Brute Force Detection

From Lunarpages Web Hosting Wiki

Brute Force Detection (BFD) is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the linux community that work in conjunction with a firewall or real-time facility to place bans.

To download and install BFD, SSH to your server and go to a directory where you can store some files. If you don't have one do:

[root@office root]# mkdir /usr/local/downloads
[root@office root]# cd /usr/local/downloads
[root@office downloads]# lynx

Hit "d" for download, then hit "enter" (2 times) to save the file to disk, hit "q" to quit lynx.

[root@office downloads]# ls
[root@office downloads]# tar -xvzf bfd-current.tar.gz
[root@office downloads]# cd bfd-0.8
[root@office bfd-0.8]# ./
Install path: /usr/local/bfd
Config path: /usr/local/bfd/conf.bfd
Executable path: /usr/local/sbin/bfd
[root@office bfd-0.8]#vi /usr/local/bfd/conf.bfd
#change this option to "1" if you want to receive an alert e-mail:
# Enable/disable user alerts [0 = off; 1 = on]
# User alert email address
#change this to the binary of APF:
BCMD="/usr/local/sbin/apf -d $ATT_HOST {bfd.$MOD}"

Leave all other options as they are.

Do a "shift zz" to save the file.

Now it's time to fire up BFD:

[root@office bfd-0.8]# /usr/local/sbin/bfd -s
BFD version 0.8
Copyright (C) 1999-2004, R-fx Networks
Copyright (C) 2004, Ryan MacDonald
This program may be freely redistributed under the terms of the GNU GPL
[root@office bfd-0.8]#