OSDN -- 開發和下載開源軟體
繁體中文翻譯狀態 translation status for zh-tw

RSS
Download List

專案描述

The Port Scan Attack Detector (psad) is a collection of three system daemons that are designed to work with the Linux iptables firewalling code to detect port scans and other suspect traffic. It features a set of highly configurable danger thresholds (with sensible defaults), verbose alert messages, email alerting, DShield reporting, and automatic blocking of offending IP addresses. Psad incorporates many of the packet signatures included in Snort to detect various kinds of suspicious scans, and implements the same passive OS fingerprinting algorithm used by p0f.

System Requirements

System requirement is not defined
Information regarding Project Releases and Project Resources. Note that the information here is a quote from Freecode.com page, and the downloads themselves may not be hosted on OSDN.

2008-01-26 06:32
2.1.1

A new feature whereby iptables log data can be acquired just by parsing an existing file (/var/log/messages by default) that is written to by syslog was added. Better installation support was provided for various Linux distributions, including Fedora 8 and Ubuntu. Situations where either the /var/log/psad/fwdata file or the /var/log/messages file (whichever syslog is writing iptables log messages to) gets rotated are now handled automatically.
標籤: Minor feature enhancements

2007-10-20 09:03
2.1

The EMAIL_LIMIT model was changed to apply to scanning source addresses only instead of also factoring in the destination address. The original src/dst email limit behavior can be restored by setting a new variable "ENABLE_EMAIL_LIMIT_PER_DST" to "Y". The patches/iptables-1.3.8_LOG_prefix_space.patch file was added, which can be applied to the iptables-1.3.8 code to enforce a trailing space character before any log prefix when a LOG rule is added. A fix was implemented to ensure that parsing TCP options does not descend into an infinite loop in some some circumstances with obscure or maliciously constructed options.
標籤: Minor bugfixes

2007-07-27 08:14
2.0.8

A --gnuplot mode was added so that psad can output data that is suitable for plotting with gnuplot. The ability to negate match conditions on fields specified with the --CSV-fields argument was added. The Storable-2.16 module was added along with the --use-store-file argument so that in --gnuplot mode the Gnuplot data can be stored on disk and retrieved quickly. --analysis-fields was added so the iptables log messages that are parsed in -A mode can be restricted to those that meet certain criteria.
標籤: Major feature enhancements

2007-05-28 20:27
2.0.7

A bugfix to define a custom 'source' definition for syslog-ng daemons (this fixes a problem on SuSE systems where the existing syslog-ng reconfig caused the daemon to not start). A bugfix to allow specific signatures to be ignored by setting SID values of zero in /etc/psad/snort_rule_dl. An -X command line argument to allow the user to delete any psad chains (in auto-response mode). This is a synonym for the iptables -X command line argument.
標籤: Minor bugfixes

2007-03-25 09:01
2.0.6

Integration with fwsnort was improved, so psad
signature match syslog messages and email alerts
now include the fwsnort rule number (for fwsnort
version 0.9.0 and greater) and chain information.
The Snort bleeding-all.rules signature file from
the Bleeding Snort project was added. uname,
ifconfig, and syslog process information were
added to --Dump-conf output. The psad.SlackBuild
script was added for building psad on Slackware
systems. It uses the Cipherdyne cd_rpmbuilder
script to first build an RPM, and then uses it to
build a Slackware package.
標籤: Minor feature enhancements

Project Resources

Project Page 下載: bzip2 下載: 更動紀錄 下載: Debian Package (deb) 首頁 下載: 列表 下載: Mirror 下載: RPM 下載: TGZ