SlackBuilds Repository

14.2 > Network > psad (2.4.5)

psad (Intrusion Detection and Log Analysis with iptables)

psad is a collection of three lightweight system daemons (two main
daemons and one helper daemon) that run on Linux machines and analyze
iptables log messages to detect port scans and other suspicious traffic.
A typical deployment is to run psad on the iptables firewall where it has
the fastest access to log data.

You can set email for alerts by setting ALERTSEMAIL:

ALERTSEMAIL=alerts@example.com ./psad.SlackBuild

You need at least these rules:

iptables -A INPUT -j LOG
iptables -A FORWARD -j LOG

but more usefull will be something like this:

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP

please see documentation for more information.

NOTE:
psad requires several perl modules:
perl-Bit-Vector
perl-Date-Calc
perl-IPTables-Parse
perl-IPTables-ChainMgr
perl-NetAddr-IP
perl-Unix-Syslog

these are included in sources, so you don't need to install them.
But if you get some weird perl modules errors, you must uninstall
previous psad version before bulding new one.
Alternatively you can manually install this modules, all are available
on SlackBuilds.

NOTE:
The default option is NOT to download signatures.
We provide a signature file, but may be outdated as time goes by.
You can download them manually from http://www.cipherdyne.org/psad/signatures
and place them in /etc/psad

Maintained by: davjohn
Keywords: iptables,ddos,ban,block,ip,firewall,perl,ids
ChangeLog: psad

Homepage:
http://www.cipherdyne.org/psad/

Source Downloads:
psad-2.4.5.tar.bz2 (2d6bdaadcf1e8f31f0edb55d5cb6d3f5)

Download SlackBuild:
psad.tar.gz
psad.tar.gz.asc (FAQ)

(the SlackBuild does not include the source)

Individual Files:
README
doinst.sh
psad.SlackBuild
psad.info
signatures
slack-desc

Validated for Slackware 14.2

See our HOWTO for instructions on how to use the contents of this repository.

Access to the repository is available via:
ftp git cgit http rsync

© 2006-2018 SlackBuilds.org Project. All rights reserved.
Slackware® is a registered trademark of Patrick Volkerding
Linux® is a registered trademark of Linus Torvalds
Web Design by WebSight Designs |  Managed Hosting by OnyxLight Communications