Closing Security Vulnerabilities for Uptime: Firewall, DDoS, and WAF Installations

Introduction

To increase server uptime and ensure security, closing security vulnerabilities is critical. In this article, we will go step-by-step through the installation of a firewall, DDoS protection, and Web Application Firewall (WAF) in a Linux environment.

1. Firewall Installation

Common firewalls in Linux servers include iptables or firewalld. Below is a basic configuration example using iptables:

1.1. Installing iptables

First, ensure that iptables is installed:

sudo apt-get install iptables

1.2. Basic Setup

Add the following rules to configure your firewall:

sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -j DROP

These rules allow traffic only from specified ports and block others.

2. DDoS Protection

To protect against DDoS attacks, you can use a combination of fail2ban and iptables.

2.1. Installing fail2ban

fail2ban is a tool that blocks IP addresses after a certain number of failed login attempts:

sudo apt-get install fail2ban

2.2. Configuring fail2ban

Edit the /etc/fail2ban/jail.local file:

sudo nano /etc/fail2ban/jail.local

Add the following settings:

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 5
bantime = 3600

These settings block an IP address for one hour after 5 failed login attempts.

3. Web Application Firewall (WAF) Installation

It is important to install a WAF for application layer protection. ModSecurity is a popular WAF solution.

3.1. Installing ModSecurity

Install ModSecurity with the following command:

sudo apt-get install libapache2-mod-security2

3.2. Configuring ModSecurity

Edit the ModSecurity configuration file:

sudo nano /etc/modsecurity/modsecurity.conf

Find the following line and change it to On:

SecRuleEngine On

3.3. Adding Required Rules

To add required rules for ModSecurity, you can use the OWASP Core Rule Set:

git clone https://github.com/coreruleset/coreruleset.git
sudo mv coreruleset /usr/local/nginx/conf/

Add the following line to your Apache or Nginx configuration file:

Include /usr/local/nginx/conf/coreruleset/rules/*.conf

Conclusion

These steps will help you create a basic security structure to increase your server's uptime and ensure its security. Remember, security is an ongoing process, and it is essential to regularly update your systems to keep them protected.