How to install BFD (Brute Force Detection): Difference between revisions

From Acenet Knowledgebase
Jump to navigation Jump to search
test
 
No edit summary
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
<html>Hello,<br /> <br /> <br /> In this guide, we will go over how to install and configure Brute Force Detection.<br /> (BFD) Please note that BFD *requires* that you<br /> have the Advanced Policy Firewall (APDF) installed to work, so be sure to check out<br /> our install guide for that aswell. <br /> <br /> The first step is to login to the root shell accoutn of your server. Then, run these<br /> commands:<br /> <br /> <strong><br /> wget http://www.r-fx.ca/downloads/bfd-current.tar.gz<br /> tar -xzf bfd-current.tar.gz; rm -f bfd-current.tar.gz<br /> cd bfd-*<br /> sh ./install.sh<br /> </strong><br /> <br /> <br /> Once that is done, we need to configure the program. The config file is located<br /> here: /usr/local/bfd/conf.bfd <br /> You can open it with your favorite text editor, but we recommend nano.<br /> <strong><br /> nano /usr/local/bfd/conf.bfd<br /> </strong><br /> <br /> <br /> There are a few options that we need to set in here. First up is TRIG. TRIG places<br /> the limit on how many times an IP must attempt to <br /> login before it is blocked. We recommend a reasonable number, around 10. Too low and<br /> users may get blocked in error, and too high and<br /> you will not block anyone.<br /> <br /> The next option is EMAIL_ALERTS. This lets you control whether or not you want to be<br /> notified every time a user gets blocked. This is <br /> generally a good idea, but if you have a great deal of accounts in your server it<br /> can generate a lot of emails so it might be a good <br /> idea to create an email account solely for this purpose.<br /> <br /> Next is the EMAIL_SUBJECT option. This lets you control the subject of the email<br /> alert, which is particularly useful to filter incoming emails.<br /> <br /> The last variable that we need to look at is the BAN_COMMAND. 9 times out of 10 this<br /> should be left alone. By default, it will automatically<br /> add the attacker to the APF firewall and block them. If you use a different<br /> firewall, or would like a different command to be run, this can be <br /> changed.<br /> <br /> Last but not least, we need to add your IP and those of that you trust into the<br /> ignore.hosts file. This will ensure that you do not accidentally<br /> lock yourself out while administrating your server. You can do this by opening up<br /> ignore.hosts in your favorite text editor.<br /> <strong><br /> nano /usr/local/bfd/ignore.hosts<br /> </strong><br /> Once the file is open, simply add a new IP on each line for each computer you want<br /> to whitelist. Save the file, and you are done!</html> [[Category:BFD (Brute Force Detection)]]
In this guide, we will go over how to install and configure Brute Force Detection (BFD).
 
{{note|BFD requires that you have the Advanced Policy Firewall (APF) installed to work, so be sure to check out our install guide for that as well. You can view our APF install guide here:
 
[[How to Install APF]]}}
 
[1] Login to your server via SSH as root.  
 
[2] Download and install BFD
 
<syntaxhighlight lang="bash">
wget http://www.r-fx.ca/downloads/bfd-current.tar.gz
tar -xzf bfd-current.tar.gz
rm -f bfd-current.tar.gz
cd bfd-*
sh ./install.sh
</syntaxhighlight>
 
[3] Open the BFD configuration file to configure the service. Open the BFD configuration file with your favorite text editor  
 
<pre>/usr/local/bfd/conf.bfd</pre>
 
There are a few options that we need to set in here. First up is TRIG. TRIG places the limit on how many times an IP must attempt to login before it is blocked. We recommend a reasonable number, around 10. Too low and users may get blocked in error, and too high and you will not block anyone.
 
The next option is EMAIL_ALERTS. This lets you control whether or not you want to be notified every time a user gets blocked. This is generally a good idea, but if you have a great deal of accounts in your server it can generate a lot of emails so it might be a good idea to create an email account solely for this purpose.
 
Next is the EMAIL_SUBJECT option. This lets you control the subject of the email alert, which is particularly useful to filter incoming emails. The last variable that we need to look at is the BAN_COMMAND. 9 times out of 10 this should be left alone. By default, it will automatically add the attacker to the APF firewall and block them. If you use a different firewall, or would like a different command to be run, this can be changed.
 
Last but not least, we need to add your IP and those of that you trust into the ignore.hosts file. This will ensure that you do not accidentally lock yourself out while administrating your server. You can do this by opening up:
 
<pre>/usr/local/bfd/ignore.hosts</pre>
 
in your favorite text editor.
 
Once the file is open, simply add a new IP on each line for each computer you want to whitelist. Save the file, and you are done!
 
[[Category:BFD (Brute Force Detection)]]

Latest revision as of 07:34, 25 January 2013

In this guide, we will go over how to install and configure Brute Force Detection (BFD).

BFD requires that you have the Advanced Policy Firewall (APF) installed to work, so be sure to check out our install guide for that as well. You can view our APF install guide here: How to Install APF

[1] Login to your server via SSH as root.

[2] Download and install BFD

<syntaxhighlight lang="bash"> wget http://www.r-fx.ca/downloads/bfd-current.tar.gz tar -xzf bfd-current.tar.gz rm -f bfd-current.tar.gz cd bfd-* sh ./install.sh </syntaxhighlight>

[3] Open the BFD configuration file to configure the service. Open the BFD configuration file with your favorite text editor

/usr/local/bfd/conf.bfd

There are a few options that we need to set in here. First up is TRIG. TRIG places the limit on how many times an IP must attempt to login before it is blocked. We recommend a reasonable number, around 10. Too low and users may get blocked in error, and too high and you will not block anyone.

The next option is EMAIL_ALERTS. This lets you control whether or not you want to be notified every time a user gets blocked. This is generally a good idea, but if you have a great deal of accounts in your server it can generate a lot of emails so it might be a good idea to create an email account solely for this purpose.

Next is the EMAIL_SUBJECT option. This lets you control the subject of the email alert, which is particularly useful to filter incoming emails. The last variable that we need to look at is the BAN_COMMAND. 9 times out of 10 this should be left alone. By default, it will automatically add the attacker to the APF firewall and block them. If you use a different firewall, or would like a different command to be run, this can be changed.

Last but not least, we need to add your IP and those of that you trust into the ignore.hosts file. This will ensure that you do not accidentally lock yourself out while administrating your server. You can do this by opening up:

/usr/local/bfd/ignore.hosts

in your favorite text editor.

Once the file is open, simply add a new IP on each line for each computer you want to whitelist. Save the file, and you are done!