Download Latest Version
v1.1 Beta1 (7.4 kB)
Get an email when there's a new version of Brutus-IDS
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| Brutus-IDS-v1.1-Beta1-Readme.txt | 2009-08-07 | 2.8 kB | |
| Brutus-IDS-v1.1-Beta1.tgz | 2009-08-07 | 7.4 kB | |
| Totals: 2 Items | 10.1 kB | 1 | |
# ############################################################################ # ############################################################################ # # INSTALL # ############################################################################ # ############################################################################ How to install: Modify user configuration parameters in the Brutus-IDS.config file. NOTE: The default for CONTACT will send alerts to the root user on localhost. If sending to a fully qualified email address, be sure to escape the @ character with a proceeding \ character (as in "foo\@foo.com") You _may_ want or need to also modify: LOGFILE threshold_attempts Copy the Brutus-IDS* files to /usr/local/bin with the following command: cp -f Brutus-IDS_* Brutus-IDS.config /usr/local/bin/ Add cronjob entry to root account (or account with permissions to access the LOGFILE and IPTABLES) either by adding an entry via: crontab -e -l root * * * * * /usr/local/bin/Brutus-IDS_auto_add_to_firewall.pl -or- copy the Brutus-IDS.cron to your systems /etc/cron.hourly directory The recommended method of running Brutus-IDS from from the root cron jobs however so as to snare attempts ASAP and limit the number of attempts as quickly as possible. That's it! # ############################################################################ # ############################################################################ # FAQ: # ############################################################################ # ############################################################################ Question: I'm getting and error of: "grep: /var/log/secure: Permission denied" Answer: Be sure the user account running Brutus-IDS has read rights to /var/log/secure Question: Is root access required Answer: No, but it will make installation far easier. All that is required is system level permissions to read /var/log/secure (or wherever you system writes logs for failed SSH attempts), write to /etc/sysconfig, and run IPTABLES commands. It's possible to do all of this as a user via sudo and run Brutus-IDS from a system level permission account. The setup for that is left as an exercise to the reader. Man sudo will be your guide and you will need to modify the Brutus-IDS calls. Question: How often does Brutus-IDS need to run Answer: The more frequently, the better! On my system, I run it every minute. This generally catches attempts on their threashold level or not much above it. What you DON'T want to do is allow the brute force attacker to keep attempting for a full hour before, but you CAN use it that way. Thus the recommendation to run it from the roots crontab as opposed to /etc/cron.hourly