BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the linux community that work in conjunction with a firewall or real-time facility to place bans.
Note: BFD default configuration is designed to work in conjunction with APF versions 0.9.3+.
Installation:
Login as root to your server.
Change to directory /usr/local/src: cd /usr/local/src
Download the BFD tar file from RFXnetworks.com: wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz
Untar the BFD tar file: tar -xvzf bfd-current.tar.gz
Change to BFD source directory: cd /usr/local/src/bfd
Install BFD. The files will be installed in /usr/local/bfd ./install.sh
Change to directory /usr/local/bfd cd /usr/local/bfd
Edit configuration conf.bfd vi conf.bfd --- Set the following configuration: ALERT_USR="1" EMAIL_USR="
" ---
An ignore file is present at '/usr/loca/bfd/ignore.hosts'; this is a line seperated file to place hosts into that you would like to be ignored for authentication failures.
BFD Usage:
This program may be freely redistributed under the terms of the GNU GPL
usage: /usr/local/sbin/bfd [OPTION]
-s|--standard ........ run standard with output
-q|--quiet ........... run quiet with output hidden
-a|--attackpool ...... list all addresses that have attacked this host
