Link to home
Start Free TrialLog in
Avatar of R7AF
R7AFFlag for Netherlands

asked on

PSAD and UFW

I would like to install PSAD on a debian server to detect port scans. I found the following guide:
http://www.cyberciti.biz/faq/linux-detect-port-scan-attacks/

At the end of the installation tutorial there is an update for iptables. I use UFW, and I don't know if I can update iptables, or if I should use a special rule or configuration for UFW.

It has the following rules for iptables

iptables -A INPUT -j LOG
iptables -A FORWARD -j LOG 

Open in new window

How can I configure UFW to do this?
ASKER CERTIFIED SOLUTION
Avatar of ahoffmann
ahoffmann
Flag of Germany image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of R7AF

ASKER

Sorry, I closed that question a bit too early. It seems that if I add those lines at the top, the server gets really slow. If I add them at the end, before the "COMMIT" line, speed is OK, but I don't know if it works like that.
> .. if I add those lines at the top, the server gets really slow ...
why would you log all requests?

> If I add them at the end, before the "COMMIT" line, speed is OK, but I don't know if it works like that.
then all matching rules before will not logged except the matching rule logs itself.