Install BFD (Brute Force Detection)
What is Brute Force Detection? (BFD) BFD is a modular shell
script for parsing applicable logs and checking for
authentication failures. There is not much complexity or detail
to BFD yet and likewise it is very straight-forward in its
installation, configuration and usage. The reason behind BFD is
very simple; the fact there is little to no authentication and
brute force auditing programs in the linux community that work
in conjunction with a firewall or real-time facility to place
bans.
This How-To will show you how to install BFD on your Linux
Server to prevent and monitor brute force hack attempts.
This software like some others has requirements. You must be
running APF / Advanced Policy Firewall[/color][/url] for Brute
Force Detection to work.
1. Login to your server via SSH as Root.
2. Type: wget
http://www.rfxnetworks.com/downloads/bfd-current.tar.gz
3. Type: tar -xvzf bfd-current.tar.gz
4. Type: cd bfd*
5. Now let's install BFD onto the server. Type: ./install.sh
:: You Should See :: .: BFD installed Install path:
/usr/local/bfd Config path: /usr/local/bfd/conf.bfd Executable
path: /usr/local/sbin/bfd
6. Now we need to edit the configuration file, and set some
options. Don't worry the BFD Configuration isn't hard to edit or
understand! Type: pico -w /usr/local/bfd/conf.bfd
7. Now we need to find the line to edit: Press: CTRL-W Type:
ALERT_USR Change ALERT_USR="0" TO ALERT_USR="1" Right below that
we need to change the email: Change EMAIL_USR="root" TO
EMAIL_USR="you@yoursite.com"
8. That wasn't to bad let's save and exit the file Press: CTRL-X
then type Y then hit enter
9. Now we have to prevent locking yourself out of the server.
Type: pico -w /usr/local/bfd/ignore.hosts
10. Add any IP address that you want to be ignored from the
rules. If your server provider is doing monitoring add their
IP(s) here. Since you need these IPs open in APF as well you can
copy the IPs you used in APF. Type: pico -w
/etc/apf/allow_hosts.rules Then scroll down to the bottom and
copy those IPs (drag mouse over that's it) Press: CTRL-X Type:
pico -w /usr/local/bfd/ignore.hosts Paste those IPs to the
bottom. You should also add your home IP if you hadn't done so
before. If your home IP is dynamic this is not a good idea, and
you should get a static IP. Press: CTRL-X then Y to save then
enter.
11. Now lets run BDF!!! Type: /usr/local/sbin/bfd -s
Original:
http://www.ukwebmasterforums.com/t4911-install-bfd-brute-force-de
tection.html
Web Hosting UK
(http://www.session9.co.uk/ )
Webmaster
Forums ( http://www.ukwebmasterforums.com/ )
Web
Hosting Affiliate (
http://www.session9.co.uk/web-hosting-affiliate/ )
Domain Reseller (
http://www.domainvendor.co.uk/ )