How To Prevent Brute Force Attacks With Brutelock

Want to support HowtoForge? Become a subscriber!
 
Submitted by intuitivereason (Contact Author) (Forums) on Thu, 2009-09-24 12:41. :: Security

How To Prevent Brute Force Attacks With Brutelock

Brutelock is an open source program that actively monitors various system logs and immediately blocks malicious IPs trying to attack your server.

Brutelock not only protects against ssh attacks but also other common systems such as ftp, pop and imap.  It has an extendible rules format that allows you to monitor an unlimited number of other services by simply supplying the log file and a simple regex search pattern.

There are just a few steps to install the Brutelock agent:

  1. Download Brutelock agent, and save to /usr/local/.
  2. cd /usr/local/

  3. tar -xjvf brutelock-version_number.tar.bz2

  4. cd /usr/local/brutelock-version_number

  5. ./configure

  6. make

  7. make install

  8. Edit the new configuration file (/usr/local/brutelock/conf/brutelock.conf) with your subscription key *.
  9. Also edit the path to your ssh log in the configuration file if you need to. If you are unsure where that is for your system, please consult the README included with the Brutelock source. Uncomment any of the other services you wish to protect as well such as ftp, pop, and imap.
  10. Add any IP's to the /usr/local/brutelock/conf/whitelist file (each on separate lines) for any IP's that Brutelock should never lock out **.
  11. Add a separate chain to iptables:

    /sbin/iptables -N Brutelock-Firewall-INPUT

    /sbin/iptables -I INPUT -j Brutelock-Firewall-INPUT

  12. Start Brutelock daemon:

    /usr/local/brutelock/bin/brutelockd

  13. Sit back and watch the number of failed login attempts drastically diminish from your logs.

* - If you do not have a subscription key, make sure to sign-up to receive yours. You can choose the free option which allows Brutelock to actively block brute force attacks or one of the paid subscriptions to allow Brutelock to proactively protect your servers by receiving constant updates from the Brutelock service. Visit the Brutelock website for more information.

** - In addition to the localhost address (127.0.0.1) you should also enter the server's IP at a minimum.


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Anonymous (not registered) on Thu, 2009-09-24 11:35.

why use a commercial package when fail2ban and denyhosts are both free?

Submitted by Anonymous (not registered) on Sat, 2009-10-03 18:53.
That's easy.  Organizations like to have accountability when it comes to anything, including software.  If your IT Staff has exhausted their resources, or even to get an issue resolved immediately upon a mission critical installation, You have to have the provider of that software accountable.  That's the main reason why startup firms move to commercial software and away form open source software that doesn't have a foundation and infrastructure to provide paid support.
Submitted by intuitivereason (registered user) on Fri, 2009-09-25 04:09.
That is a great question. I'll make a few points to try to best answer that.
  1. Brutelock is free.  It is both open source as well as free in price.

  2. Only the Brutelock Subscription Service costs anything if you choose to use it.  It is completely optional.  We worked hard to price the cost of the subscription service to be very low so that any business/organization could afford to use it and in turn that money goes to support the infrastructure (servers, bandwidth, overhead) to run the service, end user support for installing/running Brutelock as well as future development and improvements.

  3. We are committed to continually improve and enhance the existing Brutelock product by adding new features, new security rules and broaden the scope of things it can automatically protect within a server. Each paid subscription helps fund this and future products that Brutelock will release. By having a revenue model in place we are not relying on donations just to keep the lights on.

Submitted by Joe (not registered) on Fri, 2009-09-25 20:33.
" Brutelock is free. It is both open source as well as free in price. "

What license are you using? There is no mention of it anywhere on your website.
Submitted by jsteel (not registered) on Sun, 2009-09-27 22:36.
The client software is released under the GPL. There is a LICENSE file distributed with the source code.