Installing Psad Intrusion Detection CentOS 6

Psad is  a iptables log analysis and IDS tool, this guide shows how to install and basically configure this for a CentOS 6 box.

Install psad from the EPEL repo (Extra packages for enterprise Linux provided by the Fedora project)

Add the EPEL repo.

 yum install epel-release

Install psad.

 yum install psad

Change some settings in the psad.conf.

 nano -w /etc/psad/psad.conf 

EMAIL_ADDRESSES to_your_email;

Optional settings. This sets psad to auto enforce. The official documentation for Auto IDS is here http://cipherdyne.org/psad/docs/config.html#ENABLE_AUTO_IDS

### If “Y”, enable automated IDS response (auto manages
### firewall rulesets).
ENABLE_AUTO_IDS Y;

Add the logging to iptables.

iptables -I INPUT -j LOG
iptables -I FORWARD -j LOG

Now restart psad update the sinature file and load in the new signatures (the below is prettified as it obfuscates the –.

psad -R

psad --sig-update

psad -H

Add a cronjob to update the signatures.

crontab -e

And add the following

0       0       *       *       7       /usr/sbin/psad –sig-update && /usr/sbin/psad -H

The official documentation for psad can be found here http://cipherdyne.org/psad/docs/

Linux, Security , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

1 × five =