This guide is based on various community forum posts.
This guide is intended as a relatively easy step by step guide to:
- Install CipherDyne PSAD Intrusion Detection and Log Analysis with iptables on openSUSE 11.1 or later.
- psad is a collection of three lightweight system daemons that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic.
- Tested on openSUSE 11.1 or later.
- Should work on most RPM based ditro's.
1. Download and install the latest version of PSAD.
- Download and install the latest version from the Cipherdyne website.
- Visit the CipherDyne PSAD download page and select the correct .RPM version for your 32bit or 64bit version of openSuSE.
- To download and install the 64bit version click on the download link and install with YAST, or open a Terminal and enter the following as root :
mkdir /tmp/psad cd /tmp/psad wget http://www.cipherdyne.org/psad/download/psad-2.2-1.x86_64.rpm rpm -ivh psad-2.2-1.x86_64.rpm cd .. rm -R psad
2. Edit the PSAD configuration file.
- Three main settings need to be set in the PSAD configuration file before we can complete the install, edit the others as required.
- open a Terminal Window and enter :
- EMAIL_ADDRESSES - change this to your email address.
- HOSTNAME - this is set during install - but double check and change to a FQDN if needed.
- ENABLE_AUTO_IDS_EMAILS - set this to Y if you would like to receive email notifications of intrusions that are detected.
3. Add iptables LOG rules for both IPv4 and IPv6.
- For an explanation of this step click here.
- Add the following iptables policies :
iptables -A INPUT -j LOG iptables -A FORWARD -j LOG ip6tables -A INPUT -j LOG ip6tables -A FORWARD -j LOG
4. Reload and update PSAD.
- To restart, update the signature file and reload PSAD to complete the install open a Terminal Window and enter :
psad -R psad --sig-update psad -H
- To check the status of PSAD, open a Terminal Window and enter :