How to install PSAD Intrusion Detection on openSUSE

This guide is based on various community forum posts.

This guide is intended as a relatively easy step by step guide to:

  • Install CipherDyne PSAD Intrusion Detection and Log Analysis with iptables on openSUSE 11.1 or later.
  • psad is a collection of three lightweight system daemons that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic. 


  • Tested on openSUSE 11.1 or later.
  • Should work on most RPM based ditro's.

1. Download and install the latest version of PSAD.

  • Download and install the latest version from the Cipherdyne website.
  • Visit the CipherDyne PSAD download page and select the correct .RPM version for your 32bit or 64bit version of openSuSE.
  • To download and install the 64bit version click on the download link and install with YAST, or open a Terminal and enter the following as root :
mkdir /tmp/psad
cd /tmp/psad
rpm -ivh psad-2.2-1.x86_64.rpm 
cd ..
rm -R psad

2. Edit the PSAD configuration file. 

  • Three main settings need to be set in the PSAD configuration file before we can complete the install, edit the others as required.
  • open a Terminal Window and enter :
vi /etc/psad/psad.conf
  • EMAIL_ADDRESSES - change this to your email address.
  • HOSTNAME - this is set during install - but double check and change to a FQDN if needed.
  • ENABLE_AUTO_IDS_EMAILS - set this to Y if you would like to receive email notifications of intrusions that are detected.

3. Add iptables LOG rules for both IPv4 and IPv6.

  • For an explanation of this step click here.
  • Add the following iptables policies :
iptables -A INPUT -j LOG
iptables -A FORWARD -j LOG
ip6tables -A INPUT -j LOG
ip6tables -A FORWARD -j LOG

4. Reload and update PSAD.

  • To restart, update the signature file and reload PSAD to complete the install open a Terminal Window and enter :
psad -R
psad --sig-update
psad -H
  • To check the status of PSAD, open a Terminal Window and enter :
psad --Status