Combining psad with fwsnort and sshauth.pl
Hi there –
I have psad 2.1 running in auto_ids mode, and I have it configured, via the auto_dl file with a whitelist of known good servers. The next step I had in mind was utilizing fwsnort and sshauth.pl with psad.
I downloaded version 1.0.3 of fwsnort, and ran the fwsnort binary to create the fwsnort.pl file. The newly created .pl file has the appropriate whitelisted servers within it. Similarly, I downloaded the sshauth.pl file from the cipherdyne website.
My question is the following: If I want to use fwsnort and sshauth .pl files, do I have them run in daemon mode? If not in that manner, what is the correct way to have them interoperate with psad? Thanks.
|