Welcome, Guest. Please login or register.
April 18, 2014, 20:25:12 PM
Home Help Search Calendar Login Register
Show unread posts since last visit.
News: Let Pardus-Anka become #1: Pardus-Anka Bug ReportPardus-Anka World Google+ | The Pardus wiki  | Visit Pardus-Anka official website  | Register as forum member?  Email the moderator!

+  Pardus Worldforum
|-+  Assistance
| |-+  Software
| | |-+  psad
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: psad  (Read 1703 times)
Hendrikus Godvliet
Pardus Master
***
Posts: 202



View Profile WWW
« on: March 31, 2010, 11:55:14 AM »

Anyone who know's a replacemant for psad?
Ore beter is there a psad pisi pakket ?

Logged

PhiX
Pardus Guru
****
Posts: 642



View Profile WWW
« Reply #1 on: March 31, 2010, 14:12:27 PM »

What is "psad" ?
Logged

Team Pardus-fr - French Pardus tools translator
Hendrikus Godvliet
Pardus Master
***
Posts: 202



View Profile WWW
« Reply #2 on: March 31, 2010, 14:15:45 PM »

What is "psad" ?

What is "Google" ?
http://www.google.nl/search?q=psad+&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a


PSAD is a collection of four lightweight system daemons written in Perl and in C that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It features a set of highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, tcp flags and corresponding nmap options (Linux 2.4.x kernels only), reverse DNS info, email alerting, and automatic blocking of offending ip addresses via dynamic configuration of ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels psad incorporates many of the tcp signatures included in Snort to detect highly suspect scans.

« Last Edit: March 31, 2010, 14:19:37 PM by Hendrikus Godvliet » Logged

atolboo
Pardus Guru
****
Posts: 2317



View Profile
« Reply #3 on: March 31, 2010, 21:59:01 PM »

After  unpacking psad-2.1.5.tar.bz2 I start the installation with
Code:
sudo ./install.pl
which ends with
Quote
========================================================

  • psad has been installed.
  • To start psad, run "/etc/init.d/psad start"
So as far as I am concerned there isn't an immediate need for a pisi package as I can install this without any problems. Grin
Logged
PhiX
Pardus Guru
****
Posts: 642



View Profile WWW
« Reply #4 on: April 01, 2010, 00:19:01 AM »

Hendrikus, I know how to use search website, but one should not have to open a web page just to understand what you are asking about. My question was meant to make you realize that.
« Last Edit: April 01, 2010, 00:20:36 AM by PhiX » Logged

Team Pardus-fr - French Pardus tools translator
Hendrikus Godvliet
Pardus Master
***
Posts: 202



View Profile WWW
« Reply #5 on: April 01, 2010, 11:18:33 AM »

Hendrikus, I know how to use search website, but one should not have to open a web page just to understand what you are asking about. My question was meant to make you realize that.

Dear Phix

Quote
but one should not have to open a web page just to understand what you are asking about.

You're right!

Greetings Hendrikus
Logged

Hendrikus Godvliet
Pardus Master
***
Posts: 202



View Profile WWW
« Reply #6 on: April 01, 2010, 11:24:46 AM »

After  unpacking psad-2.1.5.tar.bz2 I start the installation with
Code:
sudo ./install.pl
which ends with
Quote
========================================================

  • psad has been installed.
  • To start psad, run "/etc/init.d/psad start"
So as far as I am concerned there isn't an immediate need for a pisi package as I can install this without any problems. Grin


This is what i get / got

Code:
hendrikus@linux-pardus psad-2.1.5 $ sudo ./install.pl
[+] Thu Apr  1 11:22:28 2010 Installing psad on hostname: linux-pardus
[+] Compiling Marco d'Itri's whois client
make: Entering directory `/home/hendrikus/psad/psad-2.1.5/deps/whois'
cc  -MM -MG *.c > Makefile.depend
/bin/sh: cc: command not found
make: *** No rule to make target `Makefile.depend', needed by `all'.  Stop.
make: Leaving directory `/home/hendrikus/psad/psad-2.1.5/deps/whois'
[*] Could not compile whois at ./install.pl line 353.
hendrikus@linux-pardus psad-2.1.5 $


whois
Code:
hendrikus@linux-pardus psad-2.1.5 $ whois                                  
Usage: whois [OPTION]... OBJECT...                                        

-l                     one level less specific lookup [RPSL only]
-L                     find all Less specific matches  



First off all i wil take a look in the config section:
Quote
Before executing the install.pl script, edit the config section at the beginning. Sensible defaults are provided so hopefully there will be a minimal number of things to change to get psad to work on your system, but if system binaries are in places the scripts don't know about then you will need to provide the correct paths.

After the config section is the way you want it, just run 'install.pl', and then run '/etc/init.d/psad-init start' to start psad, kmsgsd, and psadwatchd, or just run them from the command line. The install.pl script installs psad, kmsgsd, and psadwatchd in /usr/sbin/ by default.

« Last Edit: April 01, 2010, 11:33:37 AM by Hendrikus Godvliet » Logged

atolboo
Pardus Guru
****
Posts: 2317



View Profile
« Reply #7 on: April 01, 2010, 12:05:58 PM »

This is what i get / got
I suspect that you will get a better result after applying this Wiki page
(I have to test this on a new installation on P2009.1)
Logged
Hendrikus Godvliet
Pardus Master
***
Posts: 202



View Profile WWW
« Reply #8 on: April 01, 2010, 12:17:44 PM »

This is what i get / got
I suspect that you will get a better result after applying this Wiki page
(I have to test this on a new installation on P2009.1)

Code:
sudo pisi install -c system.devel
O.k  Thanks for that.

But it make is more worse!!!
Code:
hendrikus@linux-pardus psad-2.1.5 $ sudo ./install.pl
Wachtwoord:                                         
  • Thu Apr  1 12:14:31 2010 Installing psad on hostname: linux-pardus
  • Compiling Marco d'Itri's whois client
make: Entering directory `/home/hendrikus/psad/psad-2.1.5/deps/whois'
cc  -O2 -c whois.c
In file included from whois.c:36:
data.h:98:20: error: ip_del.h: No such file or directory
data.h:109:21: error: ip6_del.h: No such file or directory
data.h:120:20: error: as_del.h: No such file or directory
data.h:136:22: error: tld_serv.h: No such file or directory

*** 4 errors, 0 warnings
make: *** [whois.o] Error 1
make: Leaving directory `/home/hendrikus/psad/psad-2.1.5/deps/whois'
  • Could not compile whois at ./install.pl line 353.
hendrikus@linux-pardus psad-2.1.5 $
Logged

atolboo
Pardus Guru
****
Posts: 2317



View Profile
« Reply #9 on: April 01, 2010, 15:56:05 PM »

I suspect that you will get a better result after applying this Wiki page
(I have to test this on a new installation on P2009.1)
Result is in attachment.
Maybe your downloaded psad-2.1.5.tar.bz2 has an error

* psad-install.txt (40.64 KB - downloaded 105 times.)
Logged
Hendrikus Godvliet
Pardus Master
***
Posts: 202



View Profile WWW
« Reply #10 on: April 01, 2010, 16:24:44 PM »

I suspect that you will get a better result after applying this Wiki page.  
(I have to test this on a new installation on P2009.1)
Result is in attachment.
Maybe your downloaded psad-2.1.5.tar.bz2 has an error

Quote
Maybe your downloaded psad-2.1.5.tar.bz2 has an error
Your were right!

Quote
Result is in attachment.
It was very handy to have your attachment.

In most cases I answered no (n)  I know you just can install it again and by that i will make a better  configuration.  It also did not go through the email notification. So I still need a few good things set!

Thanks for your helping hands   
« Last Edit: April 01, 2010, 16:31:41 PM by Hendrikus Godvliet » Logged

Pages: [1] Go Up Print 
« previous next »
Jump to:  


Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!