Menu
NullMind's Lair
  • Home
  • Statue Collection
  • Jacket Collection
  • Contact
  • Archives
  • About
NullMind's Lair

Brute Force Detection (Linux/BSD)

Posted on February 3, 2005 by NullMind

Rob from HSpherePackages.com just release a nice BFD script, which allows for automatic banning of the attacking IP

The script can work both in Linux and FreeBSD (probably can work on other flavors of BSD as well)

I keep a mirrored copy for download [HERE]

Read more for instructions

Here is the post he made when he released it .. including instructions/info:

Installation:
1) Download the package
2) untar/gzip the package
3) change directories to the untared dir
4) run the installation script (eg: ./install)
5) read the questions and answer them
6) setup a crontab for the system. the name of the binary is hspherebfd.

My Mini F.A.Q.:

Q: Has this been tested on freebsd and linux?
A: Yes! I have tested it on freebsd and our very own Carlos and Tracy have tested the system on linux. None of these systems needed any modifications to the scripts to work.

Q: What does the script cost?
A: I am releasing it for free. I normally charge for my scripts/software via hspherepackages.com however this one is going to be free.

Q: Why is it free?
A: because i feel like it. Sounds good doesnt it?

Q: Who is going to support it?
A: no one. I will write more rule files as I see a need for them and hope others will too. Its a simple script and shouldn’t need much support. If you have a question, ask the community here I am sure someone else has tried it and is willing to answer.

Q: Where can I get the software?
A: Keep reading. I will eventually post it on hspherepackages.com as a free package however I don’t have the time now. Not a high priority. When it is posted on hspherepackages.com I will write a manual page for it too.

Q: Who can I call when I lock myself out of my server?
A: Someone besides me. Be careful with the auto blocking as you *CAN* lock yourself out if you are not careful. There is a whitelist file, you might want to add your IP in there to be safe.

Q: What should my crontab look like?
A: Ugh. This depends on how often you want the system to check. The default in the rules files is 5 failures before a person is concidered an attacker. So if you wanted it to be 5 failures in 1 minute it would look something like this:
* * * * * /usr/local/bin/hspherebfd >> /dev/null

The config File:

$instdir – The installation directory for the configuration. Everything (except the binary/script if you installed it elsewhere) should be in this DIR.

$rules – The directory where the rules are stored. Don’t touch it as it probably is correct.

$excluded – the path to the file that contains the whitelist of IP’s that the system will*NOT* block.

$notify – set to “1” to recieve emails when the system finds something, set to “0” to turn the emails off.

$email – The email address to send the emails too.

$autoblock – Turn on the firewall autoblocking? 0 = no and 1 = yes.

$block_cmd – The command to run if autoblocking is turned on. The work “attacker” will be replaced with the attackers IP address.

$email_subject – The subject of the email when it is sent.

for an IPTABLES based setup, I personally changed the $block_cmd to:

$block_cmd=”iptables -I INPUT -s attacker -j DROP”;

To make it work on a non Hsphere server, you will have to edit the error_log (apache) path on /%cfgpath/bfd/rules/apache

Related

2 thoughts on “Brute Force Detection (Linux/BSD)”

  1. Bashar Al-Abdulhadi says:
    July 9, 2005 at 9:11 am

    i tried the command ‘ipfw table 1 add xxx.xxx.xxx.xxx’ manually to see if it works under freebsd 4.11 but seems it doesn’t work (working fine under freebsd 5.3)

    any idea if its possible to customize the bfd.conf to make it work?

    Thanks for the great work!

  2. Kapil says:
    April 19, 2006 at 7:30 pm

    The command is “ipfw add 1 xxx.xxx.xxx.xxx”

    Greets
    Kapil

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Carlos Rego – OnApp CVO & Co-Founder

Recent Comments

  • Bob petrusha on Plymouth Prowler
  • Voyager on Tallship Chronicles – Finally !!!
  • Tonny on Wolverine Weapon-X
  • NullMind on Coming Soon – Bullbars
  • Sid James on Coming Soon – Bullbars

Null's Flickr Photos

Відпочинковий комплекс ШепільськаSete CidadesIslamic MuseumBoat in DohaVM-E with 50mm/0.95Double Rainbow
More Photos

Categories

  • Books / Movies (8)
  • Camping (1)
  • Cars (14)
  • Check Ins (69)
  • Computers / Internet (146)
  • Cooking Recipes (2)
  • Family (53)
  • Featured (4)
  • Flights (176)
  • General (107)
  • Models & Statues (42)
  • Photography (276)
  • RC (66)
  • Short Rants (14)
  • Stuff (6)
  • Toonz (24)
  • Trips / Places (36)
  • Uncategorized (247)
  • Vape (3)
  • Voicemails (1)
  • Watches (6)
  • Work (48)

Tag Cloug

1/4 scale 8IGHT-T 8T Azores BSL canon50mmf095 Car Check Ins Copenhagen CPH england Flickr IFTTT Instagram LCY LGW LHR LIS Lisbon london Lviv LWO Marvel PDL Plymouth Prowler Ponta Delgada (Azores) Prowler RC RC NUT sonya7r Statues STN Tattoo Trip Tripit UK2 unitedkingdom VIE Vienna VPS VPS.NET Warsaw WAW Work ¼ Scale

Next Azores Trip

Quick TripFebruary 29, 2020
Going Home to Visit
©2023 NullMind's Lair | Powered by WordPress & Superb Themes