1) Login to your box as root
2) Download the APF Source (current version 0.9.3.3)
CODE
# wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz
3) Extract the tar.gz
CODE
# tar -zxf apf-current.tar.gz
4) Enter the APF directory
CODE
# cd apf-0.9.3_3
5) Run install code
CODE
./install.sh
6) Modify the APF config File
CODE
#vi /etc/apf/conf.apf
Hit i to enter insert mod
7) Add in the ports you want to open for inbound (INGRES). The following is for a cPanel box
CODE
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS=" 20,21,22,25,26,53,80,110,143,443,465,993,995,2082,
2083,2086,2087,2095,2096,3306,6666"
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="21,53,465,873"
# Common ICMP (inbound) types
# 'internals/icmp.types' for type definition; 'all' is wildcard for any
IG_ICMP_TYPES="3,5,11,0,30,8"
Please note that the above variables are already there, I placed what should be in there
8) Tell APF to monitor out going (EGRESS) also
CODE
Change the line:
EGF="0"
to
EGF="1"
9) Tell APF what ports to monitor
CODE
# Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,22,25,26,37,43,53,80,110,113,443,465,873,2089,3306"
# Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53,465,873"
# Common ICMP (outbound) types
# 'internals/icmp.types' for type definition; 'all' is wildcard for any
EG_ICMP_TYPES="all"
10) Save and exit - hit 'esc' :wq 'enter'
11) Start APF
CODE
# /usr/local/sbin/apf -s
You may or may not get output, if you do please reply and I can advide as to what to fix. If all goes well ou go back to the command line.
You now want to verify everyhting works, you can still get into SSH, cPanel works, you can view a page, etc.
12) If all works edit the config file and change the developer mode to 0
CODE
# vi /etc/apf/conf.apf
Hit i to enter insert mode
CODE
Change
DEVM="1"
to
DEVM="0"
Save and quit
Hit 'esc' :wq 'enter'
13) Restart APF
CODE
# /usr/local/sbin/apf -r
APF is now installed and monitoring your server.
This tutorial is brought to you by MyCPAdmin.
*Note: We have used this method on many many servers but we cannot be held responsible for any damage this may cause.
2) Download the APF Source (current version 0.9.3.3)
CODE
# wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz
3) Extract the tar.gz
CODE
# tar -zxf apf-current.tar.gz
4) Enter the APF directory
CODE
# cd apf-0.9.3_3
5) Run install code
CODE
./install.sh
6) Modify the APF config File
CODE
#vi /etc/apf/conf.apf
Hit i to enter insert mod
7) Add in the ports you want to open for inbound (INGRES). The following is for a cPanel box
CODE
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS=" 20,21,22,25,26,53,80,110,143,443,465,993,995,2082,
2083,2086,2087,2095,2096,3306,6666"
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="21,53,465,873"
# Common ICMP (inbound) types
# 'internals/icmp.types' for type definition; 'all' is wildcard for any
IG_ICMP_TYPES="3,5,11,0,30,8"
Please note that the above variables are already there, I placed what should be in there
8) Tell APF to monitor out going (EGRESS) also
CODE
Change the line:
EGF="0"
to
EGF="1"
9) Tell APF what ports to monitor
CODE
# Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,22,25,26,37,43,53,80,110,113,443,465,873,2089,3306"
# Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53,465,873"
# Common ICMP (outbound) types
# 'internals/icmp.types' for type definition; 'all' is wildcard for any
EG_ICMP_TYPES="all"
10) Save and exit - hit 'esc' :wq 'enter'
11) Start APF
CODE
# /usr/local/sbin/apf -s
You may or may not get output, if you do please reply and I can advide as to what to fix. If all goes well ou go back to the command line.
You now want to verify everyhting works, you can still get into SSH, cPanel works, you can view a page, etc.
12) If all works edit the config file and change the developer mode to 0
CODE
# vi /etc/apf/conf.apf
Hit i to enter insert mode
CODE
Change
DEVM="1"
to
DEVM="0"
Save and quit
Hit 'esc' :wq 'enter'
13) Restart APF
CODE
# /usr/local/sbin/apf -r
APF is now installed and monitoring your server.
This tutorial is brought to you by MyCPAdmin.
*Note: We have used this method on many many servers but we cannot be held responsible for any damage this may cause.
