English English

Warning: count(): Parameter must be an array or an object that implements Countable in /var/www/ard-site/templates/ardsite/library/Designer/Content/SingleArticle.php on line 198

psad: installation and configuration

This is a tutorial how to install psad (intrusion detection system) on Ubuntu.

This program detects attempts of port scanning of your server.

 

 

Firstly, psad can be install from the repository

sudo apt-get install psad

 

To detect all ingoing traffic to your server, you must set your iptables to log ingoing and forwarded packages.

sudo iptables -A INPUT -j LOG
sudo iptables -A FORWARD -j LOG

Psad must now be configured. This can be done through the main settings file of Psad.

sudo vim /etc/psad/psad.conf

In that before managed file psad.conf these following settings must be changed according to this.

EMAIL_ADDRESSES [email protected]_comes_your_email.org
 
HOSTNAME your_hostname_or_your_domain

ENABLE_AUTO_IDS        Y;
 
IPT_SYSLOG_FILE        /var/log/syslog;

Psad needs to be restarted to activate all changes that are done in this config file. This must be done after every change of the config file.

service psad restart

 

Finally, do not forget to update your psad signature by this command

psad --sig-update

The above mentioned command can be run also as a cronjob.

 

These following command can be used to check the status of psad.

service psad status
psad -S


Beware that psad only can not protect your network against any major attacks. You have to consider also other security measurements.

 

 

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.

Ok