I installed PSAD on my Ubuntu server and then set the IPTables accordingly. But I still get this error by email:
You may just need to add a default logging rule to the /sbin/iptables 'filter' 'INPUT' chain (…)
Here are my iptables -S
rules:
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 678 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -j LOG
-A INPUT -j DROP
-A FORWARD -j LOG
And my ip6tables -S
rules (IPv6 is not enabled at this time):
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -j LOG
-A INPUT -j DROP
-A FORWARD -j LOG
Also, I see in the log that PSAD is actually logging activity.
What do you think could cause the error I receive by email? Do you know how to solve that? Are my IPTables rules correct?