I've downloaded BFD (Brute Force Detection) from http://www.rfxn.com/?page_id=51 and installed on a debian lenny server and every seems to be working fine, BFD is working with APF and there are a lot of scanning IPs blocked in /etc/apf/deny_hosts.rules file. BUT, there're a lot failed authentication IPs address that BFD does not see. I think it's a config problem the sshd rule. This is sshd BFD rule I'm using:
REQ="/usr/sbin/sshd" if [ -f "$REQ" ]; then LP="$AUTH_LOG_PATH" TLOG_TF="sshd" TMP="/usr/local/bfd/tmp" ## SSHD ARG_VAL=`$TLOG_PATH $LP $TLOG_TF | sed -e 's/::ffff://' | grep -E '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | sed -n -e '/sshd/s/.*user \(.*\) from \([^ ]*\).*/\2:\1/p'` fi I've searched google and I'm unable to find new BFD rules of using Debian lenny. My question is: Does anybody has a new BFD sshd rule for Debian lenny? -- Regards; Israel Garcia -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
