New psad-2.2.4-pre3 release that I believe fixes the uninitialized variable
bug. That bug was only in the --Status output - not in the running psad
daemon (so it is not really operationally significant - just annoying).
Please let me know if this fixes it:
https://www.cipherdyne.org/psad/download/psad-2.2.4-pre3.tar.gz
Thanks,
--Mike
On Wed, Jan 7, 2015 at 11:54 PM, Michael Rash <m...@cipherdyne.org> wrote:
>
>
> On Wed, Dec 31, 2014 at 11:20 AM, Albert Whale <
> albert.wh...@it-security-inc.com> wrote:
>
>> OK, two questions:
>>
>> 1. why doesn't psadwatchd start on initial start-up, is it the init
>> config file?
>>
>
> By default psadwatchd is not started because init daemons can typically be
> configured to monitor processes they start. But, this behavior can be
> overridden with the "ENABLE_PSADWATCHD" variable in the psad.conf file.
>
>
>>
>> 2. Looks like the newer release is not fixing the previous issue:
>>
>
> Hmm, ok, I have more troubleshooting to do on this one. I'll take a look
> over the next two days or so.
>
> Thanks,
>
> --Mike
>
>
>>
>> psad -S | more
>> [-] psad: pid file /var/run/psad/psadwatchd.pid does not exist for
>> psadwatchd on
>> ns3.IT-Security-inc.com
>> [+] psad (pid: 30332) %CPU: 0.0 %MEM: 0.1
>> Running since: Wed Dec 31 11:16:37 2014
>> Command line arguments: [none specified]
>> Alert email address(es): ad...@abs-comptech.com
>>
>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
>> 6970.
>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
>> 6972.
>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
>> 6974.
>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
>> 6976.
>> [+] Version: psad v2.2.3b
>>
>> [+] Top 50 signature matches:
>> "MISC PCAnywhere communication attempt" (tcp), Count: 1, Unique
>> sources:
>> 1, Sid: 100073
>>
>> [+] Top 25 attackers:
>> [NONE]
>>
>> [+] Top 20 scanned ports:
>> tcp 5631 1 packets
>>
>> [+] iptables log prefix counters:
>> "Shorewall:net2fw:DROP:": 1
>>
>> iptables auto-blocked IPs:
>> 78.138.126.202 (3499 seconds remaining)
>>
>> Total protocol packet counters:
>> tcp: 1 pkts
>>
>> [+] IP Status Detail:
>> [NONE]
>>
>> Total scan sources: 0
>>
>> On 12/27/2014 8:09 PM, Michael Rash wrote:
>>
>>
>>
>> On Fri, Dec 26, 2014 at 10:23 AM, Albert Whale, CEH CHS CISA CISSP <
>> albert.wh...@it-security-inc.com> wrote:
>>>
>>> Not as I am aware of. Will double check though. I thought that IPv6
>>> was disabled (so this is not my intent).
>>>
>>
>>
>> I believe I have fixed the issue. Here is a link for psad-2.2.4-pre2 -
>> just install it with the "install.pl" script as usual. Can you give it a
>> shot and let me know if this fixes the issue? If so, this will likely
>> become the psad-2.2.4 release.
>>
>> https://www.cipherdyne.org/psad/download/psad-2.2.4-pre2.tar.gz
>>
>> Thanks,
>>
>> --Mike
>>
>>
>>
>>
>>>
>>> Sent from my iPhone
>>>
>>> On Dec 25, 2014, at 9:56 PM, Michael Rash <michael.r...@gmail.com>
>>> wrote:
>>>
>>>
>>> On Wed, Dec 24, 2014 at 7:39 AM, Albert Whale, CEH CHS CISA CISSP <
>>> albert.wh...@it-security-inc.com> wrote:
>>>>
>>>> Actually, I can now report that this is occurring on the 32-bit
>>>> version of the OS as well.
>>>>
>>>
>>> Quick question - are you running an IPv6 filtering and logging policy
>>> with ip6tables?
>>>
>>> Thanks,
>>>
>>> --Mike
>>>
>>>
>>>
>>>>
>>>> Sent from my iPhone
>>>>
>>>> On Dec 23, 2014, at 10:35 PM, Michael Rash <m...@cipherdyne.org> wrote:
>>>>
>>>>
>>>>
>>>> On Dec 23, 2014, at 10:29 AM, Albert Whale <
>>>> albert.wh...@it-security-inc.com> wrote:
>>>>
>>>> I am a long time supporter of PSAD, and use it in my services daily.
>>>>
>>>>
>>>> Hello Albert,
>>>>
>>>> However, I am also confused (frustrated) with the following messages
>>>> which ony appear on the 64-bit version of my installed OS.
>>>>
>>>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad
>>>> line 6955.
>>>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad
>>>> line 6957.
>>>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad
>>>> line 6959.
>>>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad
>>>> line 6961.
>>>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad
>>>> line 6955.
>>>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad
>>>> line 6957.
>>>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad
>>>> line 6959.
>>>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad
>>>> line 6961.
>>>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad
>>>> line 6955.
>>>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad
>>>> line 6957.
>>>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad
>>>> line 6959.
>>>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad
>>>> line 6961.
>>>> [+] Version: psad v2.2.3
>>>>
>>>>
>>>> Ok, thanks for the bug report - this definitely needs to be fixed.
>>>> Interesting that this happens only on your 64-bit systems. I have some
>>>> ideas for a fix, and I'll send a -pre release for testing in the next
>>>> couple of days.
>>>>
>>>> Thanks,
>>>>
>>>> Mike
>>>>
>>>> Additionally, I occasionally see that the count down timers have
>>>> exceeds their counting, and will be written to the iptables messages.
>>>>
>>>> Am I missing a command line option?
>>>>
>>>> Thank you.
>>>>
>>>>
>>>> --
>>>> Albert E. Whale, CEH CHS CISA CISSP
>>>> *President - Chief Security Officer*
>>>> http://www.IT-Security-inc.com - IT Security, Inc.
>>>>
>>>>
>>>> Phone: 412-515-3010 | Email: albert.wh...@it-security-inc.com
>>>> Cell: 412-889-6870
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Dive into the World of Parallel Programming! The Go Parallel Website,
>>>> sponsored by Intel and developed in partnership with Slashdot Media, is
>>>> your
>>>> hub for all things parallel software development, from weekly thought
>>>> leadership blogs to news, videos, case studies, tutorials and more.
>>>> Take a
>>>> look and join the conversation now. http://goparallel.sourceforge.net
>>>>
>>>> _______________________________________________
>>>> psad-discuss mailing list
>>>> psad-discuss@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/psad-discuss
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Dive into the World of Parallel Programming! The Go Parallel Website,
>>>> sponsored by Intel and developed in partnership with Slashdot Media, is
>>>> your
>>>> hub for all things parallel software development, from weekly thought
>>>> leadership blogs to news, videos, case studies, tutorials and more.
>>>> Take a
>>>> look and join the conversation now. http://goparallel.sourceforge.net
>>>> _______________________________________________
>>>> psad-discuss mailing list
>>>> psad-discuss@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/psad-discuss
>>>>
>>>>
>>>
>>> --
>>> Michael Rash | Founder
>>> http://www.cipherdyne.org/
>>> Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F
>>>
>>>
>>
>> --
>> Michael Rash | Founder
>> http://www.cipherdyne.org/
>> Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F
>>
>>
>> --
>> Albert E. Whale, CEH CHS CISA CISSP
>> *President - Chief Security Officer*
>> http://www.IT-Security-inc.com - IT Security, Inc.
>>
>>
>> Phone: 412-515-3010 | Email: albert.wh...@it-security-inc.com
>> Cell: 412-889-6870
>>
>
>
>
> --
> Michael Rash | Founder
> http://www.cipherdyne.org/
> Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F
>
--
Michael Rash | Founder
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss
