Advanced Policy Firewall (APF)
Brute Force Detection (BFD)
Has anyone gotten these working under Debian?
I downloaded both and tried to configure them over a period of a couple of days but to no avail.
I can see the BFD cron job runs every 10 minutes but never picks anything up.
I had to adjust the log file that it was looking for for authentication info from /var/log/secure (rh & slackware method) to /var/log/auth.log (debian). Not knowing if pattern.auth in BFD is case sensative I added 'Illegal user', but it still never picked up on anything in my auth.log.
There were other changes that I made in hopes that BFD would react to my log files. It never did.
WIth APF I was able ping flood my server and see that it was working to limit the inbound ICMP packages to 30/sec and that when I manually added myself to it's deny files it would block me. Like with BFD I couldn't get APF to generate an email or take defensive action.
The author doesn't have a timeline on a Debian port for this, but I think that with some other Debian SysAdmin's help we can get this to work.
-bdk
Brute Force Detection (BFD)
Has anyone gotten these working under Debian?
I downloaded both and tried to configure them over a period of a couple of days but to no avail.
I can see the BFD cron job runs every 10 minutes but never picks anything up.
I had to adjust the log file that it was looking for for authentication info from /var/log/secure (rh & slackware method) to /var/log/auth.log (debian). Not knowing if pattern.auth in BFD is case sensative I added 'Illegal user', but it still never picked up on anything in my auth.log.
There were other changes that I made in hopes that BFD would react to my log files. It never did.
WIth APF I was able ping flood my server and see that it was working to limit the inbound ICMP packages to 30/sec and that when I manually added myself to it's deny files it would block me. Like with BFD I couldn't get APF to generate an email or take defensive action.
The author doesn't have a timeline on a Debian port for this, but I think that with some other Debian SysAdmin's help we can get this to work.
-bdk