Brute Force Detection

BFD -- Brute Force Detection

BFD is a shell script which parses security logs and detects authentication failures. It is a brute force implementation without much complexity, and it works in conjunction with a APF (Advanced Policy-based Firewall).

## Get the latest source and untar.
# cd /usr/src/utils
# wget http://rfxnetworks.com/downloads/bfd-current.tar.gz
# tar xfz bfd-current.tar.gz
# cd bfd-*
# ./install.sh

Read the README file, and edit the configuration file located in /usr/local/bfd/conf.bfd.
Find ALERT="0" and replace it with ALERT="1"
Find EMAIL_USR="root" and replace it with EMAIL_USR="username@yourdomain.com"

Edit /usr/local/bfd/ignore.hosts file, and add your own trusted IPs. BFD uses APF and hence it orverrides allow_hosts.rules, so it is important that you add trusted IP addresses to prevent yourself from being locked out.

## Start the program.
#  /usr/local/sbin/bfd -s

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

URL injections information

URL Injection attacks typically mean the server for which the IP address of the attacker is...

Rootkit help

RootKit -- Spyware and Junkware detection and removal tool Go to Rootkit Hunter homepage, and...

Ddos protection with bandwith shaping

Protecting your host from SYN floods From Alexey's iproute documentation, adapted to netfilter...

Chrootkit help

SSH as admin to your server. DO NOT use telnet, it should be disabled anyways. #Change to rootsu...

Botware / Malware defense

Prevention: Ensure OS and software patches on the desktop are up to date. Disallow...