How to install PSAD Intrusion Detection on openSUSE

Submitted by The Fan Club on Tue, 2012-05-15 14:38

This guide is based on various community forum posts.

This guide is intended as a relatively easy step by step guide to:

Install CipherDyne PSAD Intrusion Detection and Log Analysis with iptables on openSUSE 11.1 or later.
psad is a collection of three lightweight system daemons that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic.

Requirements:

1. Download and install the latest version of PSAD.

Download and install the latest version from the Cipherdyne website.
Visit the CipherDyne PSAD download page and select the correct .RPM version for your 32bit or 64bit version of openSuSE.
To download and install the 64bit version click on the download link and install with YAST, or open a Terminal and enter the following as root :

mkdir /tmp/psad
cd /tmp/psad
wget http://www.cipherdyne.org/psad/download/psad-2.2-1.x86_64.rpm
rpm -ivh psad-2.2-1.x86_64.rpm 
cd ..
rm -R psad

Three main settings need to be set in the PSAD configuration file before we can complete the install, edit the others as required.
open a Terminal Window and enter :

vi /etc/psad/psad.conf

EMAIL_ADDRESSES - change this to your email address.
HOSTNAME - this is set during install - but double check and change to a FQDN if needed.
ENABLE_AUTO_IDS_EMAILS - set this to Y if you would like to receive email notifications of intrusions that are detected.

iptables -A INPUT -j LOG
iptables -A FORWARD -j LOG
ip6tables -A INPUT -j LOG
ip6tables -A FORWARD -j LOG

To restart, update the signature file and reload PSAD to complete the install open a Terminal Window and enter :

psad -R
psad --sig-update
psad -H

psad --Status