mirror of
https://github.com/Ponce/slackbuilds
synced 2024-10-04 07:54:46 +02:00
27 lines
908 B
Text
27 lines
908 B
Text
psad (Intrusion Detection and Log Analysis with iptables)
|
|
|
|
psad is a collection of three lightweight system daemons (two main
|
|
daemons and one helper daemon) that run on Linux machines and analyze
|
|
iptables log messages to detect port scans and other suspicious traffic.
|
|
A typical deployment is to run psad on the iptables firewall where it has
|
|
the fastest access to log data.
|
|
|
|
You can set email for alerts by setting ALERTSEMAIL:
|
|
|
|
ALERTSEMAIL=alerts@example.com ./psad.SlackBuild
|
|
|
|
You need at least these rules:
|
|
|
|
iptables -A INPUT -j LOG
|
|
iptables -A FORWARD -j LOG
|
|
|
|
but more usefull will be something like this:
|
|
|
|
iptables -A INPUT -i lo -j ACCEPT
|
|
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
|
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
|
|
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
|
|
iptables -A INPUT -j LOG
|
|
iptables -A INPUT -j DROP
|
|
|
|
please see documentation for more information.
|