mirror of
https://github.com/Ponce/slackbuilds
synced 2024-11-28 10:02:43 +01:00
28 lines
908 B
Text
28 lines
908 B
Text
|
psad (Intrusion Detection and Log Analysis with iptables)
|
||
|
|
|
||
|
|
psad is a collection of three lightweight system daemons (two main
|
||
|
|
daemons and one helper daemon) that run on Linux machines and analyze
|
||
|
|
iptables log messages to detect port scans and other suspicious traffic.
|
||
|
|
A typical deployment is to run psad on the iptables firewall where it has
|
||
|
|
the fastest access to log data.
|
||
|
|
|
||
|
|
You can set email for alerts by setting ALERTSEMAIL:
|
||
|
|
|
||
|
|
ALERTSEMAIL=alerts@example.com ./psad.SlackBuild
|
||
|
|
|
||
|
|
You need at least these rules:
|
||
|
|
|
||
|
|
iptables -A INPUT -j LOG
|
||
|
|
iptables -A FORWARD -j LOG
|
||
|
|
|
||
|
|
but more usefull will be something like this:
|
||
|
|
|
||
|
|
iptables -A INPUT -i lo -j ACCEPT
|
||
|
|
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
||
|
|
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
|
||
|
|
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
|
||
|
|
iptables -A INPUT -j LOG
|
||
|
|
iptables -A INPUT -j DROP
|
||
|
|
|
||
|
|
please see documentation for more information.
|