On Wed, Oct 19, 2016 at 9:10 AM, Hannes Happle <ad...@h2-it.de> wrote:

> Hi!
>
> First of all, thanks for developing psad, really nice piece of Software.
> I used it for over a year on Debian Wheezy without problems.
>

Cool, glad you like psad.


>
> Now, I switched to a stronger Server running Centos7 (because SELinux)
> and here I have some trouble getting psad up and running, or -more
> precisely- banning.
>
> I had a small Issue starting it , because Systemd expected the .pid file
> in /var/run and not /var/run/psad.
> I resolved that by editing the run path in the config an now it runs
> fine and is detecting scans, sending alerts etc.
>
> BUT its not creating IPTables chains (PSAD_BLOCK_INPUT etc.)
>
> I switched to IPTables instead of FirewallD because I really dislike the
> latter and also think, while having advantages on e.g. Notebooks, its
> nonsense on Servers with static configurations.
>
> I installed most recent Versions of psad, IPTables::Parse and
> IPTables::ChainMgr from cipherdyne.org and it seems like psad tries to
> interact with FirewallD instead of IPTables:
>
> # psad --fw-list
> [+] Listing chains from IPT_AUTO_CHAIN keywords...
>
> FirewallD is not running
>
> FirewallD is not running
>
> FirewallD is not running
>
>
> IPTables Chains get not touched, and because of that, also no banning
> occurs.
> Any Ideas how to resolve this issue?
>

I suspect this is happening because the firewall-cmd binary is still
installed on your system, and the IPTables::Parse module looks for
firewall-cmd before iptables/ip6tables. If you are not using firewalld at
all, then you could just move /usr/bin/firewall-cmd to
"/usr/bin/firewall-cmd" to "/usr/bin/firewall-cmd.old".

Thanks,

--Mike


>
> Thanks,
> Hannes
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> psad-discuss mailing list
> psad-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/psad-discuss
>



-- 
Michael Rash | Founder
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F  AC69 95D8 5D6B A742 839F
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss

Reply via email to