Comments for Real FreeBSD Tips

Comment on Differences Between Linux and FreeBSD by VooDoo

VooDoo — Tue, 04 Aug 2009 21:57:14 +0000

The basic difference:

BSD is free.
Linux is not.

Comment on Stopping SSH & FTP brute force attacks with IPFW by Chris

Chris — Tue, 21 Jul 2009 17:02:11 +0000

Glad to hear it. :)

Comment on Stopping SSH & FTP brute force attacks with IPFW by SoniXAnT

SoniXAnT — Tue, 21 Jul 2009 08:30:29 +0000

Yessss, now it works!! The bruteblock line must be put at the top of syslog.conf as you said…strange issue nevertheless.

Comment on Stopping SSH & FTP brute force attacks with IPFW by Chris

Chris — Mon, 20 Jul 2009 16:49:16 +0000

Great tip, I couldn’t have said it better myself. I found that putting the bruteblock line up the top of your syslog.conf file guarantees it will start correctly. Let me know how this goes for you.

Comment on Stopping SSH & FTP brute force attacks with IPFW by SoniXAnT

SoniXAnT — Sun, 19 Jul 2009 20:06:53 +0000

Oops, sorry I meant:
tail -F -n1 /var/log/auth.log | exec /usr/local/sbin/bruteblock -f /usr/local/etc/bruteblock/ssh.conf &

do not forget the final \&\ or else init will be stuck in the tail command from the next reboot

Comment on Stopping SSH & FTP brute force attacks with IPFW by SoniXAnT

SoniXAnT — Sun, 19 Jul 2009 19:59:16 +0000

Two tips for bruteblock:
1) ipfw acts as a “firts match first win” firewall so add the deny rule BEFORE any other ruleset
2) I can’t understand why my syslogd doesn’t recognize bruteblock from my syslog.conf, if this is your case, here is a workaround:
just add the following line to your /etc/rc.local

echo “tail -F -n1 /var/log/auth.log | exec /usr/local/sbin/bruteblock -f /usr/local/etc/bruteblock/ssh.conf &” >> /etc/rc.local

and reboot

hope this helps!

Comment on Stopping SSH & FTP brute force attacks with IPFW by Chris

Chris — Fri, 03 Jul 2009 06:52:23 +0000

Send me your ssh.conf (bruteblock), rc.firewall (ipfw) and you syslog.conf (syslogd) and I’ll take a look for you. chris [at] reallfreebsdtips [dot] com

Comment on Stopping SSH & FTP brute force attacks with IPFW by James S

James S — Fri, 03 Jul 2009 01:44:38 +0000

I’m not familiar with ipfw, since I don’t need or want a firewall for any other reason than to use BruteBlock. I keep getting a:

bruteblock[1083]: Blocking failed for (my test attacking IP)

I am running firewall_type=”OPEN”, because as I said, I really don’t want to have IPFW interfering with anything else. If I do a: ipfw table 1 list, I do see the same test IP listed, but it is not being blocked.

I’d appreciate a clue or two…if I need to run the firewall differently, how best to do that as simply as possible.

Thanks!

Comment on Stopping SSH & FTP brute force attacks with IPFW by KC

KC — Fri, 17 Apr 2009 10:10:45 +0000

Thanks for the information! It helps a lot!

Comment on Real FreeBSD Tips is now iPhone Friendly by Malcolm Chalmers

Malcolm Chalmers — Thu, 16 Apr 2009 11:03:24 +0000

Thanks! This is a great plugin! I’ve wondering how to get my blog to work on my iTouch and this does it great without effecting my normal theme.