Installation

You should check installation instructions contained in INSTALL file if you are installing BruteForceBlocker v1.2 and later. Basically, you will need to proceed these steps:

You will need to add a new table to the pf config file. You can do so by adding lines to the pf.conf similar to these:

table <bruteforce> persist file “/path/to/tables/file”
block in log quick proto tcp from <bruteforce> to any port ssh

You will also need to add another auth line in /etc/syslog.conf similar to this one (note that you should keep your original one, since the BruteForceBlocker no longer logs to the auth.log file, instead it logs throught syslog module):

auth.info;authpriv.info | exec /path/to/bruteforceblocker.pl

You should also consider starting syslogd with -c option.

7 thoughts on “Installation

  1. CDSU

    Michael

    youre kidding right? if you do not know what kind of table Daniel is talking about then you really should either contact your network admin or do some heavy reading on FreeBSD and PF ( thats stands for packet filter). By not doing so you can really do some damage to your network.
    This should be a good start for you
    http://www.google.com/bsd

    –CDSU

  2. danger Post author

    unfortunately, that is impossible currently. Someone would need to create an ipfw port of BruteForceBlocker. This actually would probably not be too much work…

  3. len conrad

    What about attacks on ftp,

    or

    on smtp where “connect from ip.ad.re.ss” is logged 1000s of times/day for an IP.

    I was using bruteblock but it works only with ipfw and had some screwey failure adding IPs

    Len

  4. danger Post author

    The procedure is pretty the same. You just have to add the corresponding regular expressions to the bruteforceblocker script.

Leave a Reply

Your email address will not be published. Required fields are marked *