How to install BFD (Brute Force Detection)

Discussion in 'Tips/Tricks/Mods' started by domino, Sep 30, 2005.

  1. domino

    domino New Member

    What is BFD (Brute Force Detection)?

    BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the linux community that work in conjunction with a firewall or real-time facility to place bans. BFD is available at: http://www.rfxnetworks.com/bfd.php

    How-To: http://www.webhostgear.com/60.html
     
    domino, Sep 30, 2005
    #1
  2. badben

    badben ISPConfig Developer ISPConfig Developer

    This may seem like a daft question but is this compatible with ISP Config.

    I am very new, embarasingly so, to linux and servers and do not want to destroy my current setup but this sounds like a very good idea security wise.

    Ben
     
    badben, Oct 17, 2005
    #2
  3. falko

    falko Super Moderator ISPConfig Developer

    I don't see why it shouldn't be compatible with ISPConfig. :) As far as I understand, it's just a shell script that parses log files for attempted attacks.
     
    falko, Oct 17, 2005
    #3
  4. domino

    domino New Member

    APF and BFD (BFD needs APF to work) runs completly independent from ISPConfig. You may install it without worrying about breaking IPFC. You just have to turn off the firewall option in ISPC Control Panel before installing APF and BFD. Please do read the MAN pages and look at example config files so that you dont lock youself out.
     
    domino, Oct 17, 2005
    #4
  5. badben

    badben ISPConfig Developer ISPConfig Developer

    Thanks.

    Ben
     
    badben, Oct 17, 2005
    #5
  6. Ovidiu

    Ovidiu Active Member

    one more question:

    I started using apf with the ad and bfd modules, yet I still see entries like these in my logfiles:

    shouldn't bfd take care of these or am I wrong?
     
    Ovidiu, Mar 12, 2006
    #6
  7. falko

    falko Super Moderator ISPConfig Developer

    falko, Mar 12, 2006
    #7
  8. Ovidiu

    Ovidiu Active Member

    as I have understood it bfd (=brute force detection) should take care of brute force attacks against any port and any service...

    for ssh atacks I already run fail2ban which takes care of those - at least it should :) I was just wondering why I see no action from bfd...
     
    Ovidiu, Mar 12, 2006
    #8
  9. bwrob

    bwrob New Member

    I run shorewall firewall with a rule like
    ACCEPT net $FW tcp 22 - - 1/min:2
    Means, one can log only twice in one min.
    That seems to work they go away.
    bob
     
    Last edited: Mar 17, 2006
    bwrob, Mar 17, 2006
    #9
  10. JLChafardet

    JLChafardet New Member

    It does, but only if you have APF runing. if you have APF runing in DEVEL mode it will flush rules every 5 mins, so isnt of much use this way.
     
    JLChafardet, Mar 31, 2006
    #10

Share This Page