Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Hosting Security and Technology Tutorials : Install BFD (Brute Force Detection)

[hiwd]

What is Brute Force Detection? (BFD)
BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the linux community that work in conjunction with a firewall or real-time facility to place bans.

This How-To will show you how to install BFD on your Linux Server to prevent and monitor brute force hack attempts.

This software like some others has requirements. You must be running APF / Advanced Policy Firewall for Brute Force Detection to work.

1. Login to your server via SSH as Root.

2. Type: wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz

3. Type: tar -xvzf bfd-current.tar.gz

4. Type: cd bfd*

5. Now let's install BFD onto the server.
Type: ./install.sh

:: You Should See ::
.: BFD installed
Install path: /usr/local/bfd
Config path: /usr/local/bfd/conf.bfd
Executable path: /usr/local/sbin/bfd

6. Now we need to edit the configuration file, and set some options.
Don't worry the BFD Configuration isn't hard to edit or understand!
Type: pico -w /usr/local/bfd/conf.bfd

7. Now we need to find the line to edit:
Press: CTRL-W
Type: ALERT_USR
Change ALERT_USR="0" TO ALERT_USR="1"
Right below that we need to change the email:
Change EMAIL_USR="root" TO EMAIL_USR="you@yoursite.com"

8. That wasn't to bad let's save and exit the file
Press: CTRL-X then type Y then hit enter

9. Now we have to prevent locking yourself out of the server.
Type: pico -w /usr/local/bfd/ignore.hosts

10. Add any IP address that you want to be ignored from the rules. If your server provider is doing monitoring add their IP(s) here. Since you need these IPs open in APF as well you can copy the IPs you used in APF.
Type: pico -w /etc/apf/allow_hosts.rules
Then scroll down to the bottom and copy those IPs (drag mouse over that's it)
Press: CTRL-X
Type: pico -w /usr/local/bfd/ignore.hosts
Paste those IPs to the bottom. You should also add your home IP if you hadn't done so before. If your home IP is dynamic this is not a good idea, and you should get a static IP.
Press: CTRL-X then Y to save then enter.

11. Now lets run BDF!!!
Type: /usr/local/sbin/bfd -s

[hnj81]

Hi Hiwd

How we add an ip to ban list?

Can I please get a linux command


thanks

[hiwd]

Type the following in ssh

vi /etc/apf/deny_hosts.rules

Just add the IP address and save it and that's it.

[hnj81]

thanks for the reply

Do you know how to save?

CTRL X is not working

andy other command I can use?

thanks

[hiwd]

Sorry,

Type

nano /etc/apf/deny_hosts.rules

Ctrl X should work there.

Regards,
HIWD.

[hnj81]

Hi Buddy:

I have added the ips do I have to run any sort of command to execute or just leave it...

thanks

[hiwd]

I guess you also have APF installed? If so, you will need to restart it. Run the below command:

service apf restart

[hnj81]

thanks for your help...

[hiwd]

No problem at all, glad I could help

Regards,
HIWD

[MyLOCA]

It's works on BSD?

[Bilco105]

Quote:

Originally Posted by MyLOCA

It's works on BSD?

No it doesn't.

[hiwd]

No problem, glad you like it.

[OneBinary]

Does BFD need to be manually started every time? Or should we just add the BFD start command to the APF init script?

I finally got APF running, but I'm still running it in Devel mode for the time being. Once I finalize it, I'll install BFD.

[okihost]

Quote:

Originally Posted by chapterthree

Does BFD need to be manually started every time? Or should we just add the BFD start command to the APF init script?

I finally got APF running, but I'm still running it in Devel mode for the time being. Once I finalize it, I'll install BFD.

BFD adds itself to your chkconfig to be started on every reboot when it is installed.

[OneBinary]

Sorry, I should have probably mentioned I'm using Debian...
I had to do some hacking to get APF working on Debian, so I'd imagine some of the same will be required for BFD