Brute Force Detection

hrdedicated
Site Admin
Posts: 50
Joined: Thu May 30, 2013 10:28 pm

Brute Force Detection

Postby hrdedicated » Sat Jun 01, 2013 12:17 pm

Brute Force Detection
Introduction:

BFD is a modular shell script for parsing application logs and checking for authentication failures. It does this using a rules system where application specific options are stored including regular expressions for each unique auth format. The regular expressions are parsed against logs using the sed tool (stream editor) which allows for excellent performance in all environments. In addition to the benefits of parsing logs in a single stream with sed, BFD also uses a log tracking system so logs are only parsed from the point which they were last read. This greatly assists in extending the performance of BFD even further as we are not constantly reading the same log data. The log tracking system is compatible with syslog/logrotate style log rotations which allow it to detect when rotations have happened and grab log tails from both the new log file and the rotated log file.

Installation:

1. SSH into server and login as root.

2. cd /root/download

Download the tar file

3. wget http://www.rfxnetwor...-current.tar.gz

4. untar it

tar -xvzf bfd-current.tar.gz

5. cd bfd*

6. run: ./install.sh
After BFD has been installed, you need to edit the configuration file.
7 vi /usr/local/bfd/conf.bfd

8. Under Enable brute force hack attempt alerts:
Find
alert_USR=0
and change it to
alert_USR=1
Find
EMAIL_USR=root
and change it to
EMAIL_USR=your@email.com
Save the changes then exit.
To start BFD
9. At command prompt type: /usr/local/sbin/bfd –s

Installation Complete

Return to “Hostripples dedicated Servers (Linux/Windows)”

Who is online

Users browsing this forum: No registered users and 2 guests