BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the linux community that work in conjunction with a firewall or real-time facility to place bans.

Login to your server through SSH and su to the root user.

1. cd /root/downloads or another temporary folder where you store your files.

2. wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz

3. tar -xvzf bfd-current.tar.gz

4. cd bfd-0.7

5. Run the install file: ./install.sh

You will receive a message saying it has been installed

.: BFD installed

Install path: /usr/local/bfd

Config path: /usr/local/bfd/conf.bfd

Executable path: /usr/local/sbin/bfd

6. Lets edit the configuration file: pico /usr/local/bfd/conf.bfd

7. Enable brute force hack attempt alerts:

Find: ALERT_USR="0" CHANGE TO: ALERT_USR="1"

Find: EMAIL_USR="root" CHANGE TO: EMAIL_USR="your@yourdomain.com"

Save the changes: Ctrl+X then Y

8. Prevent locking yourself out!

pico -w /usr/local/bfd/ignore.hosts and add your own trusted IPs

Eg: 192.168.1.1

Save the changes: Ctrl+X then Y

BFD uses APF' cli insert feature and as such will override any allow_hosts.rules entries users have in-place. So be sure to add your trusted ip addresses to the ignore file to prevent locking yourself out.

9. Run the program!

/usr/local/sbin/bfd -s

10. Customize your applicatoins brute force configuration

Check out the rules directory in your /usr/local/bfd