BFD ( Brute Force Detection) rules for Debian Lenny.
I've downloaded BFD (Brute Force Detection) from
http://www.rfxn.com/?page_id=51 and installed on a debian lenny server
and every seems to be working fine, BFD is working with APF and there
are a lot of scanning IPs blocked in /etc/apf/deny_hosts.rules file.
BUT, there're a lot failed authentication IPs address that BFD does
not see. I think it's a config problem the sshd rule. This is sshd BFD
rule I'm using:
REQ="/usr/sbin/sshd"
if [ -f "$REQ" ]; then
LP="$AUTH_LOG_PATH"
TLOG_TF="sshd"
TMP="/usr/local/bfd/tmp"
## SSHD
ARG_VAL=`$TLOG_PATH $LP $TLOG_TF | sed -e 's/::ffff://' | grep -E
'[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | sed -n -e '/sshd/s/.*user \(.*\)
from \([^ ]*\).*/\2:\1/p'`
fi
I've searched google and I'm unable to find new BFD rules of using Debian lenny.
My question is:
Does anybody has a new BFD sshd rule for Debian lenny?
--
Regards;
Israel Garcia
Reply to: