psad-2.2-4-omv2014.0.x86_64.rpm


Advertisement

Description

psad - Analyzses iptables log messages for suspect traffic

Property Value
Distribution OpenMandriva Lx 2014.2
Repository OpenMandriva Main x86_64
Package name psad
Package version 2.2
Package release 4-omv2014.0
Package architecture x86_64
Package type rpm
Installed size 4.12 MB
Download size 399.05 KB
Official Mirror abf-downloads.openmandriva.org
Port Scan Attack Detector (psad) is a collection of four lightweight
system daemons written in Perl and C that are designed to work with
Linux firewalling code (iptables in the 2.4.x kernels, and ipchains
in the 2.2.x kernels) to detect port scans. It features a set of highly
configurable danger thresholds (with sensible defaults provided),
verbose alert messages that include the source, destination, scanned
port range, begin and end times, TCP flags and corresponding nmap
options (Linux 2.4.x kernels only), email alerting, and automatic
blocking of offending IP addresses via dynamic configuration of
ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels
psad incorporates many of the TCP, UDP, and ICMP signatures included in
Snort to detect highly suspect scans for various backdoor programs
(e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and
advanced port scans (syn, fin, Xmas) which are easily leveraged against
a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP
window sizes to passively fingerprint the remote operating system from
which scans originate.

Alternatives

Package Version Architecture Repository
psad-2.2-4-omv2014.0.i586.rpm 2.2 i586 OpenMandriva Main
psad - - -

Requires

Name Value
libc.so.6()(64bit) -
libc.so.6(GLIBC_2.2.5)(64bit) -
libc.so.6(GLIBC_2.3)(64bit) -
perl(Data::Dumper) -
perl(File::Copy) -
perl(File::Path) -
perl(Getopt::Long) -
perl(IO::Handle) -
perl(IO::Socket) -
perl(POSIX) -
perl(Socket) -
perl-Bit-Vector -
perl-Date-Calc -
perl-IPTables-ChainMgr -
perl-IPTables-Parse -
perl-NetAddr-IP -
perl-Unix-Syslog -
rpm-helper -
sendmail-command -
userspace-ipfilter -
whois -

Provides

Name Value
config(psad) == 0:2.2-4:2014.0
psad == 2.2-4:2014.0

Download

Type URL
Binary Package psad-2.2-4-omv2014.0.x86_64.rpm
Source Package psad-2.2-4.src.rpm

Install Howto

  1. Enable OpenMandriva Main repository on Install and Remove Software"
  2. Update packages list:
    # urpmi.update -a
  3. Install psad rpm package:
    # urpmi psad

Files

Path
/etc/psad/auto_dl
/etc/psad/icmp6_types
/etc/psad/icmp_types
/etc/psad/ip_options
/etc/psad/pf.os
/etc/psad/posf
/etc/psad/psad.conf
/etc/psad/signatures
/etc/psad/snort_rules/VERSION
/etc/psad/snort_rules/attack-responses.rules
/etc/psad/snort_rules/backdoor.rules
/etc/psad/snort_rules/bad-traffic.rules
/etc/psad/snort_rules/chat.rules
/etc/psad/snort_rules/classification.config
/etc/psad/snort_rules/ddos.rules
/etc/psad/snort_rules/deleted.rules
/etc/psad/snort_rules/dns.rules
/etc/psad/snort_rules/dos.rules
/etc/psad/snort_rules/emerging-all.rules
/etc/psad/snort_rules/experimental.rules
/etc/psad/snort_rules/exploit.rules
/etc/psad/snort_rules/finger.rules
/etc/psad/snort_rules/ftp.rules
/etc/psad/snort_rules/icmp-info.rules
/etc/psad/snort_rules/icmp.rules
/etc/psad/snort_rules/imap.rules
/etc/psad/snort_rules/info.rules
/etc/psad/snort_rules/local.rules
/etc/psad/snort_rules/misc.rules
/etc/psad/snort_rules/multimedia.rules
/etc/psad/snort_rules/mysql.rules
/etc/psad/snort_rules/netbios.rules
/etc/psad/snort_rules/nntp.rules
/etc/psad/snort_rules/oracle.rules
/etc/psad/snort_rules/other-ids.rules
/etc/psad/snort_rules/p2p.rules
/etc/psad/snort_rules/policy.rules
/etc/psad/snort_rules/pop2.rules
/etc/psad/snort_rules/pop3.rules
/etc/psad/snort_rules/porn.rules
/etc/psad/snort_rules/reference.config
/etc/psad/snort_rules/rpc.rules
/etc/psad/snort_rules/rservices.rules
/etc/psad/snort_rules/scan.rules
/etc/psad/snort_rules/shellcode.rules
/etc/psad/snort_rules/smtp.rules
/etc/psad/snort_rules/snmp.rules
/etc/psad/snort_rules/sql.rules
/etc/psad/snort_rules/telnet.rules
/etc/psad/snort_rules/tftp.rules
/etc/psad/snort_rules/virus.rules
/etc/psad/snort_rules/web-attacks.rules
/etc/psad/snort_rules/web-cgi.rules
/etc/psad/snort_rules/web-client.rules
/etc/psad/snort_rules/web-coldfusion.rules
/etc/psad/snort_rules/web-frontpage.rules
/etc/psad/snort_rules/web-iis.rules
/etc/psad/snort_rules/web-misc.rules
/etc/psad/snort_rules/web-php.rules
/etc/psad/snort_rules/x11.rules
/etc/rc.d/init.d/psad
/usr/sbin/fwcheck_psad
/usr/sbin/kmsgsd
/usr/sbin/psad
/usr/sbin/psadwatchd
/usr/share/man/man8/fwcheck_psad.8.xz
/usr/share/man/man8/kmsgsd.8.xz
/usr/share/man/man8/psad.8.xz
/usr/share/man/man8/psadwatchd.8.xz
/var/lib/psad
/var/log/psad
/var/run/psad

Changelog

2014-02-08 - Tomasz Pawe? Gajc <tpgxyz@gmail.com> 2.2-4
+ Revision: 0ab6e4e
- MassBuild#328: Increase release tag

See Also

Package Description
psiconv-0.9.8-22-omv2014.0.x86_64.rpm PSION 5(MX) file format data conversion utilities
psmisc-22.20-8-omv2014.0.x86_64.rpm Utilities for managing processes on your system
pstoedit-3.62-3-omv2014.0.x86_64.rpm Translates PostScript/PDF graphics into other vector formats
psutils-p17-22-omv2014.0.x86_64.rpm PostScript utilities
ptpcam-1.1.10-6-omv2014.0.x86_64.rpm Command line utility to access digital cameras via PTP
pulseaudio-5.0-2-omv2014.0.x86_64.rpm Sound server for Linux
pulseaudio-client-config-5.0-2-omv2014.0.x86_64.rpm Client configuration for PulseAudio clients
pulseaudio-esound-compat-5.0-2-omv2014.0.x86_64.rpm PulseAudio EsounD daemon compatibility script
pulseaudio-module-bluetooth-5.0-2-omv2014.0.x86_64.rpm Bluetooth support for the PulseAudio sound server
pulseaudio-module-equalizer-5.0-2-omv2014.0.x86_64.rpm Equalizer support for the PulseAudio sound server
pulseaudio-module-gconf-5.0-2-omv2014.0.x86_64.rpm GConf support for the PulseAudio sound server
pulseaudio-module-jack-5.0-2-omv2014.0.x86_64.rpm JACK support for the PulseAudio sound server
pulseaudio-module-lirc-5.0-2-omv2014.0.x86_64.rpm LIRC support for the PulseAudio sound server
pulseaudio-module-x11-5.0-2-omv2014.0.x86_64.rpm X11 support for the PulseAudio sound server
pulseaudio-module-zeroconf-5.0-2-omv2014.0.x86_64.rpm Zeroconf support for the PulseAudio sound server
Advertisement
Advertisement