Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 344
  • Last Modified:

configuring PSAD

Hi can anyone help me with PSAD which is at http://www.cipherdyne.com/psad/

What i am trying to do is block ip addresses which try to log into my linux firewall via SSH, and also if someone scans my IP address with let say portscanner or NMAP. i would like these automatcally put in the hosts.deny file but its not working when i get someone to scan my IP address from the web PSAD is not blocking it the next time its scanned
0
jaxxman
Asked:
jaxxman
1 Solution
 
michaelrashCommented:
To enable auto blocking of IP addresses, you need to set the ENABLE_AUTO_IDS variable in /etc/psad/psad.conf to "Y".  You will also need to choose an appropriate danger level for the AUTO_IDS_DANGER_LEVEL variable (the default is 5, which scans almost never reach).  Also, psad supports the use of both iptables and tcpwrappers to accomplish auto blocking, but the default method is to only use iptables (see the IPTABLES_BLOCK_METHOD variable).  If you want psad to use tcpwrappers, then you will need to set TCPWRAPPERS_BLOCK_METHOD to "Y".  Note that the best way to maintain security is to use iptables instead of tcpwrappers since iptables intercepts packets in the kernel before they can even talk to the IP stack, let alone the daemon itself.
0
 
jaxxmanAuthor Commented:
ok thanks for that.
On the bigger picture do you have any step by step handy tips on how to get the best out of PSAD or PDF and website may be
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now