In my previous article I discussed setting up the Advanced Policy Firewall on your servers. So now your servers are protected – but what happens when you get an attack at a legitimate service? SSH? MySQL? Apache? In a series of articles I’ll discuss implementing some best practises to help avoid server nightmares.
SSH – Introducing BFD
BFD is a modular shell script for parsing application logs and checking for authentication failures. In it’s simplest form BFD will monitor your SSH log files for potential attacks and take preventative action.
tar zxpfv bfd-current.tar.gz
Thats it. The default options are perfect to use with APF. It will block an attackers IP after 15 incorrect login attempts.
Feel free to edit the config file if you want your Inbox full of emails telling you its blocked someone. Trust me, you’ll get fed up of it in 15 minutes.