Board index Linux Installation Stuffs

Moderator: chandranjoy

BFD, Libsafe, AIDE

Postby chandranjoy » Sun Mar 07, 2010 6:50 pm

BFD(Brute Force Detection):
What is Brute Force Detection?
BFD is a modular shell script for parsing applicable logs and checking for
authentication failures.
usage: /usr/local/sbin/bfd [OPTION]
-s|--standard ........ run standard with output
-q|--quiet ........... run quiet with output hidden
-a|--attackpool ...... list all addresses that have attacked this host


Config File: /usr/local/bfd/conf.bfd
Install BFD:
wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz
#tar -xvzf bfd-current.tar.gz
#cd bfd-1.2/
#./install.sh
then,
#bfd -s


Libsafe:
Libsafe used to secure Linux from buffer overflows.
Install Libsafe:
#wget http://www.research.avayalabs.com/proje ... 2.0-16.tgz
#tar xpfz libsafe-2.0-16.tgz
#cd libsafe-2.0-16
#make
#make install
# Permanently install libsafe


vi /etc/profile
# Installing libsafe
export LD_PRELOAD=/lib/libsafe.so.2
# unset LD_PRELOAD to unload it
# end of file



9.AIDE :
AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire. It does the same things as the semi-free Tripwire and more.It creates a database from the regular expression rules that it finds from the config file. Once this database is initialized it can be used to verify the integrity of the files. It has several message digest algorithms (md5,sha1,rmd160,tiger,haval,etc.) that are used to check the integrity of the file. More algorithms can be added with relative ease. All of the usual file attributes can also be checked for inconsistencies. It can read databases from older or newer versions.

AIDE(Advanced Intrusion Detection Environment) :
Download Page:
http://sourceforge.net/projects/aide

Install AIDE in Linux
#apt-get install aide OR yum install aide

At the time of installation it will ask the following questions and you need to answer as follows
Where should daily reports be mailed?
Daily reports are mailed to root by default. You may change that here or in /etc/default/aide. ok
Initialize aide database? yes
It is advisable for you to first look over /var/lib/aide/aide.db.new file before replacing the existing db. Would you like to replace it anyway?Copy aide.db.new to aide.db? yes
This will complete the installation and the configuration file located at /etc/aide/aide.conf.

To initialize the aide:
# aide –init


The database can now be checked with:
# aide –check.


To update that database after changing a parameter in aide.conf issue the command:
# aide –update
chandranjoy
Site Admin
 
Posts: 283
Joined: Fri Oct 23, 2009 11:19 pm

Return to Installation Stuffs

Who is online

Users browsing this forum: No registered users and 1 guest


cron