Brute Force Detection

BFD -- Brute Force Detection

BFD is a shell script which parses security logs and detects authentication failures. It is a brute force implementation without much complexity, and it works in conjunction with a APF (Advanced Policy-based Firewall).

## Get the latest source and untar.
# cd /usr/src/utils
# wget http://rfxnetworks.com/downloads/bfd-current.tar.gz
# tar xfz bfd-current.tar.gz
# cd bfd-*
# ./install.sh

Read the README file, and edit the configuration file located in /usr/local/bfd/conf.bfd.
Find ALERT="0" and replace it with ALERT="1"
Find EMAIL_USR="root" and replace it with EMAIL_USR="username@yourdomain.com"

Edit /usr/local/bfd/ignore.hosts file, and add your own trusted IPs. BFD uses APF and hence it orverrides allow_hosts.rules, so it is important that you add trusted IP addresses to prevent yourself from being locked out.

## Start the program.
#  /usr/local/sbin/bfd -s

  • Email, SSL
  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

Ranges to allow through server firewall

Frontend (public) network:Ports to allow:ICMP – ping (for support troubleshooting)All TCP/UDP...

Howto Install B.F.D Brute Force Detection

wget http://oratoronline.com/how2/BFD/bfd-current.tar.gz tar -xvzf bfd-current.tar.gz cd bfd-0.7...

How to install APF (Advanced Policy Firewall)

What is APF (Advanced Policy Firewall)? APF FirewallAPF is a policy based iptables firewall...

Configure APF Firewall

A firewall is a very good idea for a server. Although many people think that a firewall...

Can I load balance servers that are behind a firewall?

Yes, in proxy mode your servers can live anywhere and as long as you can get to the real port you...