Skip to main content
rfxn
BFDGPL v2v1.5Since 2004
25

Brute Force Detection

Modular log parser for blocking authentication attacks

Brute Force Detection (BFD) is a modular shell script for parsing application logs and checking for authentication failures. It uses a rules system where application-specific options are stored including regular expressions for each unique auth format.

BFD employs a log tracking system that reads from the last known position, avoiding redundant processing. It is compatible with syslog and logrotate style log rotations — automatically detecting rotation events and retrieving data from both new and rotated log files.

GitHubDownloadChangelogDocs
Stars

25

Forks

12

Last Push

Feb 15, 2026

Project Downloads & Supporting Files

18

3d

31

7d

136

30d

413

90d

1.71k

1y

Feb 18 — Feb 21

Features

Detection

  • Modular per-application rule sets with auto-enablement
  • Regex-based log parsing using sed for efficiency
  • Log tracking that reads from last known position to avoid redundant processing
  • Compatible with syslog/logrotate style log rotations
  • Configurable failed login threshold (TRIG) before blocking

Response & Tracking

  • Integration with APF, Shorewall, and raw iptables for blocking
  • IP route and custom command blocking options
  • Flat text file-based attacker tracking with size controls
  • Attack pool with trending data on blocked hosts and triggering rules
  • Customizable email alerting with templating
  • Embedded lock file system to prevent concurrent instances
  • Default cron execution every 3 minutes

Installation

bash
$ git clone https://github.com/rfxn/brute-force-detection.git
$ cd brute-force-detection
$ sudo ./install.sh

Verify Download

MD5 Signature Verification

Always verify the integrity of downloaded packages before installation.

bash
$ wget https://www.rfxn.com/downloads/bfd-current.tar.gz
$ wget https://www.rfxn.com/downloads/bfd-current.tar.gz.md5
$ md5sum -c bfd-current.tar.gz.md5

Downloads & Resources

Download Latest Tarball

bfd-current.tar.gz

MD5 Checksum

bfd-current.tar.gz.md5

Changelog

Full version history on GitHub

Documentation

Usage guides and configuration

Issue Tracker

Report bugs and request features

Community & Publications

Notable

Brute Force Detection — Linux.com Tutorial

Linux.com (Linux Foundation)

Tutorials & Articles

Community

More from R-fx Networks

LMDLinux Malware DetectAPFAdvanced Policy FirewallIRSYNCIncremental RsyncLESLinux Environment SecurityLSMLinux Socket Monitor