Comments on: psad: Linux Detect And Block Port Scan Attacks In Real Time

By: joshlinx

joshlinx — Sat, 14 Jan 2012 19:31:53 +0000

Note the authors other software as well excellent security software. fwsnort to use snort rules with firewall and fwknop for single packet authentication for port access. I have also bought the book and recommend reading it, very useful security software.

http://cipherdyne.org

By: Yonatan Ryabinski

Yonatan Ryabinski — Tue, 15 Nov 2011 04:58:31 +0000

Thank you very much!

By: somename

somename — Wed, 09 Nov 2011 05:57:26 +0000

that’s what `sudo su` is for :p

By: Alex

Alex — Sun, 09 Oct 2011 08:26:39 +0000

Thank you!
It works perfect!

By: Prakash

Prakash — Fri, 13 May 2011 04:13:35 +0000

Hello,

Please let me know the steps for installation of above for centos.

Awaiting for your reply.

Regards,
Prakash

By: cviniciusm

cviniciusm — Sat, 12 Mar 2011 12:55:42 +0000

Hello,

There is a bug on the 10.04 package, I filed a bug on Ubuntu Launchpad.

The original psad there is not the bug.

I solved the bug disabling the line that sends e-mail to dshield.org .

Regards.

By: Raul

Raul — Sat, 12 Mar 2011 07:53:03 +0000

sniper psad on Debian Lenny works well.If your not, that’s your mistake.You have to pay attention to configure psad.conf file.
Best regards,
Raul

By: sniper

sniper — Fri, 10 Dec 2010 19:31:42 +0000

Hi All
On Ubuntu Server 10.10 it works fine.
On Debian Lenny psad does not work. The counters be ever 0.
What could I do on the Debian Lenny Server, to become psad to work?
Thanks
sniper

By: sniper

sniper — Fri, 10 Dec 2010 07:56:19 +0000

Hi all
How could I whitliste IPs? PSAD is everytime blocking my resolver in my network and the lo interface… :-(

Thanks

By: skullboxx

skullboxx — Tue, 21 Sep 2010 13:19:07 +0000

Can’t confirm that, PSAD is working fine on my Ubuntu 10.04.1 LTS Box.

Cheers

By: cviniciusm

cviniciusm — Fri, 03 Sep 2010 14:41:33 +0000

PSAD is broken on the Ubuntu 10.04 (Lucid Lynx) and on the new beta 10.10 (Maverick).

And nice job.

Cheers.

By: rokin

rokin — Tue, 22 Jun 2010 20:58:20 +0000

Hello all, thank for the tuto.

But psad “don’t work” with Debian Lenny and rsyslog (default) :(
cf : http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg794354.html
I have test modifications, after, psad launch good but the psadfifo are empty and no detections :(

sorry for my bad english.
can you have a solution or a similar software ?

thank you very much !

By: emcgfx

emcgfx — Wed, 16 Jun 2010 10:25:11 +0000

This option bellow:
BADIPS=$(egrep -v -E “^#|^$” /home/tux/blocked.fw)

Needs to be this in Ubuntu 10.04:
BADIPS=$(egrep -v -e “^#|^$” /home/tux/blocked.fw)

NOTES: Simply use lower case “e” instead of capital one ;-)

Works like a charm, thanks CyberCiti Authors.

By: Vlado

Vlado — Wed, 24 Mar 2010 18:04:50 +0000

One thing to have in mind is the huge hdd space required for psad. My /var/log/ grew up with around 1Gb for like 20mins!

By: tunmsk

tunmsk — Tue, 22 Dec 2009 17:17:55 +0000

hi
do psad can be configured with rsyslog on a debian lenny?
thanks

By: deni

deni — Tue, 08 Dec 2009 14:05:15 +0000

any commands how to detect the ddos from where attacking my servers pls.?

By: cybernet

cybernet — Mon, 16 Nov 2009 10:28:30 +0000

what i do with this ?
#!/bin/bash
IPT=”/sbin/iptables”

echo “Starting IPv4 Wall…”
$IPT -F
$IPT -X
$IPT -t nat -F
$IPT -t nat -X
$IPT -t mangle -F
$IPT -t mangle -X
modprobe ip_conntrack
……

By: bonkhi

bonkhi — Tue, 03 Nov 2009 10:15:42 +0000

Had no ideal of psad……………….. thanks

By: glas

glas — Thu, 22 Oct 2009 20:18:50 +0000

apt-get install Thank you very much.
Nice tutorial.

By: Munch

Munch — Tue, 23 Jun 2009 12:41:12 +0000

What version of psad should I use for centOS?
Is installation procedure of psad for centOS same as above?