PSAD or port scan attack defender is open source software that can defend against port scan attacks. In this post I will cover one major error that I have come across numerous times.
Before I begin, let me just mention that I believe PSAD is a great piece of software that most independently operated web sites should use.
- Debian or Debian based machine(Not necessary for PSAD but rather just this post)
- Internet Connection
- Remote Server
- Permission to perform a port scan attack on the server running PSAD
To begin, lets make sure you have PSAD installed, you can accomplish this by running
which psad, if no directory listing appears, this means that you either do not have PSAD installed or your PATH is messed up. To install PSAD simply run
sudo apt install psad.
After installing PSAD we can begin configuring it. First, navigate to where PSAD’s configuration file is, you can accomplish this by running
cd /etc/psad. Next we’ll have to edit the configuration file to our needs and preferences. To begin editing the configuration file you will need elevated permissions or access to
sudo, we can open the file by running
sudo nano psad.conf. Next, you will need to change various settings in this file for PSAD to operate efficiently.
We can begin by changing the admin email address
EMAIL_ADDRESS line to
EMAIL_ADDRESS YOUR_EMAIL_HERE. Next, you will need to change the value of
HOSTNAMEto your machines hostname, or if you don’t know your machines hostname you can get it by running
sudo cat /etc/hostname, then simply put this value back in the configuration file.
The above changed fields were primarily the absolute bare minimum you needed to change in the config file. I recommend reading more about PSAD and proper configuration for it if you are beginning to use it on all your servers…
Finally, all we have to do is configure
iptablesto the proper settings to work with PSAD. Run the following commands to accomplish this:
sudo ufw logging on(if ufw is installed that is)
sudo iptables -A INPUT -j LOG
sudo iptables -A FORWARD -j LOG
sudo ip6tables -A INPUT -j LOG
sudo ip6tables -A FORWARD -j LOG
And voila! You have one more service running on your service to protect you!!! Oh and one thing I forgot, its probably a good idea to go ahead and restart PSAD, you can accomplish this by running
sudo service psad restart
Well I hope you enjoyed this post, and leave a comment if you feel like it !!! 🙂