Apf & Bfd

[bdk]

Advanced Policy Firewall (APF)
Brute Force Detection (BFD)

Has anyone gotten these working under Debian?

I downloaded both and tried to configure them over a period of a couple of days but to no avail.

I can see the BFD cron job runs every 10 minutes but never picks anything up.

I had to adjust the log file that it was looking for for authentication info from /var/log/secure (rh & slackware method) to /var/log/auth.log (debian). Not knowing if pattern.auth in BFD is case sensative I added 'Illegal user', but it still never picked up on anything in my auth.log.

There were other changes that I made in hopes that BFD would react to my log files. It never did.

WIth APF I was able ping flood my server and see that it was working to limit the inbound ICMP packages to 30/sec and that when I manually added myself to it's deny files it would block me. Like with BFD I couldn't get APF to generate an email or take defensive action.

The author doesn't have a timeline on a Debian port for this, but I think that with some other Debian SysAdmin's help we can get this to work.

-bdk

 

[rndinit0]

/etc/init.d/apf: line 8: /etc/rc.d/init.d/functions:

Well from what I gather apf likes to use /etc/rc.d/init.d/* instead of /etc/init.d/

Would be nice to see someone post a debian sepcific tutorial for apf and bfd

You might wanna go with this in the mean time:

http://denyhosts.sourceforge.net

Also you might want to view this thread on EV1 Servers Forum

I've also taken the liberty of asking for more details as to how this could be done.

 

[payman]

Here's the APF installation process for Debian:
1)wget http://www.r-fx.ca/downloads/apf-current.tar.gz
2)tar -xzf apf-current.tar.gz
3)cd apf-0.9.6-1/ (or whatever version is the current)
4)./install.sh
5)cp apf.init /etc/init.d/apf
6)update-rc.d apf defaults
Don't forget to config /etc/apf/conf.apf !
Cheers

 

[canda]

For reference in case anyone else is looking to do this, I tried the steps as posted by payman on Debian 3.1 and all appears to be working fine.

 

[roelp]

If you want to install APF on debian, you can use the following link to apt-get it:
http://debian.pcextreme.nl/

Add the following in your /etc/apt/sources.list:
deb http://ftp.nl.apt-get.eu/debian/ sarge unofficial

apt-get update

apt-get install apf

 

[smoked1]

I tried what payman said and i am still getting this error when I try and execute /etc/init.d/apf start

 

[ah24]

Hi! everyone
I have little question. how can I block ping request in firewall, which place? anyone know? I use APF firewall

 

[Saeven]

In APF, in conf.apf, remove type 8 from the ICMP_TYPES to globally block ping.

 

[ah24]

Re

Thx for help.

 

[dwm]

Any problems with the /etc/init.d/ and /etc/rc.d/init.d/ can be solved adding a symbolic link:

#mkdir /etc/rc.d/; cd /etc/rc.d/; ln -s /etc/init.d/ init.d

 

[greenm]

i found this, maby someone think its usefull:

http://www.webhostgear.com/61.html