Psad: Instalasi: Difference between revisions

apt-get update
apt-get install psad

vi /etc/psad/psad.conf

Edit

EMAIL_ADDRESSES
HOSTNAME
ENABLE_AUTO_IDS - set ke Y jika anda ingin PSAD men-set firewall automatis.
ENABLE_AUTO_IDS_EMAILS - set ke Y jika anda ingin menerima email notifikasi.

iptables -A INPUT -j LOG
iptables -A FORWARD -j LOG
ip6tables -A INPUT -j LOG
ip6tables -A FORWARD -j LOG

psad -R
psad --sig-update
psad -H

Setelah psad --sig-update signature akan di letakan di

/etc/psad/signatures

psad --Status

Tampilan kira-kira

[+] psadwatchd (pid: 21150)  %CPU: 0.0  %MEM: 0.0
    Running since: Tue Jun  2 17:14:12 2015

[+] psad (pid: 21148)  %CPU: 0.8  %MEM: 0.3
    Running since: Tue Jun  2 17:14:12 2015
    Command line arguments: [none specified]
    Alert email address(es): onno@indo.net.id

[+] Version: psad v2.2.1

[+] Top 50 signature matches:
        [NONE]

[+] Top 25 attackers:
        [NONE]

[+] Top 20 scanned ports:
        [NONE]

[+] iptables log prefix counters:
        [NONE]

    Total protocol packet counters:

[+] IP Status Detail:
        [NONE]

    Total scan sources: 0
    Total scan destinations: 0

[+] These results are available in: /var/log/psad/status.out

• https://www.digitalocean.com/community/tutorials/how-to-use-psad-to-detect-network-intrusion-attempts-on-an-ubuntu-vps
• https://www.thefanclub.co.za/how-to/how-install-psad-intrusion-detection-ubuntu-1204-lts-server