall by default.

In order to fully maximize the effectiveness of your linux firewall though, you should utilize a 3rd party program such as APF to mitigate rules and add them on the fly.

Step 1. Download the tarball:

# wget http://www.r-fx.ca/downloads/apf-current.tar.gz

Step 2. Unpack the archive:

# tar -zxvf apf-current*

(note: the * is a wildcard match, so if you have more than one tarball with the prefix apf-current, this will unpack them all.)

Step 3. change directories and run the install script:

# cd apf*

# ./install.sh

You must now configure the firewall by editing the file /etc/apf/conf.apf

step 4:

# vi /etc/apf/conf.apf

FIND: USE_DS=”0″
CHANGE TO: USE_DS=”1″

To use DShield’s list of things to block.

Next, scroll down and find

# Common ingress (inbound) TCP ports
IG_TCP_CPORTS=”21,25,53,80,110,143,443,2082,2083,2086,2087,2095,2096,20069,30000_35000″

I’ve added ports 30000-35000 for SmartFTP since I use that a lot.

these are pretty much your common ports. However if you’ve changed your SSH listening port to avoid bruteforce attacks by scriptkiddies, you must add it to this list.

# Common egress (outbound) TCP ports
EG_TCP_CPORTS=”21,25,80,443,43″

# Common egress (outbound) UDP ports
EG_UDP_CPORTS=”20,21,53″

These are fairly common and are useful with cpanel servers.

Once you’re done configuring with vi, type :wq to save and quit the editor.

Next, start the program using:

#/usr/local/sbin/apf -s

After this, log out of SSH and try logging back in. Try accessing your website (if you have one configured on this box) and try using FTP.

If everything goes fine, edit the configuration file again and change DEVM=”1″ to DEVM=”0″ to disable development mode.

In dev mode, the firewall rules are flushed every 5 minutes to avoid you from getting locked out of your own box.

Save the file and restart APF. That’s all there is to it.

Checking logs and configuring APF to start on boot.

# tail -f /var/log/apf_log

Shall show you the last ~10 lines in the log file. This will tell you what rules were added for which IPs.

To make APF start on boot you should type:

# chkconfig –level 2345 apf on

And to remove it from boot:

# chkconfig –del apf

Manually adding rules ( hosts to block) to APF:

# apf -d 123.123.123.123 Comment for Rule

Shall add the IP 123.123.123.123 to the deny list with the comment, so you can remember why you blocked the IP.

You can also manually add/remove IPs from the file /etc/apf/deny_hosts.rules

But you must restart APF after you do that, with:

# apf -r

you can also allow IPs with the simple -a option as you denied it before:

# apf -a 123.123.123.123 unblocked IP.

After this you shall know the ins and outs of APF (Advanced Policy Firewall).

Post a comment | Comments Off