How to easily install and configure PSAD on Linux

PSAD or port scan attack defender is open source software that can defend against port scan attacks. In this post I will cover one major error that I have come across numerous times.

Before I begin, let me just mention that I believe PSAD is a great piece of software that most independently operated web sites should use.

Requirements

  • Debian or Debian based machine(Not necessary for PSAD but rather just this post)
  • Internet Connection
  • Remote Server
  • Permission to perform a port scan attack on the server running PSAD

Installing PSAD

To begin, lets make sure you have PSAD installed, you can accomplish this by running which psad, if no directory listing appears, this means that you either do not have PSAD installed or your PATH is messed up. To install PSAD simply run sudo apt install psad.

Configuring

After installing PSAD we can begin configuring it. First, navigate to where PSAD’s configuration file is,  you can accomplish this by running  cd /etc/psad. Next we’ll have to edit the configuration file to our needs and preferences. To begin editing the configuration file you will need elevated permissions or access to sudo, we can open the file by running sudo nano psad.conf. Next, you will need to change various settings in this file for PSAD to operate efficiently.

We can begin by changing the admin email address EMAIL_ADDRESS line to EMAIL_ADDRESS YOUR_EMAIL_HERE. Next, you will need to change the value of HOSTNAMEto your machines hostname, or if you don’t know your machines hostname you can get it by running sudo cat /etc/hostname, then simply put this value back in the configuration file.

The above changed fields were primarily the absolute bare minimum you needed to change in the config file. I recommend reading more about PSAD and proper configuration for it if you are beginning to use it on all your servers…

Finally, all we have to do is configure iptablesto the proper settings to work with PSAD. Run the following commands to accomplish this:

  • sudo ufw logging on(if ufw is installed that is)
  • sudo iptables -A INPUT -j LOG
  • sudo iptables -A FORWARD -j LOG
  • sudo ip6tables -A INPUT -j LOG
  • sudo ip6tables -A FORWARD -j LOG

And voila! You have one more service running on your service to protect you!!! Oh and one thing I forgot, its probably a good idea to go ahead and restart PSAD, you can accomplish this by running sudo service psad restart

Well I hope you enjoyed this post, and leave a comment if you feel like it !!! 🙂

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *