BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the Linux community that work in conjunction with a firewall or real time facility to place bans. To use BFD you must install APF Firewall first.
wget http://www.r-fx.ca/downloads/bfd-current.tar.gz tar –zxvf bfd-current.tar.gz cd bfd-0.9
After the installation is complete you will receive a message saying it has been installed. Next configure the firewall:
Find the following lines and replace them with your details: # Enable/disable user alerts [0 = off; 1 = on] ALERT_USR=”1″ # # User alert email address EMAIL_USR=”email@example.com” # # User alert email; subject SUBJ_USR=”Brute Force Warning for $HOSTNAME” #
Now you should put your ip address to allow hosts so you will not accidentally lock yourself out.
vi /usr/local/bfd/ignore.hosts and put your ip address.