BFD 0.9 [bfd@r-fx.org] Copyright (C) 1999-2004, R-fx Networks Copyright (C) 2004, Ryan MacDonald This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 1) Introduction: BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the linux community that work in conjunction with a firewall or real-time facility to place bans. 2) Installation: There is an included 'install.sh' script that installs all files to '/usr/local/bfd/' and places a 8-minute cronjob in '/etc/cron.d/bfd'. The setup is really as simple as that. 3) Configuration: The configuration file for BFD is located at '/usr/local/bfd/conf.bfd'; it is very straight forward and the comments in themself explain what each option is for. Of the options, you should idealy configure the ALERT_USR toggle to enable or disable user email alerts and likewise in conjunction configure the EMAIL_USR var with your email addresses you would like to receive alerts at. An ignore file is present at '/usr/loca/bfd/ignore.hosts'; this is a line seperated file to place hosts into that you would like to be ignored for authentication failures. An internal function will attempt to fetch all local ip's bound on the installed system and there-in internally ignore events appearing to be from such addresses. 4) License: BFD is developed and supported on a volunteer basis by Ryan MacDonald [ryan@r-fx.org] BFD (brute force detection) is distributed under the GNU General Public License (GPL) without restrictions on usage or redistribution. The BFD copyright statement, and GNU GPL, "COPYING.GPL" are included in the top-level directory of the distribution. Credit must be given for derivative works as required under GNU GPL. 5) Support: All inquiries relating to BFD should be directed to bfd@r-fx.org and/or check the BFD homepage at: http://www.r-fx.org/bfd.php