Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [psad]

Port Scan Attack Detector is an intrusion detection system which reads Linux iptables log entries. It can send email alerts and generate CSV reports for later analysis.

Port Scan Attack Detector is an intrusion detection system which reads Linux iptables log entries. It can send email alerts and generate CSV reports for later analysis.

11 questions
3
votes
1 answer

Allow port scans for specific addresses in psad

How to enable port scans for specific address (or range) in psad? By default I get a lot of logs coming from my own monitoring service. How can I tell psad to treat my addresses or domains as trusted ones? I'd like to avoid adding them to the…
Sfisioza
  • 592
  • 2
  • 7
  • 18
3
votes
1 answer

Do we need PSAD if we already have Fail2Ban?

I already have installed Fail2Ban on my server. I planned to install PSAD on it. Are they equal? Isn't it a good idea to keep them both?
THpubs
  • 1,615
  • 7
  • 26
  • 43
2
votes
1 answer

iptables, ufw, and psad - scanned UDP port alerts from router and devices on home network

I have a fresh install of Ubuntu 16.04. I configured iptables, ufw (with gufw), and psad using instructions from https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1604-lts-server-part-1-basics and…
IMTheNachoMan
  • 245
  • 2
  • 15
1
vote
4 answers

How To Set iptables log rules for PSAD with UFW?

For PSAD to work, I need to add the following iptables rules and enable packet logging : iptables -A INPUT -j LOG iptables -A FORWARD -j LOG ip6tables -A INPUT -j LOG ip6tables -A FORWARD -j LOG I use UFW on my system. So, how can I add these rules…
THpubs
  • 1,615
  • 7
  • 26
  • 43
1
vote
1 answer

PSAD Firewall/ UDP flood?

Well I'm actually trying to block a UDP Flood on the Application port because the string "getstatus" is causing my application to make large output due to a small input to the attacker's IP. I installed PSAD firewall to do the job. psad -S shows…
Asad Moeen
  • 419
  • 3
  • 11
  • 22
0
votes
1 answer

understanding a psad error for src 0000:0000:0000:0000:0000:0000:0000:0000

My server is generating this psad error. I am not sure what it means? I think it is saying an IPv6 ping request was blocked but am not sure. And if it is a ping request, is it from the server to another device? I don't recall anything on my network…
IMTheNachoMan
  • 245
  • 2
  • 15
0
votes
1 answer

PSAD does not start on Ubuntu 14.04

I complied PSAD from source, compilation went smoothly however when I run this command: sudo psad --sig-update I got this: Can't load '/usr/lib/psad/x86_64-linux-gnu-thread-multi/auto/Date/Calc/Calc.so' for module Date::Calc:…
Balazs
  • 1
  • 2
0
votes
2 answers

PSAD / removed iptables block

I'm pretty new to PSAD but eagerly getting into it to have a safer installation. But some understanding is missing I've had yesterday the following notification : [psad-status] removed iptables block against xxx.xxx.xxx.xx It was an automatic…
Ben
  • 113
  • 1
  • 9
0
votes
1 answer

PSAD IPTables logging error

I installed PSAD on my Ubuntu server and then set the IPTables accordingly. But I still get this error by email: You may just need to add a default logging rule to the /sbin/iptables 'filter' 'INPUT' chain (…) Here are my iptables -S rules: -P…
Sinklar
  • 93
  • 1
  • 6
0
votes
0 answers

PSAD Error - You may just need to add a default logging rule to the INPUT chain

Ubuntu 20.04, not using ufw. After adding these rules (Iptables -S shows they are): iptables -A INPUT -j LOG iptables -A FORWARD -j LOG I still get error: "You may just need to add a default logging rule to the 'filter' 'INPUT' chain..." Do I…
user951556
-1
votes
1 answer

psad does not detect nmap

I am new to this and just installed psad. I ran nmap several times on a server but psad didn't log this psad --Status. I configured it like this: http://www.thefanclub.co.za/how-to/how-install-psad-intrusion-detection-ubuntu-1204-lts-server My aim…
LeMike
  • 179
  • 1
  • 8