Install BFD(Brute Force Detector)
To install BFD(Brute Force Detector) , apf is required, Login to ssh as root and type
wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz
tar -xvzf bfd-current.tar.gz
cd bfd*
./install.sh
You should now see the following
BFD Installed
Install path: /usr/local/bfd
Config path: /usr/local/bfd/conf.bfd
Executable path: /usr/local/sbin/bfd
This means BFD has been installed but we still have to configure it.
nano /usr/local/bfd/conf.bfd
Now we need to find the line to edit:
Press: CTRL-W
Type: ALERT_USR
Change ALERT_USR="0" TO ALERT_USR="1"
Right below that we need to change the email:
Change EMAIL_USR="root" TO EMAIL_USR="you@yoursite.com"
Let's save and exit the file
Press: CTRL-X then type Y then hit enter
Now we have to prevent locking yourself out of the server.
nano /usr/local/bfd/ignore.hosts
Add any IP address that you want to be ignored from the rules.
If your server provider is doing monitoring add their IP(s) here.
Since you need these IPs open in APF as well you cancopy the IPs you used in APF
nano /etc/apf/allow_hosts.rules
Then scroll down to the bottom and copy those IPs (drag mouse over that's it)
Press: CTRL-X
nano /usr/local/bfd/ignore.hosts
Paste those IPs to the bottom. You should also add your home IP if you hadn't done so before.
If your home IP is dynamic this is not a good idea, and you should get a static IP.
Press: CTRL-X then type Y then hit enter
Now lets run BDF!!!
/usr/local/sbin/bfd -s
Brute Force Detector should now be installed and ready to protect your server, you will receive emails upon brute force attacks, BFD will "auto-block" the ips temporarily for you to investigate, please remember Brute Force Detector only works along-side APF Firewall
|
|