Bug#412446: psad: Please clarify how to enable UDP logging

Sun, 25 Feb 2007 17:21:58 -0800 

Package: psad
Version: 2.0.4-1
Severity: wishlist

Everytime psad starts up, the following warning mesage is emailed to me:

-----------------------------------------------------------------------------
[-] Your firewall config on egilsstadir includes logging rules for
    tcp/icmp but not for udp in the INPUT chain.

[-] You may just need to add a default logging rule to the INPUT chain on
    egilsstadir.  For more information, see the file "FW_HELP" in
    the psad sources directory or visit:

    http://www.cipherdyne.org/psad/docs/fwconfig.html
-----------------------------------------------------------------------------

I am using Firestarter as my firewall generator, and it has the following rules:

  iptables -A INPUT -j LOG_FILTER
  iptables -A INPUT -j LOG --log-level=$LOG_LEVEL --log-prefix "Unknown Input"
  iptables -A OUTPUT -j LOG_FILTER
  iptables -A OUTPUT -j LOG --log-level=$LOG_LEVEL --log-prefix "Unknown Output"
  iptables -A FORWARD -j LOG_FILTER
  iptables -A FORWARD -j LOG --log-level=$LOG_LEVEL --log-prefix "Unknown 
Forward"

Which I think is very similar to what the documentation (on cipherdyne.org) 
recommends:

  iptables -A INPUT -j LOG
  iptables -A FORWARD -j LOG

Is there something wrong or missing with my Firestarter rules?  Is there 
anything I could do to troubleshoot the missing rules?

I would like to figure out what I'm doing wrong to either:

  1- add a note in the psad documentation
    or
  2- add the missing rule(s) in firestarter 

Thanks,

Francois

-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-amd64
Locale: LANG=fr_CA, LC_CTYPE=fr_CA (charmap=ISO-8859-1)

Versions of packages psad depends on:
ii  ipchains                1.3.10-16        Network firewalling for Linux 2.2.
ii  iptables                1.3.6.0debian1-5 administration tools for packet fi
ii  libc6                   2.3.6.ds1-13     GNU C Library: Shared libraries
ii  libcarp-clan-perl       5.8-1            Perl enhancement to Carp error log
ii  libdate-calc-perl       5.4-5            Perl library for accessing dates
ii  libnetwork-ipv4addr-per 0.10-1.1         The Net::IPv4Addr perl module API 
ii  libunix-syslog-perl     0.100-5          Perl interface to the UNIX syslog(
ii  perl                    5.8.8-7          Larry Wall's Practical Extraction 
ii  psmisc                  22.3-1           Utilities that use the proc filesy
ii  sysklogd [syslogd]      1.4.1-20         System Logging Daemon
ii  whois                   4.7.20           the GNU whois client

Versions of packages psad recommends:
ii  bastille                      1:2.1.1-13 Security hardening tool

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to