Saturday, October 29, 2005

Brute Force Detection - BFD Installation

Installing BFD


wget http://www.r-fx.ca/downloads/bfd-current.tar.gz
gunzip bfd-current.tar.gz
tar -xvf bfd-current.tar
sh install.sh


Here is the installation progress for brute force detection.


.: BFD installed
Install path: /usr/local/bfd
Config path: /usr/local/bfd/conf.bfd
Executable path: /usr/local/sbin/bfd
Imported tracking and options from BFD 0.9 to 0.9.


This is it. Our installation for BFD is complete.
Assuming APF is installed on your system, you are good to go. Just configure bfd and start it. Following is an excerpt of APF (Advanced Policy Firewall) features



- simple and well commented configuration files
- layered firewall with independent ingress and egress filtering system
- uid based egress filtering via simple configuration variables
- global tcp/udp ports & icmp types configurtion
- configurable policies for each ip on the system with convenience vars
- prerouting rules for optimal network responce; TOS (type of service)
- icmp based rate limiting to prevent common icmp 'dos' abuses
- antidos subsystem to stop attacks before they become a significant threat
- dshield.org block list support to ban networks exhibiting suspicious activity
- advanced set of sysctl parameters for tcp/ip stack hardening
- advanced set of filter rules to remove undesired traffic
- advanced use of kernel features such as abort_on_overflow & tcp syncookies
- easy to use firewall managment script
- trust based rule files (allow/deny); with advanced syntax support
- 3rd party addon projects that compliment APF features
- and much more...


To use APF



APF version 0.9.6
Copyright (C) 1999-2004, R-fx Networks
Copyright (C) 2004, Ryan MacDonald
This program may be freely redistributed under the terms of the GNU GPL

usage /usr/local/sbin/apf [OPTION]
-s|--start ......................... load all firewall policies
-r|--restart ....................... stop (flush) & reload firewall rules
-f|--stop........ .................. stop (flush) all firewall rules
-l|--list .......................... list chain rules
-t|--status ........................ firewall status
-a HOST CMT|--allow HOST COMMENT ... add host (IP/FQDN) to allow_hosts.rules and
immediately load new rule into firewall
-d HOST CMT|--deny HOST COMMENT .... add host (IP/FQDN) to deny_hosts.rules and
immediately load new rule into firewall
-u|--unban HOST .................... remove host from [glob_]deny_hosts.rules
and immediately remove rule from firewall
-o|--ovars ......................... output all conifguration options


Modify the crontab (/etc/cron.d/bfd) and setup logging using

/usr/local/sbin/bfd -q >> /var/log/log

. For more information, see Brute force detection

To run brute force detection manually, use

bfd -s




by Frank @ 10:08 PM   0 comments

0 Comments:

Post a Comment

<< Home