Loading

Sunday, December 6, 2009

Installing & Configuring Brute Force Detection on Linux


BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the Linux community that work in conjunction with a firewall or real time facility to place bans. To use BFD you must install APF Firewall first.

Download BFD:
wget http://www.r-fx.ca/downloads/bfd-current.tar.gz
tar –zxvf bfd-current.tar.gz
cd bfd-0.9
After the installation is complete you will receive a message saying it has been installed.
Next configure the firewall:
vi /usr/local/bfd/conf.bfd
Find the following lines and replace them with your details:
# Enable/disable user alerts [0 = off; 1 = on]
ALERT_USR=”1″
#
# User alert email address
EMAIL_USR=”your@mail.com”
#
# User alert email; subject
SUBJ_USR=”Brute Force Warning for $HOSTNAME”
#
Now you should put your ip address to allow hosts so you will not accidentally lock yourself out.
vi /usr/local/bfd/ignore.hosts and put your ip address.
Now it is ready to start the BFD system:
/usr/local/sbin/bfd –s

No comments:

Post a Comment