{"id":102,"date":"2011-03-29T03:38:27","date_gmt":"2011-03-29T01:38:27","guid":{"rendered":"http:\/\/evcz.tk\/blog\/?p=102"},"modified":"2011-03-29T03:49:58","modified_gmt":"2011-03-29T01:49:58","slug":"bfd-vsftpd-script","status":"publish","type":"post","link":"https:\/\/evcz.tk\/blog\/2011\/03\/29\/bfd-vsftpd-script\/","title":{"rendered":"BFD vsftpd script"},"content":{"rendered":"<p><a href=\"http:\/\/www.rfxn.com\/projects\/brute-force-detection\/\">BFD<\/a> is an easy to use brute force detection script that plays very nicely when combined with APF&#8230;<\/p>\n<p>currently it does support certain daemons out of the box&#8230; but vspftd is not one of those \ud83d\ude41<br \/>\nThis a *very basic* (it does not pass the offending username to bfd) script to add <a href=\"http:\/\/vsftpd.beasts.org\/\">VSFTPD<\/a> support to BFD.<\/p>\n<p>You just need to create a file named &#8220;vsftpd&#8221; into the BFD .\/rules\/ directory and paste this content into it:<\/p>\n<pre lang=\"bash\">\r\nREQ=\"\/usr\/sbin\/vsftpd\"\r\n\r\nif [ -f \"$REQ\" ]; then\r\n LP=\"\/var\/log\/vsftpd.log\"\r\n TLOG_TF=\"vsftpd\"\r\n\r\n #Mon Mar 28 23:57:38 2011 [pid 9897] [asdasd] FAIL LOGIN: Client \"127.0.0.1\"\r\n\r\n ## VSFTPD\r\n ARG_VAL=`$TLOG_PATH $LP $TLOG_TF | grep -w 'FAIL LOGIN' | sed -r 's\/^.{0,}Client .\/\/' | sed 's\/\"\/:vsftpd\/g'`\r\nfi\r\n<\/pre>\n<p>This script refers to the standard vsftpd <a href=\"http:\/\/www.redhat.com\/rhel\/\">rhel<\/a>\/<a href=\"http:\/\/www.centos.org\/\">centos<\/a> installation&#8230;<br \/>\nIf the logfile is placed elsewhere (vsftpd_log_file) or if the option &#8220;syslog_enable&#8221; in vsftpd.conf has been enabled it needs to be adjusted \ud83d\ude42<\/p>\n<p>PS: this was a NON-WORKING test (usernames with a space in it where making it fail):<\/p>\n<pre lang=\"bash\">\r\nARG_VAL=`$TLOG_PATH $LP $TLOG_TF | grep -w 'FAIL LOGIN' | awk '{print $12\":\"$8}' | tr '[]\"'`\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>BFD is an easy to use brute force detection script that plays very nicely when combined with APF&#8230; currently it does support certain daemons out of the box&#8230; but vspftd is not one of those \ud83d\ude41 This a *very basic* (it does not pass the offending username to bfd) script to add VSFTPD support to &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/evcz.tk\/blog\/2011\/03\/29\/bfd-vsftpd-script\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;BFD vsftpd script&#8221;<\/span><\/a><\/p>\n","protected":false},"author":45,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,20],"tags":[19,5,18],"class_list":["post-102","post","type-post","status-publish","format-standard","hentry","category-howto","category-snippets","tag-brute-force-detection","tag-centos","tag-vsftpd"],"_links":{"self":[{"href":"https:\/\/evcz.tk\/blog\/wp-json\/wp\/v2\/posts\/102","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/evcz.tk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/evcz.tk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/evcz.tk\/blog\/wp-json\/wp\/v2\/users\/45"}],"replies":[{"embeddable":true,"href":"https:\/\/evcz.tk\/blog\/wp-json\/wp\/v2\/comments?post=102"}],"version-history":[{"count":7,"href":"https:\/\/evcz.tk\/blog\/wp-json\/wp\/v2\/posts\/102\/revisions"}],"predecessor-version":[{"id":109,"href":"https:\/\/evcz.tk\/blog\/wp-json\/wp\/v2\/posts\/102\/revisions\/109"}],"wp:attachment":[{"href":"https:\/\/evcz.tk\/blog\/wp-json\/wp\/v2\/media?parent=102"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/evcz.tk\/blog\/wp-json\/wp\/v2\/categories?post=102"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/evcz.tk\/blog\/wp-json\/wp\/v2\/tags?post=102"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}