Combining psad with fwsnort and sshauth.pl
Hi there –
I have psad 2.1 running in auto_ids mode, and I have it configured, via the auto_dl file with a whitelist of known good servers. The next step I had in mind was utilizing fwsnort and sshauth.pl with psad. I downloaded version 1.0.3 of fwsnort, and ran the fwsnort binary to create the fwsnort.pl file. The newly created .pl file has the appropriate whitelisted servers within it. Similarly, I downloaded the sshauth.pl file from the cipherdyne website. My question is the following: If I want to use fwsnort and sshauth .pl files, do I have them run in daemon mode? If not in that manner, what is the correct way to have them interoperate with psad? Thanks. |
All times are GMT -5. The time now is 04:52 PM. |