Install BFD - Brute Force Detection
(No Ratings Yet)
Loading ...
What is BFD?
BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the linux community that work in conjunction with a firewall or real-time facility to place bans.
Install instructions
Please note that you must have APF installed before you install BFD. The installation guide for APF is located here.
- Download and extract BFD
- Move to the extracted directory
- Run the installer
- Edit the configuration files
wget http://www.r-fx.ca/downloads/bfd-current.tar.gz
gzip -d bfd-current.tar.gz
tar -xf bfd-current.tar
cd bfd-0.9/
./install.sh
After the installer runs you should see something like
BFD installed
Install path: /usr/local/bfd
Config path: /usr/local/bfd/conf.bfd
Executable path: /usr/local/sbin/bfd
pico /usr/local/bfd/conf.bfd
The only things that I suggest changing are:
- ALERT_USR=”0″ to ALERT_USR=”1″
- EMAIL_USR=”root” to EMAIL_USR=”you@domain.com”
BFD works by running a cron every 5 minutes to check for login attempts. You can customize the rules used for any of the monitored services by editing the appropriate rule located in /usr/local/bfd/rules
If you have any questions about BFD please leave a comment and I will try to answer each and every question.
If you enjoyed this post, make sure you subscribe to my RSS feed!
- September 11th
Hi.
I get a lot of Brute Force warnings on my server via SSH. Can you tell how to stop them by limiting unsuccessful login attempts to certain number (three), after which the attacker would get banned.
Thanks
Hi,
I would recommend change your ssh port from 22 to something else like 2995 that will stop this problem.
Make sure that you update your firewall to allow for the new ssh port.