Miroirs/slackbuilds_ponce
1
0
Fork 0
mirror of https://github.com/Ponce/slackbuilds synced 2024-10-03 07:54:34 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
slackbuilds_ponce/network/psad
History
David Spencer 5c22124d04 network/psad: Fixed slack-desc. 
Signed-off-by: David Spencer <idlemoor@slackbuilds.org>
2017-02-11 07:24:05 +07:00
..
doinst.sh
psad.info
psad.SlackBuild
README
slack-desc

README 

psad (Intrusion Detection and Log Analysis with iptables)

psad is a collection of three lightweight system daemons (two main
daemons and one helper daemon) that run on Linux machines and analyze
iptables log messages to detect port scans and other suspicious traffic.
A typical deployment is to run psad on the iptables firewall where it has
the fastest access to log data.

You can set email for alerts by setting ALERTSEMAIL:

ALERTSEMAIL=alerts@example.com ./psad.SlackBuild

You need at least these rules:

iptables -A INPUT -j LOG
iptables -A FORWARD -j LOG

but more usefull will be something like this:

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP

please see documentation for more information.