LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-13-2006, 10:13 AM   #1
coolb
Member
 
Registered: Apr 2006
Location: Cape Town, South Africa
Distribution: Gentoo 2006.1(2.6.17-gentoo-r7)
Posts: 222

Rep: Reputation: 30
Psad


Has anyone had any problems with Psad and Gentoo.
I used Psad on Slackware sometime back, and never had any "problems", now with Gentoo werid things seem to be happening. I have configured psad the exact way as I did on slackware(internal subnet mask, etc) and I have followed the steps you need to take with adding rules/chains to iptables.

The "werid" problems would fit into this category:
1. nmap localhost - psad takes that as offensive
2. nmap from outside - psad dose nothing, well *sometimes* which can be kinda a pain
3. nmap localhost - psad sends about a million emails to the "alert" address

This never happened on slackware.

Anyone maybe having the same "werid" problems
 
Old 12-13-2006, 02:09 PM   #2
coolb
Member
 
Registered: Apr 2006
Location: Cape Town, South Africa
Distribution: Gentoo 2006.1(2.6.17-gentoo-r7)
Posts: 222

Original Poster
Rep: Reputation: 30
anyone??...
 
Old 12-14-2006, 01:13 AM   #3
live_dont_exist
Member
 
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257

Rep: Reputation: 30
The thing is.. I've never heard of psad.. but just a very vague overview would suggest that obviously there's something on Gentoo which is causing Psad to trigger all these alerts(false positives) if you may.

I'd go back to the configuration files; maybe configure it again on Slackware and just copy the config over to Gentoo. There've been times when I thought everything was the same but it wasn't.

I know this might sound very unhelpful..but I'd just recheck the basics once again. If its still not working you might want to test it on another distro like Fedora and see what you get there.

Cheers
Arvind
 
Old 12-14-2006, 02:31 AM   #4
coolb
Member
 
Registered: Apr 2006
Location: Cape Town, South Africa
Distribution: Gentoo 2006.1(2.6.17-gentoo-r7)
Posts: 222

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by live_dont_exist
The thing is.. I've never heard of psad.. but just a very vague overview would suggest that obviously there's something on Gentoo which is causing Psad to trigger all these alerts(false positives) if you may.

I'd go back to the configuration files; maybe configure it again on Slackware and just copy the config over to Gentoo. There've been times when I thought everything was the same but it wasn't.

I know this might sound very unhelpful..but I'd just recheck the basics once again. If its still not working you might want to test it on another distro like Fedora and see what you get there.

Cheers
Arvind
I've checked, and rechecked. It seems like Gentoo just dosent like psad. Oh well, I might give snort a go

thanks anyway
Bruce
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
PSAD Install Issue Jezter Linux - Security 1 03-20-2005 02:03 PM
ip addresses blocked by psad wilcsnyder Linux - Security 1 08-28-2004 04:59 AM
psad says DL5 dominant Linux - Security 3 03-25-2004 02:50 PM
Question on PSAD code? cxel91a Programming 0 09-05-2003 04:10 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:27 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration