BFD ( Brute Force Detection) rules for Debian Lenny.

To: debian-user <debian-user@lists.debian.org>
Subject: BFD ( Brute Force Detection) rules for Debian Lenny.
From: Israel Garcia <igalvarez@gmail.com>
Date: Sat, 26 Sep 2009 21:15:40 -0500
Message-id: <[🔎] 194a2c240909261915w27ef370dye68fced99c63a8a1@mail.gmail.com>

I've  downloaded BFD (Brute Force Detection) from
http://www.rfxn.com/?page_id=51 and installed on a debian lenny server
and every seems to be working fine, BFD is working with APF and there
are a lot of scanning IPs  blocked in /etc/apf/deny_hosts.rules file.
BUT, there're a lot failed authentication IPs address  that BFD does
not see. I think it's a config problem the sshd rule. This is sshd BFD
rule I'm using:

REQ="/usr/sbin/sshd"

if [ -f "$REQ" ]; then
 LP="$AUTH_LOG_PATH"
 TLOG_TF="sshd"
 TMP="/usr/local/bfd/tmp"

 ## SSHD
 ARG_VAL=`$TLOG_PATH $LP $TLOG_TF | sed -e 's/::ffff://' | grep -E
'[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | sed -n -e '/sshd/s/.*user \(.*\)
from \([^ ]*\).*/\2:\1/p'`
fi

I've searched google and I'm unable to find new BFD rules of using Debian lenny.
My question is:

Does anybody has a new BFD sshd rule for Debian lenny?

-- 
Regards;
Israel Garcia

Reply to:

Follow-Ups:
- Re: BFD ( Brute Force Detection) rules for Debian Lenny.
  - From: Volkan YAZICI <yazicivo@ttmail.com>

Prev by Date: Re: Re (2): configuring xserver [Solved]
Next by Date: Re: Mini 10v
Previous by thread: lenny, alsa source code, cupsd hang, failed to initialize hal
Next by thread: Re: BFD ( Brute Force Detection) rules for Debian Lenny.
Index(es):
- Date
- Thread