[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

BFD ( Brute Force Detection) rules for Debian Lenny.

I've  downloaded BFD (Brute Force Detection) from
http://www.rfxn.com/?page_id=51 and installed on a debian lenny server
and every seems to be working fine, BFD is working with APF and there
are a lot of scanning IPs  blocked in /etc/apf/deny_hosts.rules file.
BUT, there're a lot failed authentication IPs address  that BFD does
not see. I think it's a config problem the sshd rule. This is sshd BFD
rule I'm using:


if [ -f "$REQ" ]; then

 ## SSHD
 ARG_VAL=`$TLOG_PATH $LP $TLOG_TF | sed -e 's/::ffff://' | grep -E
'[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | sed -n -e '/sshd/s/.*user \(.*\)
from \([^ ]*\).*/\2:\1/p'`

I've searched google and I'm unable to find new BFD rules of using Debian lenny.
My question is:

Does anybody has a new BFD sshd rule for Debian lenny?

Israel Garcia

Reply to: