Installing & Configuring Brute Force Detection on Linux

BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the Linux community that work in conjunction with a firewall or real time facility to place bans. To use BFD you must install APF Firewall first.
Download BFD:

wget http://www.r-fx.ca/downloads/bfd-current.tar.gz
tar –zxvf bfd-current.tar.gz
cd bfd-0.9

After the installation is complete you will receive a message saying it has been installed.
Next configure the firewall:

vi /usr/local/bfd/conf.bfd

Find the following lines and replace them with your details:
# Enable/disable user alerts [0 = off; 1 = on]
ALERT_USR=”1″
#
# User alert email address
EMAIL_USR=”your@mail.com”
#
# User alert email; subject
SUBJ_USR=”Brute Force Warning for $HOSTNAME”
#
Now you should put your ip address to allow hosts so you will not accidentally lock yourself out.

vi /usr/local/bfd/ignore.hosts and put your ip address.

Now it is ready to start the BFD system:

/usr/local/sbin/bfd –s

Leave a Reply

Your email address will not be published. Required fields are marked *