How to install BFD (Brute Force Detection)

From Acenet Knowledgebase
Revision as of 14:35, 28 September 2012 by Docs admin (talk | contribs) (test)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Hello,


In this guide, we will go over how to install and configure Brute Force Detection.
(BFD) Please note that BFD *requires* that you
have the Advanced Policy Firewall (APDF) installed to work, so be sure to check out
our install guide for that aswell.

The first step is to login to the root shell accoutn of your server. Then, run these
commands:


wget http://www.r-fx.ca/downloads/bfd-current.tar.gz
tar -xzf bfd-current.tar.gz; rm -f bfd-current.tar.gz
cd bfd-*
sh ./install.sh



Once that is done, we need to configure the program. The config file is located
here: /usr/local/bfd/conf.bfd
You can open it with your favorite text editor, but we recommend nano.

nano /usr/local/bfd/conf.bfd



There are a few options that we need to set in here. First up is TRIG. TRIG places
the limit on how many times an IP must attempt to
login before it is blocked. We recommend a reasonable number, around 10. Too low and
users may get blocked in error, and too high and
you will not block anyone.

The next option is EMAIL_ALERTS. This lets you control whether or not you want to be
notified every time a user gets blocked. This is
generally a good idea, but if you have a great deal of accounts in your server it
can generate a lot of emails so it might be a good
idea to create an email account solely for this purpose.

Next is the EMAIL_SUBJECT option. This lets you control the subject of the email
alert, which is particularly useful to filter incoming emails.

The last variable that we need to look at is the BAN_COMMAND. 9 times out of 10 this
should be left alone. By default, it will automatically
add the attacker to the APF firewall and block them. If you use a different
firewall, or would like a different command to be run, this can be
changed.

Last but not least, we need to add your IP and those of that you trust into the
ignore.hosts file. This will ensure that you do not accidentally
lock yourself out while administrating your server. You can do this by opening up
ignore.hosts in your favorite text editor.

nano /usr/local/bfd/ignore.hosts

Once the file is open, simply add a new IP on each line for each computer you want
to whitelist. Save the file, and you are done!