I like psad. I use it often and I find the email reports really handy.
Here is an issue I faced in Ubuntu and the solution:
Instead of the reports I received an email with the following contents:
[-] You may just need to add a default logging rule to the /sbin/iptables
‘filter’ ‘INPUT’ chain on oxide-server. For more information,
see the file “FW_HELP” in the psad sources directory or visit:http://www.cipherdyne.org/psad/docs/fwconfig.html
[-] You may just need to add a default logging rule to the /sbin/ip6tables
‘filter’ ‘INPUT’ chain on oxide-server. For more information,
see the file “FW_HELP” in the psad sources directory or visit:http://www.cipherdyne.org/psad/docs/fwconfig.html
I found on the web several people with the same problem, so here is what worked for me:
- Enable ufw logging. Type in console as root: ufw logging on
- Type as root:
iptables -A INPUT -j LOG
iptables -A FORWARD -j LOG
ip6tables -A INPUT -j LOG
ip6tables -A FORWARD -j LOG - Open /etc/ufw/before.rules and type before the COMMIT directive:
-A INPUT -j LOG
-A FORWARD -j LOG - Open /etc/ufw/before6.rules and type before the COMMIT directive:
-A INPUT -j LOG
-A FORWARD -j LOG - Restart ufw by typing as root:
ufw disable
ufw enable - Test if it worked:
psad –fw-analyze
I know that some parts appear to do very similar things but for a strange reason it worked only after the exact above procedure.
Hope it helps!
Vasilis
SWikipedia: S (named ess spelled ‘es’- in compound words; plural esses, forms/script: ) is the nineteenth (19th) letter in the ISO basic Latin alphabet. →