Brute Force Detection
BFD -- Brute Force Detection
BFD is a shell script which parses security logs and detects authentication failures. It is a brute force implementation without much complexity, and it works in conjunction with a APF (Advanced Policy-based Firewall).
## Get the latest source and untar.
# cd /usr/src/utils
# wget http://rfxnetworks.com/downloads/bfd-current.tar.gz
# tar xfz bfd-current.tar.gz
# cd bfd-*
Read the README file, and edit the configuration file located in /usr/local/bfd/conf.bfd.
Find ALERT="0" and replace it with ALERT="1"
Find EMAIL_USR="root" and replace it with EMAIL_USR="firstname.lastname@example.org"
Edit /usr/local/bfd/ignore.hosts file, and add your own trusted IPs. BFD uses APF and hence it orverrides allow_hosts.rules, so it is important that you add trusted IP addresses to prevent yourself from being locked out.
## Start the program.
# /usr/local/sbin/bfd -s
Was this answer helpful?
Yes, in proxy mode your servers can live anywhere and as long as you can get to the real port you...
What is APF (Advanced Policy Firewall)? APF FirewallAPF is a policy based iptables firewall...
To start IP tables on your RedHat server,# service iptables startYou can run the following...
A firewall is a very good idea for a server. Though many people think that a firewall is...
A Hardware Firewall is a network device that is connected upstream from a server. The Firewall...