BFD vsftpd script

Posted by EvolutionCrazy on Mar 29, 2011 in howto, snippets

BFD is an easy to use brute force detection script that plays very nicely when combined with APF…

currently it does support certain daemons out of the box… but vspftd is not one of those 🙁
This a *very basic* (it does not pass the offending username to bfd) script to add VSFTPD support to BFD.

You just need to create a file named “vsftpd” into the BFD ./rules/ directory and paste this content into it:

if [ -f "$REQ" ]; then
 #Mon Mar 28 23:57:38 2011 [pid 9897] [asdasd] FAIL LOGIN: Client ""
 ARG_VAL=`$TLOG_PATH $LP $TLOG_TF | grep -w 'FAIL LOGIN' | sed -r 's/^.{0,}Client .//' | sed 's/"/:vsftpd/g'`

This script refers to the standard vsftpd rhel/centos installation…
If the logfile is placed elsewhere (vsftpd_log_file) or if the option “syslog_enable” in vsftpd.conf has been enabled it needs to be adjusted 🙂

PS: this was a NON-WORKING test (usernames with a space in it where making it fail):

ARG_VAL=`$TLOG_PATH $LP $TLOG_TF | grep -w 'FAIL LOGIN' | awk '{print $12":"$8}' | tr '[]"'`

Tags: , ,

Copyright © 2018 evcz.tk All rights reserved. Theme by Laptop Geek.