LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
Reload this Page trouble configuring psad
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 05-05-2011, 03:40 AM   #1
aloisius-a
LQ Newbie
 
Registered: Oct 2009
Distribution: Slackware, LFS
Posts: 27

Rep: Reputation: 0
trouble configuring psad

Hi,

I manage a network with a LAN and a DMZ and I installed a firewall on a Linux machine (Slackware 12.2) using iptables and it operates correctly.
Now, in an improvement effort, I installed psad (rel. 2.1.7) and configured it following the instructions written in the book "Linux firewalls" and, tried to see the effects of psad. Particularly I tried to test the psad ability in the detection of port scan.
So, from from a remote host, I hit the command
nmap -sT -n IP_net_address --max-rtt-timeout 500
obtaining the response

Starting Nmap 4.76 ( http://nmap.org ) at 2011-05-05 10:26 CEST
Interesting ports on zzz.zzz.zzz.zzz:
Not shown: 974 closed ports
PORT STATE SERVICE
23/tcp open telnet
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
1080/tcp filtered socks
1151/tcp filtered unknown
1723/tcp filtered pptp
4662/tcp filtered edonkey
6666/tcp filtered irc
6667/tcp filtered irc
6668/tcp filtered irc
6669/tcp filtered irc
6689/tcp filtered unknown
6692/tcp filtered unknown
6699/tcp filtered napster
6779/tcp filtered unknown
6788/tcp filtered unknown
6789/tcp filtered unknown
6792/tcp filtered unknown
6839/tcp filtered unknown
6881/tcp filtered bittorrent-tracker
6901/tcp filtered unknown
6969/tcp filtered acmsoda
7000/tcp filtered afs3-fileserver
9001/tcp filtered unknown
9002/tcp filtered unknown

Nmap done: 8 IP addresses (1 host up) scanned in 3.81 seconds

The problem I encounter is that there isn't no pertaining line in the file /var/log/messages and that the file /var/log/psad/fwdata is empty.

I have to say that the syslog daemon that I use is syslogd, so in the file /etc/psad/psad.conf the pertaining line is
SYSLOG_DAEMON syslogd;
and I modified the file /etc/syslog.conf introducing the line
kern.info |/var/lib/psad/psadfifo


Certainly I did some error in the configuration but I dont't understand it.
Can somebody help me?

aloisius-a
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Help with psad Andy12 Linux - Software 1 10-06-2008 01:27 PM
Psad coolb Linux - Security 3 12-14-2006 02:31 AM
A little trouble with configuring X orange400 Linux - Software 3 05-12-2006 03:41 PM
psad says DL5 dominant Linux - Security 3 03-25-2004 02:50 PM
having trouble configuring x krackerroot Linux - Newbie 3 09-11-2003 09:25 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 01:35 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration