First of all, thanks for developing psad, really nice piece of Software.
I used it for over a year on Debian Wheezy without problems.

Now, I switched to a stronger Server running Centos7 (because SELinux) 
and here I have some trouble getting psad up and running, or -more 
precisely- banning.

I had a small Issue starting it , because Systemd expected the .pid file 
in /var/run and not /var/run/psad.
I resolved that by editing the run path in the config an now it runs 
fine and is detecting scans, sending alerts etc.

BUT its not creating IPTables chains (PSAD_BLOCK_INPUT etc.)

I switched to IPTables instead of FirewallD because I really dislike the 
latter and also think, while having advantages on e.g. Notebooks, its 
nonsense on Servers with static configurations.

I installed most recent Versions of psad, IPTables::Parse and 
IPTables::ChainMgr from cipherdyne.org and it seems like psad tries to 
interact with FirewallD instead of IPTables:

# psad --fw-list
[+] Listing chains from IPT_AUTO_CHAIN keywords...

FirewallD is not running

FirewallD is not running

FirewallD is not running

IPTables Chains get not touched, and because of that, also no banning 
Any Ideas how to resolve this issue?


Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
psad-discuss mailing list

Reply via email to