BFD on Debian 4.0

[m4ri00sh]

... and again found at the site (credit to author(s)):

http://www.techyblog.com/content/view/49/27/


Here you go (in case the above website disappeared ).... just checked...
------------------------

Configure / Install BFD
.. cd /opt
1. wget http://www.r-fx.ca/downloads/bfd-current.tar.gz
2. tar -xzvf bfd-current.tar.gz
3. cd bfd-0.9/

4. ./install.sh
5. vi /usr/local/bfd/conf.bfd

Modify SLOG="/var/log/secure" to SLOG="/var/log/auth.log"

6. cd /usr/local/bfd/rules
7. mv sshd /tmp/bfd.old.rules.sshd # Just in case
8. wget http://www.mnxsolutions.com/scripts/bfd.rules.sshd -O sshd ; this works out of the box (or it did) for debian sarge.
9. chmod 600 sshd

For ubuntu my sshd rule ended up like:

REQ="/usr/sbin/sshd"
if [ -f "$REQ" ]; then
LP="/var/log/auth.log"
TLOG_TF="sshd"
TRIG="3"
TMP="/usr/local/bfd/tmp"

## SSH
ARG_VAL1=`$TLOGP $LP $TLOG_TF.1 | grep sshd | grep -viw "error: BIND" | sed 's/::ffff://' | grep -iw "Failed password for invalid user" | awk '{print$13":"$11}' | grep -E '[0-9]+' > $TMP/.sshd`
ARG_VAL=`cat $TMP/.sshd`
fi

10. edit /etc/ssh/sshd_config and add the following:

UseDNS no

11. /etc/init.d/ssh restart

------------------------


anyone has some issues with that... please respond

 

[m4ri00sh]

...and it looks like the install drops into /etc/cron.d the script bfd but ...
you need to (as what I think)
chmod +x /etc/cron.d/bfd

after I did that, few minutes later it ran and it created the /var/log/bfd_log so it looks good to me so far

Testing Part 2 ....

 

[m4ri00sh]

OK, log file is there .... but no entries in log file, it is empty....

I checked my auth.log and I see that there are a lot of attempts to guess the passwords and it looks like BFD cron job is not doing anything .... hmmm


-------------
OK, Yes, I edited the post

It all works, that is what happens when you are missing a little "/" oops