Brutus-IDS - Browse /Brutus-IDS_Beta/v1.0 at SourceForge.net

Brutus-IDS Files

The interactive file manager requires Javascript. Please enable it or use sftp or scp.
You may still browse the files here.

Name	Modified	Size	InfoDownloads / Week
Parent folder
Brutus-IDS-v1.0-Beta4-Readme.txt	2008-11-14	2.8 kB	0
Brutus-IDS-v1.0-Beta4.tgz	2008-11-14	6.1 kB	0
Totals: 2 Items		8.9 kB	0

# ############################################################################
# ############################################################################
# # INSTALL
# ############################################################################
# ############################################################################

How to install:
Modify user configuration parameters in the Brutus-IDS.config file.

NOTE:  The default for CONTACT will send alerts to the root user on localhost.  If sending to a fully qualified email address, be sure to escape the @ character with a proceeding \ character (as in "foo\@foo.com")

You _may_ want or need to also modify:
LOGFILE
threshold_attempts

Copy the Brutus-IDS* files to /usr/local/bin with the following command:
cp -f Brutus-IDS_* Brutus-IDS.config /usr/local/bin/

Add cronjob entry to root account (or account with permissions to access the LOGFILE and IPTABLES) either by adding an entry via:
crontab -e -l root
* * * * * /usr/local/bin/Brutus-IDS_auto_add_to_firewall.pl

-or-

copy the Brutus-IDS.cron to your systems /etc/cron.hourly directory

The recommended method of running Brutus-IDS from from the root cron jobs however so as to snare attempts ASAP and limit the number of attempts as quickly as possible.

That's it!



# ############################################################################
# ############################################################################
# FAQ:
# ############################################################################
# ############################################################################

Question:  I'm getting and error of:  "grep: /var/log/secure: Permission denied"
Answer:    Be sure the user account running Brutus-IDS has read rights to /var/log/secure

Question:  Is root access required
Answer:    No, but it will make installation far easier.  All that is required is system level permissions to read /var/log/secure (or wherever you system writes logs for failed SSH attempts), write to /etc/sysconfig, and run IPTABLES commands.  It's possible to do all of this as a user via sudo and run Brutus-IDS from a system level permission account.  The setup for that is left as an exercise to the reader.  Man sudo will be your guide and you will need to modify the Brutus-IDS calls.

Question:  How often does Brutus-IDS need to run
Answer:    The more frequently, the better!  On my system, I run it every minute.  This generally catches attempts on their threashold level or not much above it.  What you DON'T want to do is allow the brute force attacker to keep attempting for a full hour before, but you CAN use it that way.  Thus the recommendation to run it from the roots crontab as opposed to /etc/cron.hourly

Source: Brutus-IDS-v1.0-Beta4-Readme.txt, updated 2008-11-14

Brutus-IDS Files

Get an email when there's a new version of Brutus-IDS