Skip to main content
rfxn
BFDGPL v2v2.0.1Since 2004
26

Brute Force Detection

Modular log parser for blocking authentication attacks

Brute Force Detection (BFD) is a modular shell script for parsing application logs and checking for authentication failures. It uses a rules system where application-specific options are stored including regular expressions for each unique auth format.

BFD employs a log tracking system that reads from the last known position, avoiding redundant processing. It is compatible with syslog and logrotate style log rotations - automatically detecting rotation events and retrieving data from both new and rotated log files.

GitHubDownloadChangelogDocs
Stars

26

Forks

12

Last Push

Apr 18, 2026

Latest Release
v2.0.1
Project Downloads & Supporting Files

15

3d

26

7d

114

30d

344

90d

1.42k

1y

Apr 16 - Apr 19

Features

Detection

  • Modular per-application rule sets with auto-enablement
  • Regex-based log parsing using sed for efficiency
  • Log tracking that reads from last known position to avoid redundant processing
  • Compatible with syslog/logrotate style log rotations
  • Configurable failed login threshold (TRIG) before blocking

Response & Tracking

  • Integration with APF, Shorewall, and raw iptables for blocking
  • IP route and custom command blocking options
  • Flat text file-based attacker tracking with size controls
  • Attack pool with trending data on blocked hosts and triggering rules
  • Customizable email alerting with templating
  • Embedded lock file system to prevent concurrent instances
  • Default cron execution every 3 minutes

Installation

bash
$ git clone https://github.com/rfxn/brute-force-detection.git
$ cd brute-force-detection
$ sudo ./install.sh

Verify Download

MD5 Signature Verification

Always verify the integrity of downloaded packages before installation.

bash
$ wget https://www.rfxn.com/downloads/bfd-current.tar.gz
$ wget https://www.rfxn.com/downloads/bfd-current.tar.gz.md5
$ md5sum -c bfd-current.tar.gz.md5

Downloads & Resources

Download Latest Tarball

bfd-current.tar.gz

MD5 Checksum

bfd-current.tar.gz.md5

Changelog

Full version history on GitHub

Documentation

Usage guides and configuration

Issue Tracker

Report bugs and request features

Community & Publications

Notable

Brute Force Detection - Linux.com Tutorial

Linux.com (Linux Foundation)

Tutorials & Articles

Community

More from R-fx Networks

LMDLinux Malware DetectAPFAdvanced Policy FirewallIRSYNCIncremental RsyncLESLinux Environment SecurityLSMLinux Socket Monitor