A malicious person will often use brute force attack to try to get access to one of your accounts (web server, ftp, e-mail, ssh, etc.). It is very important to detect and block persons or scripts before they discover valid login information from services mentioned above. For that purpose we can use BFD (Brute Force Detection) script. BFD will keep track of failed login attempts and block source IP address in iptables firewall if there is to many failed logins from one IP address. This tutorial explains how you can install BFD on CentOS 5.11 and CentOS 6.7, 32 and 64 Bit OS versions.
Now we will download, extract and install BFD:
wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz && tar -zxvf bfd-current.tar.gz && cd bfd-* && ./install.sh 1 wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz && tar -zxvf bfd-current.tar.gz && cd bfd-* && ./install.sh You can edit BFD config file on location /usr/local/bfd/conf.bfd If you have or you plan to install APF firewall on your server leave BFD config file as it is. Edit BFD config file /usr/local/bfd/conf.bfd if you do not have APF installed and comment following line:
BAN_COMMAND="/etc/apf/apf -d $ATTACK_HOST {bfd.$MOD}" 1 BAN_COMMAND="/etc/apf/apf -d $ATTACK_HOST {bfd.$MOD}" and add following line: BAN_COMMAND=”/sbin/iptables -I INPUT -p tcp -s $ATTACK_HOST -j DROP”. Finally your config file will look like this:
#BAN_COMMAND="/etc/apf/apf -d $ATTACK_HOST {bfd.$MOD}" BAN_COMMAND="/sbin/iptables -I INPUT -p tcp -s $ATTACK_HOST -j DROP" 1 2 #BAN_COMMAND="/etc/apf/apf -d $ATTACK_HOST {bfd.$MOD}" BAN_COMMAND="/sbin/iptables -I INPUT -p tcp -s $ATTACK_HOST -j DROP"