May 17, 2010

Brute Force Detection-BFD

Brutal force means attempting to login-in without knowing user-name or password. This kind of attempt can be avoided in Linux-based servers by using BFD-Brute Force Detection.
In linux, by default there is no brute force detection method for checking log-in or authentication failures. So we must install and configure an application called BFD. BFD is a shell script based application used for checking log-in and authentication failures. Installing and configuring BFD is very easy, because BFD has a file based configuration like other applications in Linux.
The installation and configuration of BFD is given in following steps:
To install and make BFD to work, you must have APF-Advaced Policy Firewall in Your Linux server (for information about APF,please refer the scrap Advaced Policy Firewall-APF)
1. Login to your server as Root.
2. Dowload the BFD form the following URL:
3. Unzip the downloaded file bfd-current.tar.gz
4.To install BFD onto the server.
Type: ./
5. Now BFD is installed in your server.
Install path of BFD is: /usr/local/bfd
Configuration file of BFD is: /usr/local/bfd/conf.bfd
Executable path of BFD is: /usr/local/sbin/bfd
6. To make BFD to work, edit the cofiguration file of BFD
Type: vi /usr/local/bfd/conf.bfd
7.Now we need to find the line to edit:
Press: insert key
Right below that we need to change the email:
Change EMAIL_USR="root" TO EMAIL_USR="
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
"(give your mail-id here)
To save and exit from the configuration file Press: Esc and type :wq! ,
8. Now we have to prevent locking yourself out of the server.
Type: vi /usr/local/bfd/ignore.hosts
(In this file add any IP address that you want to be ignored from the rules).
9.To igore the IPs,that are allowed in APF form the BFD rules,copy the IPs form /etc/apf/allow_hosts.rules and past it in the /usr/local/bfd/ignore.hosts.
10. Run BDF by usin the following command:
/usr/local/sbin/bfd -s

For more @

Click Here!