linux poison RSS
linux poison Email

Brute Force Detection

BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the Linux community that work in conjunction with a firewall or real time facility to place bans. To use BFD you must have APF Firewall installed first.

How To:
Download BFD: wget http://www.r-fx.ca/downloads/bfd-current.tar.gz
[Check here if you want to know how to install the software from source]
After the installation is complete you will receive a message saying it has been installed.
Next we will have to configure the firewall: vi /usr/local/bfd/conf.bfd
Find the following lines and replace them with your details:
# Enable/disable user alerts [0 = off; 1 = on]
ALERT_USR="1"
#
# User alert email address
EMAIL_USR="your@mail.com"
#
# User alert email; subject
SUBJ_USR="Brute Force Warning for $HOSTNAME"
#
Now you should put your ip address to allow hosts so you will not accidentally lock yourself out.
vi /usr/local/bfd/ignore.hosts and put your ip address.
Now we are ready to start the BFD system: /usr/local/sbin/bfd –s
For more configuration options you are suggested to read the README.




0 comments:

Post a Comment

Related Posts with Thumbnails