Hosting Talk | Web Hosting talk India

Web Hosting   Add Host and Hosting News 

 

Go Back   Hosting Talk | Web Hosting talk India > Web Hosting Main Forums > Hosting Security and Technology > Hosting Security and Technology Tutorials

Ads

Reply
 
Thread Tools Display Modes
  #1  
Old 06-22-2012, 12:07 PM
bullten bullten is offline
Junior Member
 
Join Date: Jun 2012
Posts: 12
Default Use BDF to Protect Server Against BruteForce Attack

BFD is a modular shell script for parsing application logs and checking for authentication failures. It does this using a rules system where application specific options are stored including regular expressions for each unique auth format. The regular expressions are parsed against logs using the ‘sed’ tool (stream editor) which allows for excellent performance in all environments. In addition to the benefits of parsing logs in a single stream with sed, BFD also uses a log tracking system so logs are only parsed from the point which they were last read. This greatly assists in extending the performance of BFD even further as we are not constantly reading the same log data. The log tracking system is compatible with syslog/logrotate style log rotations which allows it to detect when rotations have happened and grab log tails from both the new log file and the rotated log file.

You can leverage BFD to block attackers using any number of tools such as APF, Shorewall, raw iptables, ip route or execute any custom command. There is also a fully customizable e-mail alerting system with an e-mail template that is well suited for every day use or you can open it up and modify it. The attacker tracking in BFD is handled using simple flat text files that are size-controlled to prevent space constraints over time, ideal for diskless devices. There is also an attack pool where trending data is stored on all hosts that have been blocked including which rule the block was triggered by.

In the execution process, there is simply a cron job that executes BFD once every 3 minutes by default. The cronjob can be run more frequently for those that desire it and doing so will not cause any performance issues (no less than once a minute). Although cron execution does not permit BFD to act in real time, the log tracking system ensures it never misses a beat in authentication failures. Further, using cron provides a reliable frame work for consistent execution of BFD in a very simplified fashion across all *nix platforms.

Installation:

Quote:
wget http://www.rfxn.com/downloads/bfd-current.tar.gz
tar zxvf bfd-current.tar.gz
cd bfd-1.4
sh install.sh
The included install.sh will install bfd to the ‘/usr/local/bfd’ path and place a 3-minute cronjob in ‘/etc/cron.d/bfd’. The setup script will also execute an included ‘importconf’ script if you have a
previous version of bfd installed, which will import your previous settings.

Configuration:
The configuration file for BFD is located at ‘/usr/local/bfd/conf.bfd’. The most important option is the TRIG=”" value in conf.bfd as this check number of failed logins before an address is blocked.

Article Source: Install BDF
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 01:35 AM.


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2018, SEO by YABBSEO 1.0 2012, YABSoft.com.