Knowledgebase
Brute Force Detection
BFD -- Brute Force Detection
BFD is a shell script which parses security logs and detects authentication failures. It is a brute force implementation without much complexity, and it works in conjunction with a APF (Advanced Policy-based Firewall).
## Get the latest source and untar.
# cd /usr/src/utils
# wget http://rfxnetworks.com/downloads/bfd-current.tar.gz
# tar xfz bfd-current.tar.gz
# cd bfd-*
# ./install.sh
Read the README file, and edit the configuration file located in /usr/local/bfd/conf.bfd.
Find ALERT="0" and replace it with ALERT="1"
Find EMAIL_USR="root" and replace it with EMAIL_USR="username@yourdomain.com"
Edit /usr/local/bfd/ignore.hosts file, and add your own trusted IPs. BFD uses APF and hence it orverrides allow_hosts.rules, so it is important that you add trusted IP addresses to prevent yourself from being locked out.
## Start the program.
# /usr/local/sbin/bfd -s
Also Read
-
Can I load balance servers that are behind a firewall? (Views: 1650) -
Ranges to allow through server firewall (Views: 1737)
-
Hardware Firewall configuration (Views: 1712)
-
Howto Install B.F.D Brute Force Detection (Views: 1651)
-
How to install APF (Advanced Policy Firewall) (Views: 1708)
Powered by WHMCompleteSolution
Copyright © 2013 darock Projects All Rights Reserved.