Professional Documents
Culture Documents
Reference: http://www.cipherdyne.org/psad/
cd /tmp
wget http://www.cipherdyne.org/psad/download/psad-2.1-1.i386.rpm
######
EMAIL_ADDRESSES you@domain1.com, you@domain2.com;
HOSTNAME vend-x.com;
# If there is only one network interface on the box, then just set this variable
to "NOT_USED".
HOME_NET NOT_USED;
EMAIL_ALERT_DANGER_LEVEL 1;
ENABLE_AUTO_IDS Y;
AUTO_IDS_DANGER_LEVEL 1;
ENABLE_SCAN_ARCHIVE Y;
DISK_MAX_PERCENTAGE 85;
FLUSH_IPT_AT_INIT N;
#######
crontab -e
###
0 0 * * * /usr/sbin/psad -sig-update && /sbin/service psad restart
###
/etc/rc.d/init.d/psad start
/usr/sbin/psad -sig-update
/sbin/chkconfig psad on
/usr/sbin/psad --Status
# Fwsnort Installation
Reference: http://www.cipherdyne.org/fwsnort
# Download fwsnort from http://www.cipherdyne.org/fwsnort/download/
cd /tmp
wget http://www.cipherdyne.com/fwsnort/download/fwsnort-1.0.4.tar.gz
cd /tmp/fwsnort-1.0.4
perl install.pl
cp -a /etc/fwsnort/fwsnort.conf /etc/fwsnort/fwsnort.conf.orig
vi /etc/fwsnort/fwsnort.conf
######
# Modify the uname location as follows
unameCmd /bin/uname;
######
# Update signatures
/usr/sbin/fwsnort --update-rules
/etc/fwsnort/fwsnort.sh
0 0 * * * /usr/sbin/fwsnort --update-rules
/etc/rc.d/init.d/psad restart
rm -rf /tmp/fwsnort-0.8.1.tar.gz
rm -rf /tmp/fwsnort-0.8.1
# Enabling whitelisting and Special danger levels for IPs and Port.
# Eg. Add the IP address of the nmap/nessus server in the /etc/psad/auto_dl file
before starting the nessus scan.Please ensure that you restart psad after adding
the IP address.