psad-2.4.6-2.fc28.i686.rpm


Advertisement

Description

psad - Port Scan Attack Detector (psad) watches for suspect traffic

Property Value
Distribution Fedora 28
Repository Fedora Updates i386
Package filename psad-2.4.6-2.fc28.i686.rpm
Package name psad
Package version 2.4.6
Package release 2.fc28
Package architecture i686
Package type rpm
Category System Environment/Daemons
Homepage https://www.cipherdyne.org/psad/
License GPLv2+
Maintainer -
Download size 1.41 MB
Installed size 14.77 MB
Port Scan Attack Detector (psad) is a collection of three lightweight
system daemons written in Perl and in C that are designed to work with Linux
iptables firewalling code to detect port scans and other suspect traffic.  It
features a set of highly configurable danger thresholds (with sensible
defaults provided), verbose alert messages that include the source,
destination, scanned port range, begin and end times, tcp flags and
corresponding nmap options, reverse DNS info, email and syslog alerting,
automatic blocking of offending ip addresses via dynamic configuration of
iptables rulesets, and passive operating system fingerprinting.  In addition,
psad incorporates many of the tcp, udp, and icmp signatures included in the
snort intrusion detection system (https://www.snort.org) to detect highly
suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend,
SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin,
xmas) which are easily leveraged against a machine via nmap.  psad can also
alert on snort signatures that are logged via fwsnort
(https://www.cipherdyne.org/fwsnort/), which makes use of the
iptables string match module to detect application layer signatures.

Alternatives

Package Version Architecture Repository
psad-2.4.6-2.fc28.x86_64.rpm 2.4.6 x86_64 Fedora Updates
psad-2.4.3-7.fc28.i686.rpm 2.4.3 i686 Fedora
psad-2.4.3-7.fc28.x86_64.rpm 2.4.3 x86_64 Fedora
psad - - -

Requires

Name Value
/bin/ps -
/usr/bin/killall -
/usr/bin/perl -
/usr/sbin/semodule -
gzip -
iproute -
iptables -
libc.so.6(GLIBC_2.4) -
net-tools -
perl(Bit::Vector) -
perl(Carp::Clan) -
perl(Data::Dumper) -
perl(Date::Calc) -
perl(File::Copy) -
perl(File::Path) -
perl(Getopt::Long) -
perl(IO::Handle) -
perl(IO::Select) -
perl(IO::Socket) -
perl(IPTables::ChainMgr) -
perl(IPTables::Parse) -
perl(NetAddr::IP) -
perl(POSIX) -
perl(Socket) -
perl(Storable) -
perl(Unix::Syslog) -
perl(strict) -
policycoreutils >= 2.4
rtld(GNU_HASH) -

Provides

Name Value
config(psad) = 2.4.6-2.fc28
psad = 2.4.6-2.fc28
psad(x86-32) = 2.4.6-2.fc28

Download

Type URL
Mirror download-ib01.fedoraproject.org
Binary Package psad-2.4.6-2.fc28.i686.rpm
Source Package psad-2.4.6-2.fc28.src.rpm

Install Howto

Install psad rpm package:

# dnf install psad

Files

Path
/etc/logrotate.d/psad
/etc/psad/auto_dl
/etc/psad/icmp6_types
/etc/psad/icmp_types
/etc/psad/ip_options
/etc/psad/pf.os
/etc/psad/posf
/etc/psad/protocols
/etc/psad/psad.conf
/etc/psad/signatures
/etc/psad/snort_rule_dl
/etc/psad/snort_rules/VERSION
/etc/psad/snort_rules/attack-responses.rules
/etc/psad/snort_rules/backdoor.rules
/etc/psad/snort_rules/bad-traffic.rules
/etc/psad/snort_rules/chat.rules
/etc/psad/snort_rules/classification.config
/etc/psad/snort_rules/ddos.rules
/etc/psad/snort_rules/deleted.rules
/etc/psad/snort_rules/dns.rules
/etc/psad/snort_rules/dos.rules
/etc/psad/snort_rules/emerging-all.rules
/etc/psad/snort_rules/experimental.rules
/etc/psad/snort_rules/exploit.rules
/etc/psad/snort_rules/finger.rules
/etc/psad/snort_rules/ftp.rules
/etc/psad/snort_rules/icmp-info.rules
/etc/psad/snort_rules/icmp.rules
/etc/psad/snort_rules/imap.rules
/etc/psad/snort_rules/info.rules
/etc/psad/snort_rules/local.rules
/etc/psad/snort_rules/misc.rules
/etc/psad/snort_rules/multimedia.rules
/etc/psad/snort_rules/mysql.rules
/etc/psad/snort_rules/netbios.rules
/etc/psad/snort_rules/nntp.rules
/etc/psad/snort_rules/oracle.rules
/etc/psad/snort_rules/other-ids.rules
/etc/psad/snort_rules/p2p.rules
/etc/psad/snort_rules/policy.rules
/etc/psad/snort_rules/pop2.rules
/etc/psad/snort_rules/pop3.rules
/etc/psad/snort_rules/porn.rules
/etc/psad/snort_rules/reference.config
/etc/psad/snort_rules/rpc.rules
/etc/psad/snort_rules/rservices.rules
/etc/psad/snort_rules/scan.rules
/etc/psad/snort_rules/shellcode.rules
/etc/psad/snort_rules/smtp.rules
/etc/psad/snort_rules/snmp.rules
/etc/psad/snort_rules/sql.rules
/etc/psad/snort_rules/telnet.rules
/etc/psad/snort_rules/tftp.rules
/etc/psad/snort_rules/virus.rules
/etc/psad/snort_rules/web-attacks.rules
/etc/psad/snort_rules/web-cgi.rules
/etc/psad/snort_rules/web-client.rules
/etc/psad/snort_rules/web-coldfusion.rules
/etc/psad/snort_rules/web-frontpage.rules
/etc/psad/snort_rules/web-iis.rules
/etc/psad/snort_rules/web-misc.rules
/etc/psad/snort_rules/web-php.rules
/etc/psad/snort_rules/x11.rules
/usr/bin/nf2csv
/usr/lib/.build-id/
/usr/lib/.build-id/57/e48f48ce245761354914f1837124df2db05f6c
/usr/lib/.build-id/d4/4a361926932e2195ab7b6f352cdcd290d2ad87
/usr/lib/systemd/system/psad.service
/usr/lib/tmpfiles.d/psad.conf
/usr/sbin/fwcheck_psad
/usr/sbin/kmsgsd
/usr/sbin/psad
/usr/sbin/psadwatchd
/usr/share/doc/psad/BENCHMARK
/usr/share/doc/psad/CREDITS
/usr/share/doc/psad/ChangeLog
/usr/share/doc/psad/FW_EXAMPLE_RULES
/usr/share/doc/psad/README.SYSLOG
/usr/share/doc/psad/README.md
/usr/share/doc/psad/SCAN_LOG
/usr/share/licenses/psad/LICENSE
/usr/share/man/man1/nf2csv.1.gz
/usr/share/man/man8/fwcheck_psad.8.gz
/usr/share/man/man8/kmsgsd.8.gz
/usr/share/man/man8/psad.8.gz
/usr/share/man/man8/psadwatchd.8.gz
/var/lib/psad/psadfifo
/var/log/psad/
/var/run/psad/psad.cmd

Changelog

2019-02-25 - Dominik Mierzejewski <rpm@greysector.net> - 2.4.6-2
- silence sys_ptrace AVC denials (#1615087)
2018-08-01 - Dominik Mierzejewski <rpm@greysector.net> - 2.4.6-1
- update to 2.4.6 (#1611013)
2018-06-28 - Dominik Mierzejewski <rpm@greysector.net> - 2.4.5-1
- update to 2.4.5 (#1394902, #1476553)
- use upstream systemd unit
- include additional docs
- fix SELinux policy installation scriptlet logic (#1438190)
- drop HLL policy, CIL import is supported in 2.4+ and RHEL 7.3 ships 2.5
- add gcc to BRs, use set_build_flags macro
- add more missing SELinux rules
- silence last module removal semodule warning
2018-02-09 - Fedora Release Engineering <releng@fedoraproject.org> - 2.4.3-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
2017-08-03 - Fedora Release Engineering <releng@fedoraproject.org> - 2.4.3-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
2017-07-27 - Fedora Release Engineering <releng@fedoraproject.org> - 2.4.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
2017-02-11 - Fedora Release Engineering <releng@fedoraproject.org> - 2.4.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
2016-10-26 - Dominik Mierzejewski <rpm@greysector.net> - 2.4.3-3
- EPEL7 install doesn't support -D and -t together
- EPEL7 SELinux policy update (#1389191)
- add missing dependencies
- add dependencies to the systemd unit
2016-10-09 - Dominik Mierzejewski <rpm@greysector.net> - 2.4.3-2
- fix SELinux policy temporarily (#1040425)
- document patch purpose and file/dir permissions
- depend on whois binary, not package
- verify tarball GPG signature in prep
2016-08-12 - Dominik Mierzejewski <rpm@greysector.net> - 2.4.3-1
- update to 2.4.3
- use https in URLs
- supply native systemd unit
- drop obsolete patches
- merge Fedora-specific changes into one patch
- use system whois client instead of bundled one
- update (and sort) Requires list
- tighten file list
- remove bundled stuff in prep

See Also

Package Description
psblas3-common-3.5.2-3.fc28.noarch.rpm Documentation files for psblas3
psblas3-mpich-3.5.2-3.fc28.i686.rpm MPICH psblas3
psblas3-mpich-devel-3.5.2-3.fc28.i686.rpm The MPICH psblas3 headers and development-related files
psblas3-openmpi-3.5.2-3.fc28.i686.rpm OpenMPI psblas3
psblas3-openmpi-devel-3.5.2-3.fc28.i686.rpm The OpenMPI psblas3 headers and development-related files
psblas3-serial-3.5.2-3.fc28.i686.rpm psblas3 serial mode
psblas3-serial-devel-3.5.2-3.fc28.i686.rpm Development files for psblas3
psftools-1.0.10-2.fc28.i686.rpm Conversion tools for .PSF fonts
psi-1.3-1.fc28.i686.rpm Jabber client based on Qt
psi-plugins-1.3-1.fc28.i686.rpm Additional plugins for psi
psi-plus-1.3.408-1.fc28.i686.rpm Jabber client based on Qt
psi-plus-common-1.3.408-1.fc28.noarch.rpm Noarch resources for Psi+
psi-plus-i18n-1.3.408-1.fc28.noarch.rpm Language packs for Psi
psi-plus-plugins-1.3.408-1.fc28.i686.rpm Plugins pack for Psi+
psi4-1.2.1-4.b167f47.fc28.i686.rpm An ab initio quantum chemistry package
Advertisement
Advertisement