To use this brute force function as is follow these instructions.
- Add a bruteforce folder holding all the python files to the directory /opt
- Add the service file to etc/systemd/system
- Run the following sudo commands: a. sudo systemctl daemon-reload b. sudo systemctl enable bruteforceDetector c. sudo systemctl start bruteforceDetector d. sudo systemctl status bruteforceDetector
To see and test the mitigation follow these instructions.
- Open a terminal and run the command sudo journalctl -u bruteforceDetector -f
- Open another terminal and run the command sudo tail -f /var/log/auth.log
- Open a third terminal and open an ssh using a fake or real user and incorrectly guess the password 5-8 times.
- Check the second terminal to see the failed login messages being parsed, and the first to see the mitigation messages taking care of the attempt.