[oclug] BFD (was more ssh security questions)
oclug at raj.homelinux.com
Sat Feb 5 10:33:26 EST 2005
I've lost the original thread where I originally asked the question
about imposing a host lockout on more than a few failed ssh login
attempts, so here's a new one :)
Brian suggested bfd (http://rfxnetworks.com/bfd.php) which I finally got
around to installing. He asked for feedback, so here is it: Installing
it was pretty straightforward, though I had to dive into the scripts and
change the log file from the default /var/log/messages to
/var/log/secure for it to work correctly. I also changed the command to
block using IPTABLES with DROP instead of the default afp. Works like
a charm and I'm happy.
As a bonus, it also checks imap,apache, pop and a couple of other logs
as well for failures, blocking out those hosts too after a set number of
The only drawback is that quite a bit of the configuration is spread out
(in the rules file) and the documentation is pretty sketchy.. but its a
bunch of shell scripts, easy enough to figure out.
Thanks for pointing me to this script Brian.
More information about the OCLUG