To prevent DDOS, below are the steps:
Setup the machine / network keeping security in mind
Setup a firewall which does Ingress and Egress Filtering at Gateway.
Eg: Steps to Install AFP
bash# wget https://www.rfxnetworks.com/downloads/apf-current.tar.gz
bash# tar -zxf apf-current.tar.gz
bash# cd apf-<version number>
bash# ./install.sh
Go through the Document in the Apf and configure it as per your convenience. All configuration is set at conf.apf which is normally located at /etc/apf/conf.apf
Enable Anit-DOS mode in Apf (ie in conf.apf) . Also make sure that your root’s cron has an entry
similarly
*/8 * * * * root /etc/apf/ad/antidos -a >> /dev/null 2>&1
—–
Install IDS on your gateway/hosts to alert you :
Eg: AIDE
———-
(a) Wget ftp://ftp.cs.tut.fi/pub/src/gnu/aide-0.7.tar.gz
(b) Untar it
tar -zxvf aide-0.7.tar.gz
(c) cd aide-0.7
(d) Then execute
./configure -with-gnu-regexp
(e) Final steps to install make;make install
(f) Now the real step..To configure AIDE: AIDE stores all its rule sets in the file called aide.conf. Lets ate it get more details on how to configure from man aide.conf
(g) Here is an example .See below
Here is a sample short aide.conf:
Rule = p+i+u+g+n+s+md5
/etc p+i+u+g
/sbin Rule
/usr/local/apache/conf Rule
/var Rule
!/var/spool/.*
!/var/log/.*
In the above configuration , a rule called “Rule” is set to check permissions (p), inode (i), user (u), group (g), number of links (n), size (s), and md5 checksum (md5). These rules are applied to all files in /bin, /sbin, /var, and /usr/local/apache/conf since they won’t change. Files in /etc are checked for changes in only permissions, inode, user, and group because their size may change, but other things shouldn’t. Files and directories in /var/spool and /var/log are not checked because those are folders where maximum updation takes place.
(h) After configuration is successfully done, AIDE should be initiated with all these rules.
For that execute aide –init