Avatar of R7AF
R7AF
Flag for Netherlands asked on

PSAD and UFW

I would like to install PSAD on a debian server to detect port scans. I found the following guide:
http://www.cyberciti.biz/faq/linux-detect-port-scan-attacks/

At the end of the installation tutorial there is an update for iptables. I use UFW, and I don't know if I can update iptables, or if I should use a special rule or configuration for UFW.

It has the following rules for iptables

iptables -A INPUT -j LOG
iptables -A FORWARD -j LOG 

Open in new window

How can I configure UFW to do this?
Linux SecurityLinux NetworkingLinux Distributions

Avatar of undefined
Last Comment
ahoffmann

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
ahoffmann

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
R7AF

ASKER
Sorry, I closed that question a bit too early. It seems that if I add those lines at the top, the server gets really slow. If I add them at the end, before the "COMMIT" line, speed is OK, but I don't know if it works like that.
ahoffmann

> .. if I add those lines at the top, the server gets really slow ...
why would you log all requests?

> If I add them at the end, before the "COMMIT" line, speed is OK, but I don't know if it works like that.
then all matching rules before will not logged except the matching rule logs itself.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck