Solved

configuring PSAD

Posted on 2004-08-31
2
327 Views
Last Modified: 2013-12-04
Hi can anyone help me with PSAD which is at http://www.cipherdyne.com/psad/

What i am trying to do is block ip addresses which try to log into my linux firewall via SSH, and also if someone scans my IP address with let say portscanner or NMAP. i would like these automatcally put in the hosts.deny file but its not working when i get someone to scan my IP address from the web PSAD is not blocking it the next time its scanned
0
Comment
Question by:jaxxman
2 Comments
 

Accepted Solution

by:
michaelrash earned 50 total points
ID: 12040673
To enable auto blocking of IP addresses, you need to set the ENABLE_AUTO_IDS variable in /etc/psad/psad.conf to "Y".  You will also need to choose an appropriate danger level for the AUTO_IDS_DANGER_LEVEL variable (the default is 5, which scans almost never reach).  Also, psad supports the use of both iptables and tcpwrappers to accomplish auto blocking, but the default method is to only use iptables (see the IPTABLES_BLOCK_METHOD variable).  If you want psad to use tcpwrappers, then you will need to set TCPWRAPPERS_BLOCK_METHOD to "Y".  Note that the best way to maintain security is to use iptables instead of tcpwrappers since iptables intercepts packets in the kernel before they can even talk to the IP stack, let alone the daemon itself.
0
 

Author Comment

by:jaxxman
ID: 13416367
ok thanks for that.
On the bigger picture do you have any step by step handy tips on how to get the best out of PSAD or PDF and website may be
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now