Find the answer to your Linux question:
Results 1 to 5 of 5
Like Tree1Likes
  • 1 Post By atreyu
I'm running Sabayon hardened server. I followed a guide on setting up arno's iptables firewall with psad. I'm not permitted to post URLs yet until I have made 15 posts, ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined! evilducky's Avatar
    Join Date
    Jan 2012
    Location
    Chicago, Illinois, USA
    Posts
    7

    psad is not mailing me alerts


    I'm running Sabayon hardened server. I followed a guide on setting up arno's iptables firewall with psad. I'm not permitted to post URLs yet until I have made 15 posts, but you can find the guide by searching 'iptables on steroids Linux Today' on Google. It is a blog post on Linuxdrops.com

    When I run an nmap scan (nmap -PT80 ...) from another machine, I don't receive any alert mails from psad. I configured everything correctly as specified in the guide. I have Postfix and Sendmail running, and I am able to send mail from root to root, which is the e-mail address I have specified in /etc/psad/psad.conf.

    I haven't had much luck finding anything on Google, save for an unhelpful QA section on the Cipherdyne website. I've been in the cipherdyne channel on Freenode for serveral hours now, but nobody has answered my question yet, and there doesn't appear to be many users in the channel. The mail logs and psad logs in /var/log don't seem to contain any helpful information, but let me know if you'd like me to post them.

  2. #2
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,307

  3. #3
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,307
    Quote Originally Posted by evilducky View Post
    When I run an nmap scan (nmap -PT80 ...) from another machine, I don't receive any alert mails from psad. I configured everything correctly as specified in the guide.
    have you looked in the firewall log? according to that guide, it is /var/log/firewall.log, although it is whatever you put in your rsyslog conf file. i'd also look in /var/log/syslog if the other log has no info.

  4. #4
    Just Joined! evilducky's Avatar
    Join Date
    Jan 2012
    Location
    Chicago, Illinois, USA
    Posts
    7
    Quote Originally Posted by atreyu View Post
    have you looked in the firewall log? according to that guide, it is /var/log/firewall.log, although it is whatever you put in your rsyslog conf file. i'd also look in /var/log/syslog if the other log has no info.
    Yes, I have looked at the firewall.log. I do have the variable set correctly in rsyslog.conf. psad is working now, but thank you for responding. I reinstalled it again based on that guide and for whatever reason it works now. It is sending me alerts.

  5. #5
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,307
    Quote Originally Posted by evilducky View Post
    psad is working now, but thank you for responding. I reinstalled it again based on that guide and for whatever reason it works now.
    great, glad you got it sorted.

    I'll go ahead and mark this as Solved for you. Note that you can do that any time using the Thread Tools link at the top of the page.
    evilducky likes this.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •