psad-2.4.6-1-rosa2016.1.x86_64.rpm


Advertisement

Description

psad - Psad analyzes iptables log messages for suspect traffic

Property Value
Distribution ROSA 2016.1
Repository ROSA Main Updates x86_64
Package name psad
Package version 2.4.6
Package release 1-rosa2016.1
Package architecture x86_64
Package type rpm
Installed size 14.64 MB
Download size 1.19 MB
Official Mirror mirror.rosalab.ru
Port Scan Attack Detector (psad) is a collection of four lightweight
system daemons written in Perl and C that are designed to work with
Linux firewalling code (iptables in the 2.4.x kernels, and ipchains
in the 2.2.x kernels) to detect port scans. It features a set of highly
configurable danger thresholds (with sensible defaults provided),
verbose alert messages that include the source, destination, scanned
port range, begin and end times, TCP flags and corresponding nmap
options (Linux 2.4.x kernels only), email alerting, and automatic
blocking of offending IP addresses via dynamic configuration of
ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels
psad incorporates many of the TCP, UDP, and ICMP signatures included in
Snort to detect highly suspect scans for various backdoor programs
(e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and
advanced port scans (syn, fin, Xmas) which are easily leveraged against
a machine via nmap. Psad also uses packet TTL, IP id, TOS, and TCP
window sizes to passively fingerprint the remote operating system from
which scans originate.

Alternatives

Package Version Architecture Repository
psad-2.4.6-1-rosa2016.1.i586.rpm 2.4.6 i586 ROSA Main Updates
psad-2.4.1-3-rosa2016.1.x86_64.rpm 2.4.1 x86_64 ROSA Main
psad-2.4.1-3-rosa2016.1.i586.rpm 2.4.1 i586 ROSA Main
psad - - -

Requires

Name Value
libc.so.6()(64bit) -
libc.so.6(GLIBC_2.2.5)(64bit) -
libc.so.6(GLIBC_2.3)(64bit) -
perl(Data::Dumper) -
perl(File::Copy) -
perl(File::Path) -
perl(Getopt::Long) -
perl(IO::Handle) -
perl(IO::Select) -
perl(IO::Socket) -
perl(POSIX) -
perl(Socket) -
perl-Bit-Vector -
perl-Date-Calc -
perl-IPTables-ChainMgr -
perl-IPTables-Parse -
perl-NetAddr-IP -
perl-Unix-Syslog -
rpm-helper -
sendmail-command -
userspace-ipfilter -
whois -

Provides

Name Value
config(psad) == 0:2.4.6-1:2016.1
psad == 2.4.6-1:2016.1

Download

Type URL
Binary Package psad-2.4.6-1-rosa2016.1.x86_64.rpm
Source Package psad-2.4.6-1.src.rpm

Install Howto

  1. Enable ROSA Main Updates repository on Install and Remove Software
  2. Update packages list:
    # urpmi.update -a
  3. Install psad rpm package:
    # urpmi psad

Files

Path
/etc/logrotate.d/psad
/etc/psad/auto_dl
/etc/psad/icmp6_types
/etc/psad/icmp_types
/etc/psad/ip_options
/etc/psad/pf.os
/etc/psad/posf
/etc/psad/protocols
/etc/psad/psad.conf
/etc/psad/signatures
/etc/psad/snort_rule_dl
/etc/psad/snort_rules/VERSION
/etc/psad/snort_rules/attack-responses.rules
/etc/psad/snort_rules/backdoor.rules
/etc/psad/snort_rules/bad-traffic.rules
/etc/psad/snort_rules/chat.rules
/etc/psad/snort_rules/classification.config
/etc/psad/snort_rules/ddos.rules
/etc/psad/snort_rules/deleted.rules
/etc/psad/snort_rules/dns.rules
/etc/psad/snort_rules/dos.rules
/etc/psad/snort_rules/emerging-all.rules
/etc/psad/snort_rules/experimental.rules
/etc/psad/snort_rules/exploit.rules
/etc/psad/snort_rules/finger.rules
/etc/psad/snort_rules/ftp.rules
/etc/psad/snort_rules/icmp-info.rules
/etc/psad/snort_rules/icmp.rules
/etc/psad/snort_rules/imap.rules
/etc/psad/snort_rules/info.rules
/etc/psad/snort_rules/local.rules
/etc/psad/snort_rules/misc.rules
/etc/psad/snort_rules/multimedia.rules
/etc/psad/snort_rules/mysql.rules
/etc/psad/snort_rules/netbios.rules
/etc/psad/snort_rules/nntp.rules
/etc/psad/snort_rules/oracle.rules
/etc/psad/snort_rules/other-ids.rules
/etc/psad/snort_rules/p2p.rules
/etc/psad/snort_rules/policy.rules
/etc/psad/snort_rules/pop2.rules
/etc/psad/snort_rules/pop3.rules
/etc/psad/snort_rules/porn.rules
/etc/psad/snort_rules/reference.config
/etc/psad/snort_rules/rpc.rules
/etc/psad/snort_rules/rservices.rules
/etc/psad/snort_rules/scan.rules
/etc/psad/snort_rules/shellcode.rules
/etc/psad/snort_rules/smtp.rules
/etc/psad/snort_rules/snmp.rules
/etc/psad/snort_rules/sql.rules
/etc/psad/snort_rules/telnet.rules
/etc/psad/snort_rules/tftp.rules
/etc/psad/snort_rules/virus.rules
/etc/psad/snort_rules/web-attacks.rules
/etc/psad/snort_rules/web-cgi.rules
/etc/psad/snort_rules/web-client.rules
/etc/psad/snort_rules/web-coldfusion.rules
/etc/psad/snort_rules/web-frontpage.rules
/etc/psad/snort_rules/web-iis.rules
/etc/psad/snort_rules/web-misc.rules
/etc/psad/snort_rules/web-php.rules
/etc/psad/snort_rules/x11.rules
/lib/systemd/system/psad.service
/usr/bin/nf2csv
/usr/lib/tmpfiles.d/psad.conf
/usr/sbin/fwcheck_psad
/usr/sbin/kmsgsd
/usr/sbin/psad
/usr/sbin/psadwatchd
/usr/share/man/man1/nf2csv.1.xz
/usr/share/man/man8/fwcheck_psad.8.xz
/usr/share/man/man8/kmsgsd.8.xz
/usr/share/man/man8/psad.8.xz
/usr/share/man/man8/psadwatchd.8.xz
/var/lib/psad
/var/log/psad

Changelog

2018-10-22 - Denis Silakov <dsilakov@virtuozzo.com> 2.4.6-1
- (487e033) Fix files, switch to systemd & tmpfiles

See Also

Package Description
pulseaudio-12.2-1-rosa2016.1.x86_64.rpm Sound server for Linux
pulseaudio-client-config-12.2-1-rosa2016.1.x86_64.rpm Client configuration for PulseAudio clients
pulseaudio-esound-compat-12.2-1-rosa2016.1.x86_64.rpm PulseAudio EsounD daemon compatibility script
pulseaudio-gdm-hooks-12.2-1-rosa2016.1.x86_64.rpm PulseAudio GDM integration
pulseaudio-module-bluetooth-12.2-1-rosa2016.1.x86_64.rpm Bluetooth support for the PulseAudio sound server
pulseaudio-module-equalizer-12.2-1-rosa2016.1.x86_64.rpm Equalizer support for the PulseAudio sound server
pulseaudio-module-gconf-12.2-1-rosa2016.1.x86_64.rpm GConf support for the PulseAudio sound server
pulseaudio-module-jack-12.2-1-rosa2016.1.x86_64.rpm JACK support for the PulseAudio sound server
pulseaudio-module-lirc-12.2-1-rosa2016.1.x86_64.rpm LIRC support for the PulseAudio sound server
pulseaudio-module-x11-12.2-1-rosa2016.1.x86_64.rpm X11 support for the PulseAudio sound server
pulseaudio-module-zeroconf-12.2-1-rosa2016.1.x86_64.rpm Zeroconf support for the PulseAudio sound server
pulseaudio-utils-12.2-1-rosa2016.1.x86_64.rpm PulseAudio sound server utilities
pure-ftpd-1.0.47-4-rosa2016.1.x86_64.rpm Lightweight, fast and secure FTP server
pure-ftpd-anon-upload-1.0.47-4-rosa2016.1.x86_64.rpm Anonymous upload support for pure-ftpd
pure-ftpd-anonymous-1.0.47-4-rosa2016.1.x86_64.rpm Anonymous support for pure-ftpd
Advertisement
Advertisement