How to install BFD (Brute Force Detection)

In this guide, we will go over how to install and configure Brute Force Detection (BFD).

[1] Login to your server via SSH as root.

[2] Download and install BFD

wget http://www.r-fx.ca/downloads/bfd-current.tar.gz
tar -xzf bfd-current.tar.gz
rm -f bfd-current.tar.gz
cd bfd-*
sh ./install.sh

[3] Open the BFD configuration file to configure the service. Open the BFD configuration file with your favorite text editor

/usr/local/bfd/conf.bfd

There are a few options that we need to set in here. First up is TRIG. TRIG places the limit on how many times an IP must attempt to login before it is blocked. We recommend a reasonable number, around 10. Too low and users may get blocked in error, and too high and you will not block anyone.

The next option is EMAIL_ALERTS. This lets you control whether or not you want to be notified every time a user gets blocked. This is generally a good idea, but if you have a great deal of accounts in your server it can generate a lot of emails so it might be a good idea to create an email account solely for this purpose.

Next is the EMAIL_SUBJECT option. This lets you control the subject of the email alert, which is particularly useful to filter incoming emails. The last variable that we need to look at is the BAN_COMMAND. 9 times out of 10 this should be left alone. By default, it will automatically add the attacker to the APF firewall and block them. If you use a different firewall, or would like a different command to be run, this can be changed.

Last but not least, we need to add your IP and those of that you trust into the ignore.hosts file. This will ensure that you do not accidentally lock yourself out while administrating your server. You can do this by opening up:

/usr/local/bfd/ignore.hosts

in your favorite text editor.

Once the file is open, simply add a new IP on each line for each computer you want to whitelist. Save the file, and you are done!