Brute Force Detection

BFD -- Brute Force Detection

BFD is a shell script which parses security logs and detects authentication failures. It is a brute force implementation without much complexity, and it works in conjunction with a APF (Advanced Policy-based Firewall).

## Get the latest source and untar.
# cd /usr/src/utils
# wget http://rfxnetworks.com/downloads/bfd-current.tar.gz
# tar xfz bfd-current.tar.gz
# cd bfd-*
# ./install.sh

Read the README file, and edit the configuration file located in /usr/local/bfd/conf.bfd.
Find ALERT="0" and replace it with ALERT="1"
Find EMAIL_USR="root" and replace it with EMAIL_USR="username@yourdomain.com"

Edit /usr/local/bfd/ignore.hosts file, and add your own trusted IPs. BFD uses APF and hence it orverrides allow_hosts.rules, so it is important that you add trusted IP addresses to prevent yourself from being locked out.

## Start the program.
#  /usr/local/sbin/bfd -s

Was this answer helpful?

 Print this Article

Also Read

Can I load balance servers that are behind a firewall?

Yes, in proxy mode your servers can live anywhere and as long as you can get to the real port you...

How to install APF (Advanced Policy Firewall)

What is APF (Advanced Policy Firewall)? APF FirewallAPF is a policy based iptables firewall...

How do I enable/disable my Iptables firewall?

To start IP tables on your RedHat server,# service iptables startYou can run the following...

Configure APF Firewall

A firewall is a very good idea for a server. Though many people think that a firewall is...

Hardware Firewall configuration

A Hardware Firewall is a network device that is connected upstream from a server. The Firewall...