On Wed, Dec 31, 2014 at 11:20 AM, Albert Whale <
albert.wh...@it-security-inc.com> wrote:
> OK, two questions:
>
> 1. why doesn't psadwatchd start on initial start-up, is it the init config
> file?
>
By default psadwatchd is not started because init daemons can typically be
configured to monitor processes they start. But, this behavior can be
overridden with the "ENABLE_PSADWATCHD" variable in the psad.conf file.
>
> 2. Looks like the newer release is not fixing the previous issue:
>
Hmm, ok, I have more troubleshooting to do on this one. I'll take a look
over the next two days or so.
Thanks,
--Mike
>
> psad -S | more
> [-] psad: pid file /var/run/psad/psadwatchd.pid does not exist for
> psadwatchd on
> ns3.IT-Security-inc.com
> [+] psad (pid: 30332) %CPU: 0.0 %MEM: 0.1
> Running since: Wed Dec 31 11:16:37 2014
> Command line arguments: [none specified]
> Alert email address(es): ad...@abs-comptech.com
>
> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
> 6970.
> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
> 6972.
> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
> 6974.
> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
> 6976.
> [+] Version: psad v2.2.3b
>
> [+] Top 50 signature matches:
> "MISC PCAnywhere communication attempt" (tcp), Count: 1, Unique
> sources:
> 1, Sid: 100073
>
> [+] Top 25 attackers:
> [NONE]
>
> [+] Top 20 scanned ports:
> tcp 5631 1 packets
>
> [+] iptables log prefix counters:
> "Shorewall:net2fw:DROP:": 1
>
> iptables auto-blocked IPs:
> 78.138.126.202 (3499 seconds remaining)
>
> Total protocol packet counters:
> tcp: 1 pkts
>
> [+] IP Status Detail:
> [NONE]
>
> Total scan sources: 0
>
> On 12/27/2014 8:09 PM, Michael Rash wrote:
>
>
>
> On Fri, Dec 26, 2014 at 10:23 AM, Albert Whale, CEH CHS CISA CISSP <
> albert.wh...@it-security-inc.com> wrote:
>>
>> Not as I am aware of. Will double check though. I thought that IPv6 was
>> disabled (so this is not my intent).
>>
>
>
> I believe I have fixed the issue. Here is a link for psad-2.2.4-pre2 -
> just install it with the "install.pl" script as usual. Can you give it a
> shot and let me know if this fixes the issue? If so, this will likely
> become the psad-2.2.4 release.
>
> https://www.cipherdyne.org/psad/download/psad-2.2.4-pre2.tar.gz
>
> Thanks,
>
> --Mike
>
>
>
>
>>
>> Sent from my iPhone
>>
>> On Dec 25, 2014, at 9:56 PM, Michael Rash <michael.r...@gmail.com> wrote:
>>
>>
>> On Wed, Dec 24, 2014 at 7:39 AM, Albert Whale, CEH CHS CISA CISSP <
>> albert.wh...@it-security-inc.com> wrote:
>>>
>>> Actually, I can now report that this is occurring on the 32-bit
>>> version of the OS as well.
>>>
>>
>> Quick question - are you running an IPv6 filtering and logging policy
>> with ip6tables?
>>
>> Thanks,
>>
>> --Mike
>>
>>
>>
>>>
>>> Sent from my iPhone
>>>
>>> On Dec 23, 2014, at 10:35 PM, Michael Rash <m...@cipherdyne.org> wrote:
>>>
>>>
>>>
>>> On Dec 23, 2014, at 10:29 AM, Albert Whale <
>>> albert.wh...@it-security-inc.com> wrote:
>>>
>>> I am a long time supporter of PSAD, and use it in my services daily.
>>>
>>>
>>> Hello Albert,
>>>
>>> However, I am also confused (frustrated) with the following messages
>>> which ony appear on the 64-bit version of my installed OS.
>>>
>>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
>>> 6955.
>>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
>>> 6957.
>>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
>>> 6959.
>>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
>>> 6961.
>>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
>>> 6955.
>>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
>>> 6957.
>>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
>>> 6959.
>>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
>>> 6961.
>>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
>>> 6955.
>>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
>>> 6957.
>>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
>>> 6959.
>>> Use of uninitialized value $dl in numeric eq (==) at /usr/sbin/psad line
>>> 6961.
>>> [+] Version: psad v2.2.3
>>>
>>>
>>> Ok, thanks for the bug report - this definitely needs to be fixed.
>>> Interesting that this happens only on your 64-bit systems. I have some
>>> ideas for a fix, and I'll send a -pre release for testing in the next
>>> couple of days.
>>>
>>> Thanks,
>>>
>>> Mike
>>>
>>> Additionally, I occasionally see that the count down timers have
>>> exceeds their counting, and will be written to the iptables messages.
>>>
>>> Am I missing a command line option?
>>>
>>> Thank you.
>>>
>>>
>>> --
>>> Albert E. Whale, CEH CHS CISA CISSP
>>> *President - Chief Security Officer*
>>> http://www.IT-Security-inc.com - IT Security, Inc.
>>>
>>>
>>> Phone: 412-515-3010 | Email: albert.wh...@it-security-inc.com
>>> Cell: 412-889-6870
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Dive into the World of Parallel Programming! The Go Parallel Website,
>>> sponsored by Intel and developed in partnership with Slashdot Media, is
>>> your
>>> hub for all things parallel software development, from weekly thought
>>> leadership blogs to news, videos, case studies, tutorials and more. Take
>>> a
>>> look and join the conversation now. http://goparallel.sourceforge.net
>>>
>>> _______________________________________________
>>> psad-discuss mailing list
>>> psad-discuss@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/psad-discuss
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Dive into the World of Parallel Programming! The Go Parallel Website,
>>> sponsored by Intel and developed in partnership with Slashdot Media, is
>>> your
>>> hub for all things parallel software development, from weekly thought
>>> leadership blogs to news, videos, case studies, tutorials and more. Take
>>> a
>>> look and join the conversation now. http://goparallel.sourceforge.net
>>> _______________________________________________
>>> psad-discuss mailing list
>>> psad-discuss@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/psad-discuss
>>>
>>>
>>
>> --
>> Michael Rash | Founder
>> http://www.cipherdyne.org/
>> Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F
>>
>>
>
> --
> Michael Rash | Founder
> http://www.cipherdyne.org/
> Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F
>
>
> --
> Albert E. Whale, CEH CHS CISA CISSP
> *President - Chief Security Officer*
> http://www.IT-Security-inc.com - IT Security, Inc.
>
>
> Phone: 412-515-3010 | Email: albert.wh...@it-security-inc.com
> Cell: 412-889-6870
>
--
Michael Rash | Founder
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F
------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss
