PSAD Install
PSAD Install
psad: Intrusion Detection and Log Analysis with iptables
What is PSAD?PSAD is a collection of three lightweight system daemons (two main daemons and one helper daemon) that run on Linux machines and analyze #iptables log messages to detect port scans and other suspicious traffic. A typical deployment is to run psad on the iptables firewall where it #has #the fastest access to log data.
Installation Process:
- Verify md5sum, and public key:
root@bt:~# cd /usr/local/src root@bt: /usr/local/src# wget http://cipherdyne.org/psad/download/psad-2.1.7.tar.bz2 root@bt: /usr/local/src# wget http://cipherdyne.org/psad/download/psad-2.1.7.tar.bz2.md5 root@bt: /usr/local/src# wget http://cipherdyne.org/psad/download/psad-2.1.7.tar.bz2.asc root@bt: /usr/local/src# wget http://cipherdyne.org/public_key root@bt: /usr/local/src# md5sum -c psad-2.1.7.tar.bz2.md5 psad-2.1.7.tar.bz2: OK root@bt: /usr/local/src# gpg --import public_key root@bt: /usr/local/src# gpg --verify psad-2.1.7.tar.bz2.asc #gpg: Signature made Wed 14 Jul 2010 06:01:06 PM EDT using DSA key ID 0D3E7410 #gpg: Good signature from "Michael Rash (Signing key for cipherdyne.org projects) <mbr@cipherdyne.org>"
- Install PSAD:
root@bt: /usr/local/src# tar xfj psad-2.1.7.tar.bz2 root@bt: /usr/local/src# cd psad-2.1.7 root@bt: /usr/local/src/psad-2.1.7# ./install.pl # Would you like to install the latest signatures from # http://www.cipherdyne.org/psad/signatures (y/n)? y
- Start PSAD:
root@bt:/usr/local/src/psad-2.1.7# /etc/init.d/psad start
Starting psad: [*] Could not find mail, edit /etc/psad/psad.conf at /usr/sbin/psad line 9679.
To fix this we will need to edit psad.conf located in /etc/psad/ and add an email address as follows:
root@bt:/usr/local/src/psad-2.1.7# vim /etc/psad/psad.conf
For further info Contact me @ 9801202236
Comments